Total
12847 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14792 | 1 We-con | 1 Plc Editor | 2024-11-21 | N/A |
| WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files. | ||||
| CVE-2018-14779 | 1 Yubico | 3 Piv Manager, Piv Tool, Smart Card Minidriver | 2024-11-21 | N/A |
| A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard. | ||||
| CVE-2018-14749 | 1 Qnap | 1 Qts | 2024-11-21 | N/A |
| Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS. | ||||
| CVE-2018-14745 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2024-11-21 | N/A |
| Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029. | ||||
| CVE-2018-14743 | 1 Pbc Project | 1 Pbc | 2024-11-21 | N/A |
| An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c. | ||||
| CVE-2018-14742 | 1 Pbc Project | 1 Pbc | 2024-11-21 | N/A |
| An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy. | ||||
| CVE-2018-14741 | 1 Pbc Project | 1 Pbc | 2024-11-21 | N/A |
| An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_pack in pattern.c. | ||||
| CVE-2018-14740 | 1 Pbc Project | 1 Pbc | 2024-11-21 | N/A |
| An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c while making a query. | ||||
| CVE-2018-14739 | 1 Pbc Project | 1 Pbc | 2024-11-21 | N/A |
| An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c. | ||||
| CVE-2018-14738 | 1 Pbc Project | 1 Pbc | 2024-11-21 | N/A |
| An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c. | ||||
| CVE-2018-14712 | 1 Asus | 2 Rt-ac3200, Rt-ac3200 Firmware | 2024-11-21 | N/A |
| Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter. | ||||
| CVE-2018-14678 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges. | ||||
| CVE-2018-14652 | 2 Debian, Redhat | 7 Debian Linux, Enterprise Linux, Enterprise Linux Server and 4 more | 2024-11-21 | 6.5 Medium |
| The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service. | ||||
| CVE-2018-14615 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative. | ||||
| CVE-2018-14590 | 1 Axiosys | 1 Bento4 | 2024-11-21 | N/A |
| An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp. | ||||
| CVE-2018-14586 | 1 Axiosys | 1 Bento4 | 2024-11-21 | N/A |
| An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Mpeg2TsAudioSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp, a different vulnerability than CVE-2018-14532. | ||||
| CVE-2018-14564 | 1 Thunlp | 1 Thulac | 2024-11-21 | N/A |
| An issue was discovered in libthulac.so in THULAC through 2018-02-25. A SEGV can occur in NGramFeature::find_bases in include/cb_ngram_feature.h. | ||||
| CVE-2018-14563 | 1 Thunlp | 1 Thulac | 2024-11-21 | N/A |
| An issue was discovered in libthulac.so in THULAC through 2018-02-25. "operator delete" is used with "operator new[]" in the TaggingLearner class in include/cb_tagging_learner.h, possibly leading to memory corruption. | ||||
| CVE-2018-14559 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac7 and 3 more | 2024-11-21 | N/A |
| An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. | ||||
| CVE-2018-14557 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac7 and 3 more | 2024-11-21 | N/A |
| An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow. | ||||