Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9536 | 1 Google | 1 Android | 2018-12-14 | 9.3 HIGH | 7.8 HIGH |
| In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184 | |||||
| CVE-2018-9385 | 1 Google | 1 Android | 2018-12-12 | 4.6 MEDIUM | 7.8 HIGH |
| In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel. | |||||
| CVE-2018-9446 | 1 Google | 1 Android | 2018-12-12 | 10.0 HIGH | 9.8 CRITICAL |
| In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946. | |||||
| CVE-2018-9450 | 1 Google | 1 Android | 2018-12-12 | 9.0 HIGH | 8.8 HIGH |
| In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338. | |||||
| CVE-2018-9357 | 1 Google | 1 Android | 2018-12-12 | 7.2 HIGH | 7.8 HIGH |
| In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856. | |||||
| CVE-2018-18699 | 1 Gopro | 1 Gpmf-parser | 2018-12-06 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GoPro gpmf-parser 1.2.1. There is an out-of-bounds write in OpenMP4Source in GPMF_mp4reader.c. | |||||
| CVE-2018-12379 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-12-06 | 4.6 MEDIUM | 7.8 HIGH |
| When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. | |||||
| CVE-2018-18599 | 1 Guardianproject | 1 Stegdetect | 2018-12-04 | 6.8 MEDIUM | 8.8 HIGH |
| Stegdetect through 2018-05-26 has an out-of-bounds write in f5_compress in the f5.c file. | |||||
| CVE-2017-17479 | 1 Uclouvain | 1 Openjpeg | 2018-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | |||||
| CVE-2017-7862 | 1 Ffmpeg | 1 Ffmpeg | 2018-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. | |||||
| CVE-2018-14815 | 1 Fujielectric | 2 V-server, V-server Firmware | 2018-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. | |||||
| CVE-2018-17436 | 1 Hdfgroup | 1 Hdf5 | 2018-11-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file. | |||||
| CVE-2018-11295 | 1 Google | 1 Android | 2018-11-09 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed event data from the firmware to the host . If the length and anqp length from this event data exceeds the max length, an OOB write would happen. | |||||
| CVE-2018-11296 | 1 Google | 1 Android | 2018-11-09 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a message from firmware in WLAN handler, a buffer overwrite can occur. | |||||
| CVE-2018-11852 | 1 Google | 1 Android | 2018-11-09 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write. | |||||
| CVE-2018-11903 | 1 Google | 1 Android | 2018-11-08 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array index for WMA interfaces can lead to OOB write in WLAN HOST. | |||||
| CVE-2018-16376 | 1 Uclouvain | 1 Openjpeg | 2018-10-31 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. | |||||
| CVE-2018-10471 | 2 Debian, Xen | 2 Debian Linux, Xen | 2018-10-31 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754. | |||||
| CVE-2016-3945 | 2 Libtiff, Oracle | 2 Libtiff, Vm Server | 2018-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. | |||||
| CVE-2016-3990 | 2 Libtiff, Oracle | 2 Libtiff, Vm Server | 2018-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. | |||||