Total
7065 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9135 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. | |||||
| CVE-2018-8976 | 3 Debian, Exiv2, Redhat | 5 Debian Linux, Exiv2, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. | |||||
| CVE-2018-8975 | 1 Netpbm Project | 1 Netpbm | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, as demonstrated by pbmmask. | |||||
| CVE-2018-8960 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read. | |||||
| CVE-2018-8883 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags. | |||||
| CVE-2018-8881 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2024-11-21 | 6.8 MEDIUM | 7.3 HIGH |
| Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string. | |||||
| CVE-2018-8810 | 1 Radare | 1 Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file. | |||||
| CVE-2018-8809 | 1 Radare | 1 Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. | |||||
| CVE-2018-8808 | 1 Radare | 1 Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. | |||||
| CVE-2018-8799 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault). | |||||
| CVE-2018-8798 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak. | |||||
| CVE-2018-8796 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault). | |||||
| CVE-2018-8792 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault). | |||||
| CVE-2018-8791 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak. | |||||
| CVE-2018-8789 | 3 Canonical, Debian, Freerdp | 3 Ubuntu Linux, Debian Linux, Freerdp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). | |||||
| CVE-2018-8769 | 1 Elfutils Project | 1 Elfutils | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported. | |||||
| CVE-2018-8754 | 2 Debian, Libevt Project | 2 Debian Linux, Libevt | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub | |||||
| CVE-2018-8378 | 1 Microsoft | 9 Excel Viewer, Office, Office Compatibility Pack and 6 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office. | |||||
| CVE-2018-8139 | 1 Microsoft | 3 Chakracore, Edge, Windows 10 | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137. | |||||
| CVE-2018-8107 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | |||||