Total
11483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12983 | 1 Imagemagick | 1 Imagemagick | 2018-06-13 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-13758 | 1 Imagemagick | 1 Imagemagick | 2018-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. | |||||
| CVE-2017-14224 | 1 Imagemagick | 1 Imagemagick | 2018-06-13 | 6.8 MEDIUM | 8.8 HIGH |
| A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. | |||||
| CVE-2017-14682 | 1 Imagemagick | 1 Imagemagick | 2018-06-13 | 6.8 MEDIUM | 8.8 HIGH |
| GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. | |||||
| CVE-2018-6242 | 1 Nvidia | 2 Tegra Bootrom Rcm, Tegra Mobile Processor | 2018-06-13 | 7.2 HIGH | 6.8 MEDIUM |
| Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code. | |||||
| CVE-2018-9063 | 1 Lenovo | 1 System Update | 2018-06-13 | 4.6 MEDIUM | 7.8 HIGH |
| MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv. | |||||
| CVE-2018-8061 | 1 Hwinfo | 1 Amd64 Kernel Driver | 2018-06-13 | 3.6 LOW | 7.1 HIGH |
| HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory read or write. | |||||
| CVE-2018-11017 | 1 Libming | 1 Libming | 2018-06-13 | 6.8 MEDIUM | 8.8 HIGH |
| The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-10113 | 1 Gegl | 1 Generic Graphics Library | 2018-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure. | |||||
| CVE-2018-10774 | 1 Bibutils Project | 1 Bibutils | 2018-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by isi2xml. | |||||
| CVE-2018-10713 | 1 D-link | 2 Dsl-3782, Dsl-3782 Firmware | 2018-06-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
| CVE-2018-10750 | 1 D-link | 2 Dsl-3782, Dsl-3782 Firmware | 2018-06-12 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
| CVE-2018-10777 | 1 Mp3gain | 1 Mp3gain | 2018-06-12 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-10749 | 1 D-link | 2 Dsl-3782, Dsl-3782 Firmware | 2018-06-12 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
| CVE-2018-10747 | 1 D-link | 2 Dsl-3782, Dsl-3782 Firmware | 2018-06-12 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
| CVE-2018-10746 | 1 D-link | 2 Dsl-3782, Dsl-3782 Firmware | 2018-06-12 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
| CVE-2018-10748 | 1 D-link | 2 Dsl-3782, Dsl-3782 Firmware | 2018-06-12 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
| CVE-2016-5270 | 1 Mozilla | 2 Firefox, Firefox Esr | 2018-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion. | |||||
| CVE-2016-5278 | 1 Mozilla | 2 Firefox, Firefox Esr | 2018-06-11 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image. | |||||
| CVE-2016-5257 | 1 Mozilla | 2 Firefox, Firefox Esr | 2018-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||