Total
2653 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18438 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. | |||||
| CVE-2018-18356 | 5 Canonical, Debian, Google and 2 more | 10 Ubuntu Linux, Debian Linux, Chrome and 7 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-18341 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-18311 | 8 Apple, Canonical, Debian and 5 more | 18 Mac Os X, Ubuntu Linux, Debian Linux and 15 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||||
| CVE-2018-18206 | 1 Bytom | 1 Bytom | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In the client in Bytom before 1.0.6, checkTopicRegister in p2p/discover/net.go does not prevent negative idx values, leading to a crash. | |||||
| CVE-2018-17963 | 4 Canonical, Debian, Qemu and 1 more | 6 Ubuntu Linux, Debian Linux, Qemu and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. | |||||
| CVE-2018-17962 | 6 Canonical, Debian, Oracle and 3 more | 6 Ubuntu Linux, Debian Linux, Linux and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. | |||||
| CVE-2018-17958 | 4 Canonical, Debian, Qemu and 1 more | 6 Ubuntu Linux, Debian Linux, Qemu and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | |||||
| CVE-2018-17897 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution. | |||||
| CVE-2018-17882 | 1 Cryptobots | 1 Battletoken | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user. | |||||
| CVE-2018-17570 | 1 Viabtc | 1 Viabtc Exchange Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | |||||
| CVE-2018-17569 | 1 Viabtc | 1 Viabtc Exchange Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | |||||
| CVE-2018-17568 | 1 Viabtc | 1 Viabtc Exchange Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | |||||
| CVE-2018-17158 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request. | |||||
| CVE-2018-17157 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code. | |||||
| CVE-2018-17100 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. | |||||
| CVE-2018-17088 | 1 Jhead Project | 1 Jhead | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability. | |||||
| CVE-2018-17050 | 1 Polyai Project | 1 Polyai | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-16890 | 8 Canonical, Debian, F5 and 5 more | 10 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. | |||||
| CVE-2018-16881 | 3 Debian, Redhat, Rsyslog | 13 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 10 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. | |||||