Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-118
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5884 2 Fedoraproject, Gnome 2 Fedora, Gtk-vnc 2023-02-12 6.8 MEDIUM 7.8 HIGH
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
CVE-2017-10872 1 Dena 1 H2o 2021-04-19 4.0 MEDIUM 6.5 MEDIUM
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.
CVE-2019-6130 1 Artifex 1 Mupdf 2020-07-25 4.3 MEDIUM 5.5 MEDIUM
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.
CVE-2018-7530 1 Omron 7 Cx-flnet, Cx-one, Cx-programmer and 4 more 2019-10-09 4.6 MEDIUM 7.8 HIGH
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition.
CVE-2015-9142 1 Qualcomm 52 Mdm9645, Mdm9645 Firmware, Mdm9650 and 49 more 2018-05-09 10.0 HIGH 9.8 CRITICAL
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9645, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, bounds check is missing for vtable index in DAL-TO-QDI conversion framework.
CVE-2016-10495 1 Qualcomm 2 Mdm9635m, Mdm9635m Firmware 2018-04-24 10.0 HIGH 9.8 CRITICAL
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, made changes to map the scan type value to an index value that is in range.
CVE-2015-2001 1 Metaio 1 Metaio Sdk 2018-04-23 7.5 HIGH 9.8 CRITICAL
The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.
CVE-2015-2000 1 Jumio 1 Jumio Sdk 2018-04-23 7.5 HIGH 9.8 CRITICAL
The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.
CVE-2015-2004 1 Gracenote 1 Gnsdk 2018-04-23 7.5 HIGH 9.8 CRITICAL
The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.
CVE-2015-2003 1 Pjsip 1 Pjsua2 Sdk 2018-04-23 7.5 HIGH 9.8 CRITICAL
The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.
CVE-2015-2002 1 Esri 1 Arcgisruntime Sdk 2018-04-23 7.5 HIGH 9.8 CRITICAL
The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.
CVE-2014-9411 1 Google 1 Android 2017-08-23 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.
CVE-2017-0302 1 F5 1 Big-ip Access Policy Manager 2017-07-07 3.5 LOW 5.3 MEDIUM
In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.