Total
11483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15417 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-07 | 2.6 LOW | 5.3 MEDIUM |
| Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2017-15416 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read. | |||||
| CVE-2016-3822 | 2 Debian, Google | 2 Debian Linux, Android | 2018-11-05 | 6.8 MEDIUM | 7.8 HIGH |
| exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315. | |||||
| CVE-2018-1000637 | 2 Debian, Nongnu | 2 Debian Linux, Zutils | 2018-11-02 | 6.8 MEDIUM | 7.8 HIGH |
| zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2. | |||||
| CVE-2008-4801 | 1 Ibm | 2 Tivoli Storage Manager Client, Tivoli Storage Manager Express | 2018-11-02 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port. | |||||
| CVE-2017-11563 | 1 Dlink | 2 Eyeon Baby Monitor, Eyeon Baby Monitor Firmware | 2018-11-02 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device. | |||||
| CVE-2008-4480 | 1 Novell | 1 Edirectory | 2018-11-02 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer. | |||||
| CVE-2008-4479 | 1 Novell | 1 Edirectory | 2018-11-02 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header. | |||||
| CVE-2008-4383 | 2 Alcatel, Alcatel-lucent | 2 Aos, Omniswitch | 2018-11-02 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. | |||||
| CVE-2009-0689 | 5 Freebsd, K-meleon Project, Mozilla and 2 more | 6 Freebsd, K-meleon, Firefox and 3 more | 2018-11-02 | 6.8 MEDIUM | N/A |
| Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. | |||||
| CVE-2018-16302 | 1 Mc1soft | 1 Zip-n-go | 2018-11-01 | 9.3 HIGH | 7.8 HIGH |
| MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file. | |||||
| CVE-2018-16767 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2018-11-01 | 6.8 MEDIUM | 8.8 HIGH |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOperand. | |||||
| CVE-2018-16768 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2018-11-01 | 6.8 MEDIUM | 8.8 HIGH |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end. | |||||
| CVE-2018-16745 | 1 Mgetty Project | 1 Mgetty | 2018-11-01 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it. | |||||
| CVE-2008-3892 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2018-11-01 | 10.0 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696. | |||||
| CVE-2008-0924 | 1 Novell | 1 Edirectory | 2018-11-01 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field. | |||||
| CVE-2008-2499 | 1 Ibm | 1 Lotus Sametime | 2018-10-31 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL. | |||||
| CVE-2008-7177 | 1 Nasm | 1 Netwide Assembler | 2018-10-31 | 9.3 HIGH | N/A |
| Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719. | |||||
| CVE-2017-15408 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-10-31 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium. | |||||
| CVE-2017-15409 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-10-31 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||