Total
12188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5678 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5676. | |||||
| CVE-2018-5676 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5678. | |||||
| CVE-2018-5674 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5676 and CVE-2018-5678. | |||||
| CVE-2018-5473 | 1 Ge | 2 D60 Line Distance Relay, D60 Line Distance Relay Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device. | |||||
| CVE-2018-5463 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution. | |||||
| CVE-2018-5453 | 1 Moxa | 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable. | |||||
| CVE-2018-5378 | 3 Canonical, Debian, Quagga | 3 Ubuntu Linux, Debian Linux, Quagga | 2024-11-21 | 4.9 MEDIUM | 7.1 HIGH |
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash. | |||||
| CVE-2018-5359 | 1 Flexense | 1 Sysgauge | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow. | |||||
| CVE-2018-5336 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. | |||||
| CVE-2018-5335 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. | |||||
| CVE-2018-5334 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. | |||||
| CVE-2018-5244 | 1 Xen | 1 Xen | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times. | |||||
| CVE-2018-5221 | 1 Barcodewiz | 1 Barcode Activex Control | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow remote attackers to execute arbitrary code via a long argument to the (1) BottomText or (2) TopText property. | |||||
| CVE-2018-5208 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. | |||||
| CVE-2018-5200 | 1 Pandora | 1 Kmplayer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution. | |||||
| CVE-2018-5195 | 1 Hancom | 1 Thinkfree Office Neo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document. | |||||
| CVE-2018-5189 | 1 Jungo | 1 Windriver | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability. | |||||
| CVE-2018-5188 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | |||||
| CVE-2018-5187 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. | |||||
| CVE-2018-5186 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61. | |||||