Total
2508 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11440 | 3 Canonical, Liblouis, Opensuse | 3 Ubuntu Linux, Liblouis, Leap | 2024-11-21 | N/A |
| Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c. | ||||
| CVE-2018-11236 | 4 Gnu, Netapp, Oracle and 1 more | 10 Glibc, Data Ontap Edge, Element Software Management and 7 more | 2024-11-21 | N/A |
| stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. | ||||
| CVE-2018-10907 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 8.8 High |
| It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution. | ||||
| CVE-2018-10839 | 4 Canonical, Debian, Qemu and 1 more | 4 Ubuntu Linux, Debian Linux, Qemu and 1 more | 2024-11-21 | N/A |
| Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS. | ||||
| CVE-2018-10767 | 2 Gnome, Redhat | 6 Libgxps, Ansible Tower, Enterprise Linux and 3 more | 2024-11-21 | N/A |
| There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack. | ||||
| CVE-2018-10636 | 1 Deltaww | 2 Cncsoft, Screeneditor | 2024-11-21 | 8.8 High |
| CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. | ||||
| CVE-2018-10628 | 1 Aveva | 2 Intouch 2014, Intouch 2017 | 2024-11-21 | N/A |
| AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process. | ||||
| CVE-2018-10621 | 1 Deltaww | 1 Delta Industrial Automation Dopsoft | 2024-11-21 | N/A |
| Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. | ||||
| CVE-2018-10620 | 1 Aveva | 2 Indusoft Web Studio, Intouch Machine 2017 | 2024-11-21 | 9.8 Critical |
| AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. | ||||
| CVE-2018-10602 | 1 We-con | 1 Levistudiou | 2024-11-21 | 8.8 High |
| WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. | ||||
| CVE-2018-10601 | 1 Philips | 36 Avalon Fetal\/maternal Monitors Fm20, Avalon Fetal\/maternal Monitors Fm20 Firmware, Avalon Fetal\/maternal Monitors Fm30 and 33 more | 2024-11-21 | 8.2 High |
| IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow. | ||||
| CVE-2018-10594 | 1 Deltaww | 8 Commgr, Dvpsimulator Ahsim 5x0, Dvpsimulator Ahsim 5x1 and 5 more | 2024-11-21 | N/A |
| Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server. | ||||
| CVE-2018-10529 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2024-11-21 | N/A |
| An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. | ||||
| CVE-2018-10528 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2024-11-21 | 8.8 High |
| An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp. | ||||
| CVE-2018-10494 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D 3DView objects. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5493. | ||||
| CVE-2018-1000140 | 4 Canonical, Debian, Redhat and 1 more | 14 Ubuntu Linux, Debian Linux, Enterprise Linux and 11 more | 2024-11-21 | N/A |
| rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. | ||||
| CVE-2017-9638 | 1 Mitsubishielectric | 1 E-designer | 2024-11-21 | N/A |
| Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. | ||||
| CVE-2017-7810 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-11-21 | N/A |
| Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | ||||
| CVE-2017-3223 | 1 Dahuasecurity | 2 Ip Camera, Ip Camera Firmware | 2024-11-21 | N/A |
| Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera's Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803. | ||||
| CVE-2017-2885 | 3 Debian, Gnome, Redhat | 9 Debian Linux, Libsoup, Enterprise Linux and 6 more | 2024-11-21 | 9.8 Critical |
| An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. | ||||