Total
12268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19241 | 1 Trendnet | 4 Tv-ip110wn, Tv-ip110wn Firmware, Tv-ip121wn and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication). | |||||
| CVE-2018-19240 | 1 Trendnet | 4 Tv-ip110wn, Tv-ip110wn Firmware, Tv-ip121wn and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication). | |||||
| CVE-2018-19219 | 1 Sass-lang | 1 Libsass | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack. | |||||
| CVE-2018-19183 | 1 Ethereumjs-vm Project | 1 Ethereumjs-vm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to a normal programmatic execution result. | |||||
| CVE-2018-19150 | 1 Pdfforge | 1 Pdf Architect | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of a "Data from Faulting Address controls Code Flow" issue. | |||||
| CVE-2018-19130 | 1 Libav | 1 Libav | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127 | |||||
| CVE-2018-19036 | 1 Bosch | 74 Autodome Ip 4000 Hd, Autodome Ip 4000i, Autodome Ip 5000 Hd and 71 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface. | |||||
| CVE-2018-1999011 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later. | |||||
| CVE-2018-18983 | 1 Invt | 1 Vt-designer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution. | |||||
| CVE-2018-18959 | 1 Epson | 2 Epson Workforce Wf-2861, Epson Workforce Wf-2861 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longer functions until a reboot. | |||||
| CVE-2018-18956 | 1 Suricata-ids | 1 Suricata | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018. | |||||
| CVE-2018-18944 | 1 Artha Project | 1 Artha | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Artha ~ The Open Thesaurus 1.0.3.0 has a Buffer Overflow. | |||||
| CVE-2018-18920 | 1 Ethereum | 1 Py-evm | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid." | |||||
| CVE-2018-18861 | 1 Pcman Ftp Server Project | 1 Pcman Ftp Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. | |||||
| CVE-2018-18820 | 2 Debian, Xiph | 2 Debian Linux, Icecast | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution. | |||||
| CVE-2018-18759 | 1 Modbustools | 1 Modbus Slave | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow. | |||||
| CVE-2018-18756 | 1 Kangujang | 1 Local Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008. | |||||
| CVE-2018-18732 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. | |||||
| CVE-2018-18731 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | |||||
| CVE-2018-18730 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | |||||