Total
12192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9059 | 1 Sharing-file | 1 Easy File Sharing Web Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791. | |||||
| CVE-2018-8977 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file. | |||||
| CVE-2018-8941 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi. | |||||
| CVE-2018-8882 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value. | |||||
| CVE-2018-8872 | 1 Schneider-electric | 2 Triconex Tricon Mp 3008, Triconex Tricon Mp 3008 Firmware | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory. | |||||
| CVE-2018-8840 | 2 Indusoft, Industrial-software | 2 Web Studio, Intouch Machine Edition 2017 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution. | |||||
| CVE-2018-8825 | 1 Google | 1 Tensorflow | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). | |||||
| CVE-2018-8822 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code. | |||||
| CVE-2018-8552 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | |||||
| CVE-2018-8476 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10 Servers. | |||||
| CVE-2018-8464 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2024-11-21 | 9.3 HIGH | 7.5 HIGH |
| An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge PDF Remote Code Execution Vulnerability." This affects Microsoft Edge. | |||||
| CVE-2018-8423 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-8151 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154. | |||||
| CVE-2018-8061 | 1 Hwinfo | 1 Amd64 Kernel Driver | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory read or write. | |||||
| CVE-2018-7992 | 1 Huawei | 8 Mate 9, Mate 9 Firmware, Mate 9 Pro and 5 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition. | |||||
| CVE-2018-7886 | 1 Cloudme | 1 Sync | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in CloudMe 1.11.0. An unauthenticated local attacker that can connect to the "CloudMe Sync" client application listening on 127.0.0.1 port 8888 can send a malicious payload causing a buffer overflow condition. This will result in code execution, as demonstrated by a TCP reverse shell, or a crash. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-6892. | |||||
| CVE-2018-7874 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |||||
| CVE-2018-7851 | 1 Schneider-electric | 41 140cra312xxx, 140cra312xxx Firmware, Bmeh582040 and 38 more | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability. | |||||
| CVE-2018-7838 | 1 Schneider-electric | 36 Bmeh582040, Bmeh582040 Firmware, Bmeh582040c and 33 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service. | |||||
| CVE-2018-7796 | 1 Schneider-electric | 1 Powersuite 2 | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability. | |||||