Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9535 | 1 Google | 1 Android | 2018-12-14 | 6.8 MEDIUM | 8.8 HIGH |
| In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112858010 | |||||
| CVE-2018-9536 | 1 Google | 1 Android | 2018-12-14 | 9.3 HIGH | 7.8 HIGH |
| In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184 | |||||
| CVE-2018-9385 | 1 Google | 1 Android | 2018-12-12 | 4.6 MEDIUM | 7.8 HIGH |
| In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel. | |||||
| CVE-2018-9446 | 1 Google | 1 Android | 2018-12-12 | 10.0 HIGH | 9.8 CRITICAL |
| In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946. | |||||
| CVE-2018-9450 | 1 Google | 1 Android | 2018-12-12 | 9.0 HIGH | 8.8 HIGH |
| In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338. | |||||
| CVE-2018-9357 | 1 Google | 1 Android | 2018-12-12 | 7.2 HIGH | 7.8 HIGH |
| In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856. | |||||
| CVE-2017-5133 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-12-11 | 6.8 MEDIUM | 8.8 HIGH |
| Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file. | |||||
| CVE-2018-18699 | 1 Gopro | 1 Gpmf-parser | 2018-12-06 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GoPro gpmf-parser 1.2.1. There is an out-of-bounds write in OpenMP4Source in GPMF_mp4reader.c. | |||||
| CVE-2018-12379 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-12-06 | 4.6 MEDIUM | 7.8 HIGH |
| When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. | |||||
| CVE-2018-18599 | 1 Guardianproject | 1 Stegdetect | 2018-12-04 | 6.8 MEDIUM | 8.8 HIGH |
| Stegdetect through 2018-05-26 has an out-of-bounds write in f5_compress in the f5.c file. | |||||
| CVE-2017-17479 | 1 Uclouvain | 1 Openjpeg | 2018-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | |||||
| CVE-2017-7862 | 1 Ffmpeg | 1 Ffmpeg | 2018-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. | |||||
| CVE-2018-9496 | 1 Google | 1 Android | 2018-11-20 | 9.3 HIGH | 7.8 HIGH |
| In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-110769924 | |||||
| CVE-2018-9497 | 1 Google | 1 Android | 2018-11-20 | 9.3 HIGH | 7.8 HIGH |
| In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-74078669 | |||||
| CVE-2018-9498 | 1 Google | 1 Android | 2018-11-20 | 9.3 HIGH | 7.8 HIGH |
| In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78354855 | |||||
| CVE-2017-15407 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-20 | 6.8 MEDIUM | 8.8 HIGH |
| Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server. | |||||
| CVE-2018-9504 | 1 Google | 1 Android | 2018-11-20 | 8.3 HIGH | 8.8 HIGH |
| In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110216176 | |||||
| CVE-2018-14815 | 1 Fujielectric | 2 V-server, V-server Firmware | 2018-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. | |||||
| CVE-2016-8622 | 1 Haxx | 1 Libcurl | 2018-11-13 | 7.5 HIGH | 9.8 CRITICAL |
| The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer. | |||||
| CVE-2018-17436 | 1 Hdfgroup | 1 Hdf5 | 2018-11-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file. | |||||