Total
11483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1182 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2019-03-06 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. | |||||
| CVE-2009-0799 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2019-03-06 | 4.3 MEDIUM | N/A |
| The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. | |||||
| CVE-2009-0195 | 3 Apple, Foolabs, Glyphandcog | 3 Cups, Xpdf, Xpdfreader | 2019-03-06 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments. | |||||
| CVE-2009-0146 | 3 Apple, Foolabs, Glyphandcog | 3 Cups, Xpdf, Xpdfreader | 2019-03-06 | 4.3 MEDIUM | N/A |
| Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. | |||||
| CVE-2011-1552 | 3 Foolabs, Glyphandcog, T1lib | 3 Xpdf, Xpdfreader, T1lib | 2019-03-06 | 4.3 MEDIUM | N/A |
| t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764. | |||||
| CVE-2019-0613 | 1 Microsoft | 10 .net Framework, Visual Studio 2017, Windows 10 and 7 more | 2019-03-06 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'. | |||||
| CVE-2019-6224 | 1 Apple | 4 Iphone Os, Mac Os X, Tv Os and 1 more | 2019-03-06 | 6.8 MEDIUM | 8.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution. | |||||
| CVE-2019-6213 | 1 Apple | 4 Iphone Os, Mac Os X, Tv Os and 1 more | 2019-03-06 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2014-8542 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2019-03-05 | 7.5 HIGH | N/A |
| libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data. | |||||
| CVE-2017-8361 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2019-03-05 | 6.8 MEDIUM | 8.8 HIGH |
| The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. | |||||
| CVE-2016-6254 | 3 Collectd, Debian, Fedoraproject | 3 Collectd, Debian Linux, Fedora | 2019-03-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet. | |||||
| CVE-2018-7886 | 1 Cloudme | 1 Sync | 2019-03-04 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in CloudMe 1.11.0. An unauthenticated local attacker that can connect to the "CloudMe Sync" client application listening on 127.0.0.1 port 8888 can send a malicious payload causing a buffer overflow condition. This will result in code execution, as demonstrated by a TCP reverse shell, or a crash. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-6892. | |||||
| CVE-2014-8145 | 3 Debian, Oracle, Sound Exchange Project | 3 Debian Linux, Solaris, Sound Exchange | 2019-03-01 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function. | |||||
| CVE-2018-12390 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2019-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. | |||||
| CVE-2018-7284 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2019-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash. | |||||
| CVE-2018-12389 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox Esr and 7 more | 2019-03-01 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3. | |||||
| CVE-2018-7573 | 1 Ftpshell | 1 Ftpshell Client | 2019-03-01 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465. | |||||
| CVE-2018-12407 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox < 64. | |||||
| CVE-2018-12406 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-03-01 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 64. | |||||
| CVE-2018-12388 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-03-01 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63. | |||||