Total
11483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11871 | 1 Qualcomm | 98 Ipq4019, Ipq4019 Firmware, Ipq8064 and 95 more | 2019-04-03 | 7.2 HIGH | 7.8 HIGH |
| Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016. | |||||
| CVE-2018-11870 | 1 Qualcomm | 60 Mdm9206, Mdm9206 Firmware, Mdm9607 and 57 more | 2019-04-03 | 7.2 HIGH | 7.8 HIGH |
| Buffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20. | |||||
| CVE-2018-15840 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2019-04-02 | 5.0 MEDIUM | 7.5 HIGH |
| TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command. | |||||
| CVE-2017-16231 | 1 Pcre | 1 Pcre | 2019-04-02 | 2.1 LOW | 5.5 MEDIUM |
| ** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used. | |||||
| CVE-2018-18501 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2019-04-02 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. | |||||
| CVE-2018-14745 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2019-04-01 | 5.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029. | |||||
| CVE-2015-1872 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2019-03-30 | 6.8 MEDIUM | N/A |
| The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data. | |||||
| CVE-2019-10060 | 1 Verifone | 1 Verix Multi-app Conductor | 2019-03-28 | 6.8 MEDIUM | 8.1 HIGH |
| The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability. | |||||
| CVE-2017-11111 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2019-03-27 | 6.8 MEDIUM | 7.8 HIGH |
| In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2018-15813 | 1 Faststone | 1 Image Viewer | 2019-03-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file. | |||||
| CVE-2018-15814 | 1 Faststone | 1 Image Viewer | 2019-03-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file. | |||||
| CVE-2018-15816 | 1 Faststone | 1 Image Viewer | 2019-03-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file. | |||||
| CVE-2018-20642 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2019-03-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field. | |||||
| CVE-2018-15817 | 1 Faststone | 1 Image Viewer | 2019-03-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file. | |||||
| CVE-2018-12233 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2019-03-27 | 6.8 MEDIUM | 7.8 HIGH |
| In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr. | |||||
| CVE-2017-8594 | 1 Microsoft | 4 Internet Explorer, Windows 8.1, Windows Rt 8.1 and 1 more | 2019-03-26 | 7.6 HIGH | 7.5 HIGH |
| Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". | |||||
| CVE-2016-1762 | 6 Apple, Canonical, Debian and 3 more | 15 Iphone Os, Mac Os X, Safari and 12 more | 2019-03-26 | 5.8 MEDIUM | 8.1 HIGH |
| The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
| CVE-2017-17811 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111. | |||||
| CVE-2019-9967 | 2 Microsoft, Xnview | 2 Windows, Xnview Classic | 2019-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString. | |||||
| CVE-2019-9968 | 2 Microsoft, Xnview | 2 Windows, Xnview Classic | 2019-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem. | |||||