Total
13174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14807 | 1 Opto22 | 1 Pac Control | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution. | |||||
| CVE-2018-14779 | 1 Yubico | 3 Piv Manager, Piv Tool, Smart Card Minidriver | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard. | |||||
| CVE-2018-14681 | 5 Cabextract, Cabextract Project, Canonical and 2 more | 8 Libmspack, Cabextract, Ubuntu Linux and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. | |||||
| CVE-2018-14632 | 2 Redhat, Starcounter-jack | 2 Openshift Container Platform, Json-patch | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management. | |||||
| CVE-2018-14610 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c. | |||||
| CVE-2018-14600 | 3 Canonical, Debian, X.org | 3 Ubuntu Linux, Debian Linux, Libx11 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution. | |||||
| CVE-2018-14551 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption. | |||||
| CVE-2018-14550 | 3 Libpng, Netapp, Oracle | 5 Libpng, Active Iq Unified Manager, Oncommand Api Services and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. | |||||
| CVE-2018-14496 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance | |||||
| CVE-2018-14492 | 1 Tendacn | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. | |||||
| CVE-2018-14459 | 1 Linuxsampler | 1 Libgig | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h. | |||||
| CVE-2018-14458 | 1 Linuxsampler | 1 Libgig | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h. | |||||
| CVE-2018-14457 | 1 Linuxsampler | 1 Libgig | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp. | |||||
| CVE-2018-14456 | 1 Linuxsampler | 1 Libgig | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp. | |||||
| CVE-2018-14455 | 1 Linuxsampler | 1 Libgig | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h. | |||||
| CVE-2018-14453 | 1 Linuxsampler | 1 Libgig | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h. | |||||
| CVE-2018-14451 | 1 Linuxsampler | 1 Libgig | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp. | |||||
| CVE-2018-14446 | 1 Techsmith | 1 Mp4v2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted MP4 file. | |||||
| CVE-2018-14402 | 1 Axmldec Project | 1 Axmldec | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| axmldec 1.2.0 has an out-of-bounds write in the jitana::axml_parser::parse_start_namespace function in lib/jitana/util/axml_parser.cpp. | |||||
| CVE-2018-14360 | 2 Debian, Neomutt | 2 Debian Linux, Neomutt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage. | |||||