Total
12037 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18342 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
| CVE-2018-18341 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-18340 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-18339 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-18338 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-18337 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-18336 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2018-18335 | 4 Debian, Google, Opensuse and 1 more | 6 Debian Linux, Chrome, Leap and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-18311 | 8 Apple, Canonical, Debian and 5 more | 18 Mac Os X, Ubuntu Linux, Debian Linux and 15 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||||
| CVE-2018-18274 | 1 Pdfalto Project | 1 Pdfalto | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A issue was found in pdfalto 0.2. There is a heap-based buffer overflow in the TextPage::addAttributsNode function in XmlAltoOutputDev.cc. | |||||
| CVE-2018-18064 | 1 Cairographics | 1 Cairo | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function). | |||||
| CVE-2018-18026 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower versions) is vulnerable to a stack-based buffer overflow. The attacker can use DeviceIoControl to pass a user specified size which can be used to overwrite return addresses. This can lead to a denial of service or code execution attack. | |||||
| CVE-2018-17942 | 1 Gnu | 1 Gnulib | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing. | |||||
| CVE-2018-17930 | 1 Teledynedalsa | 1 Sherlock | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution. | |||||
| CVE-2018-17929 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2018-17927 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution. | |||||
| CVE-2018-17916 | 1 Aveva | 3 Edge, Indusoft Web Studio, Intouch Machine Edition 2014 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packet to invoke an arbitrary process, with potential for code to be executed. The code would be executed under the privileges of the InduSoft Web Studio or InTouch Edge HMI runtime and could lead to a compromise of the InduSoft Web Studio or InTouch Edge HMI server machine. | |||||
| CVE-2018-17911 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution. | |||||
| CVE-2018-17901 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process. | |||||
| CVE-2018-17795 | 1 Libtiff | 1 Libtiff | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. | |||||