Total
12125 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15191 | 1 Hotel Booking Script Project | 1 Hotel Booking Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field. | |||||
| CVE-2018-15188 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile. | |||||
| CVE-2018-15176 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file. | |||||
| CVE-2018-15175 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file. | |||||
| CVE-2018-15174 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file. | |||||
| CVE-2018-15172 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. | |||||
| CVE-2018-15128 | 1 Polycom | 3 Group Series, Hdx, Pano | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets. | |||||
| CVE-2018-15120 | 2 Canonical, Gnome | 2 Ubuntu Linux, Pango | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. | |||||
| CVE-2018-14948 | 1 Sound Project | 1 Sound | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). | |||||
| CVE-2018-14947 | 1 Flowpaper | 1 Pdf2json | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). | |||||
| CVE-2018-14946 | 1 Flowpaper | 1 Pdf2json | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete). | |||||
| CVE-2018-14939 | 1 Libreoffice | 1 Libreoffice | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site. | |||||
| CVE-2018-14856 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi) chip to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785. | |||||
| CVE-2018-14855 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785. | |||||
| CVE-2018-14854 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785. | |||||
| CVE-2018-14852 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip's firmware. | |||||
| CVE-2018-14829 | 1 Rockwellautomation | 1 Rslinx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code. | |||||
| CVE-2018-14821 | 1 Rockwellautomation | 1 Rslinx | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality. | |||||
| CVE-2018-14802 | 1 Fujielectric | 7 Frenic-ace, Frenic-eco, Frenic-mega and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution. | |||||
| CVE-2018-14799 | 1 Philips | 10 Pagewriter Tc10, Pagewriter Tc10 Firmware, Pagewriter Tc20 and 7 more | 2024-11-21 | 4.6 MEDIUM | 3.7 LOW |
| In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities. | |||||