Total
7972 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15363 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security, Internet Security and 2 more | 2024-11-21 | N/A |
| An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | ||||
| CVE-2018-15161 | 1 Libesedb Project | 1 Libesedb | 2024-11-21 | N/A |
| The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | ||||
| CVE-2018-15160 | 1 Libesedb Project | 1 Libesedb | 2024-11-21 | N/A |
| The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | ||||
| CVE-2018-15159 | 1 Libesedb Project | 1 Libesedb | 2024-11-21 | N/A |
| The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | ||||
| CVE-2018-15158 | 1 Libesedb Project | 1 Libesedb | 2024-11-21 | N/A |
| The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | ||||
| CVE-2018-15157 | 1 Libfsclfs Project | 1 Libfsclfs | 2024-11-21 | N/A |
| The libfsclfs_block_read function in libfsclfs_block.c in libfsclfs before 2018-07-25 allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. NOTE: the vendor has disputed this as described in the GitHub issue comments | ||||
| CVE-2018-14938 | 2 Canonical, Digitalcorpora | 2 Ubuntu Linux, Tcpflow | 2024-11-21 | N/A |
| An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service). | ||||
| CVE-2018-14883 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2024-11-21 | N/A |
| An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. | ||||
| CVE-2018-14882 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more | 2024-11-21 | 7.5 High |
| The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. | ||||
| CVE-2018-14881 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 High |
| The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). | ||||
| CVE-2018-14880 | 7 Apple, Debian, F5 and 4 more | 23 Mac Os X, Debian Linux, Big-ip Access Policy Manager and 20 more | 2024-11-21 | 7.5 High |
| The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). | ||||
| CVE-2018-14851 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2024-11-21 | N/A |
| exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. | ||||
| CVE-2018-14824 | 1 Deltaww | 1 Delta Industrial Automation Pmsoft | 2024-11-21 | N/A |
| Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information. | ||||
| CVE-2018-14819 | 1 Fujielectric | 2 V-server, V-server Firmware | 2024-11-21 | N/A |
| Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. | ||||
| CVE-2018-14814 | 1 We-con | 2 Pi Studio, Pi Studio Hmi | 2024-11-21 | N/A |
| WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object. | ||||
| CVE-2018-14800 | 1 Deltaww | 1 Ispsoft | 2024-11-21 | N/A |
| Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application. | ||||
| CVE-2018-14798 | 1 Fujielectric | 7 Frenic-ace, Frenic-eco, Frenic-mega and 4 more | 2024-11-21 | N/A |
| Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure. | ||||
| CVE-2018-14790 | 1 Fujielectric | 7 Frenic-ace, Frenic-eco, Frenic-mega and 4 more | 2024-11-21 | N/A |
| Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device. | ||||
| CVE-2018-14780 | 1 Yubico | 3 Piv Manager, Piv Tool, Smart Card Minidriver | 2024-11-21 | N/A |
| An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer. | ||||
| CVE-2018-14736 | 1 Pbc Project | 1 Pbc | 2024-11-21 | N/A |
| An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A buffer over-read can occur in pbc_wmessage_string in wmessage.c for PTYPE_ENUM. | ||||