Total
13755 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19492 | 3 Debian, Gnuplot, Opensuse | 3 Debian Linux, Gnuplot, Leap | 2024-11-21 | N/A |
| An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend. | ||||
| CVE-2018-19491 | 3 Debian, Gnuplot, Opensuse | 3 Debian Linux, Gnuplot, Leap | 2024-11-21 | N/A |
| An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend. | ||||
| CVE-2018-19475 | 4 Artifex, Canonical, Debian and 1 more | 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more | 2024-11-21 | N/A |
| psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. | ||||
| CVE-2018-19459 | 1 Armcode | 1 Adult Filter | 2024-11-21 | N/A |
| Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file. | ||||
| CVE-2018-19442 | 1 Neatorobotics | 2 Botvac Connected, Botvac Connected Firmware | 2024-11-21 | N/A |
| A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a vendors/neato/robots/[robot_serial]/messages Neato cloud URI on the nucleo.neatocloud.com web site (port 4443). | ||||
| CVE-2018-19432 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2024-11-21 | N/A |
| An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. | ||||
| CVE-2018-19417 | 1 Contiki-ng | 1 Contiki-ng | 2024-11-21 | N/A |
| An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible. | ||||
| CVE-2018-19396 | 1 Php | 1 Php | 2024-11-21 | N/A |
| ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. | ||||
| CVE-2018-19278 | 1 Digium | 1 Asterisk | 2024-11-21 | N/A |
| Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length. | ||||
| CVE-2018-19242 | 1 Trendnet | 4 Tew-632brp, Tew-632brp Firmware, Tew-673gru and 1 more | 2024-11-21 | N/A |
| Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication). | ||||
| CVE-2018-19241 | 1 Trendnet | 4 Tv-ip110wn, Tv-ip110wn Firmware, Tv-ip121wn and 1 more | 2024-11-21 | N/A |
| Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication). | ||||
| CVE-2018-19240 | 1 Trendnet | 4 Tv-ip110wn, Tv-ip110wn Firmware, Tv-ip121wn and 1 more | 2024-11-21 | N/A |
| Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication). | ||||
| CVE-2018-19219 | 1 Sass-lang | 1 Libsass | 2024-11-21 | N/A |
| In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack. | ||||
| CVE-2018-19217 | 1 Gnu | 1 Ncurses | 2024-11-21 | N/A |
| In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party | ||||
| CVE-2018-19211 | 1 Gnu | 1 Ncurses | 2024-11-21 | N/A |
| In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection. | ||||
| CVE-2018-19183 | 1 Ethereumjs-vm Project | 1 Ethereumjs-vm | 2024-11-21 | 7.5 High |
| ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to a normal programmatic execution result. | ||||
| CVE-2018-19150 | 1 Pdfforge | 1 Pdf Architect | 2024-11-21 | N/A |
| Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of a "Data from Faulting Address controls Code Flow" issue. | ||||
| CVE-2018-19130 | 1 Libav | 1 Libav | 2024-11-21 | N/A |
| In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127 | ||||
| CVE-2018-19036 | 1 Bosch | 74 Autodome Ip 4000 Hd, Autodome Ip 4000i, Autodome Ip 5000 Hd and 71 more | 2024-11-21 | N/A |
| An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface. | ||||
| CVE-2018-1999011 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | N/A |
| FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later. | ||||