Total
12268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15354 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118. | |||||
| CVE-2018-15353 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118. | |||||
| CVE-2018-15191 | 1 Hotel Booking Script Project | 1 Hotel Booking Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field. | |||||
| CVE-2018-15188 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile. | |||||
| CVE-2018-15176 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file. | |||||
| CVE-2018-15175 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file. | |||||
| CVE-2018-15174 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file. | |||||
| CVE-2018-15172 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. | |||||
| CVE-2018-15128 | 1 Polycom | 3 Group Series, Hdx, Pano | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets. | |||||
| CVE-2018-15120 | 2 Canonical, Gnome | 2 Ubuntu Linux, Pango | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. | |||||
| CVE-2018-14948 | 1 Sound Project | 1 Sound | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). | |||||
| CVE-2018-14947 | 1 Flowpaper | 1 Pdf2json | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). | |||||
| CVE-2018-14946 | 1 Flowpaper | 1 Pdf2json | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete). | |||||
| CVE-2018-14939 | 1 Libreoffice | 1 Libreoffice | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site. | |||||
| CVE-2018-14856 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi) chip to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785. | |||||
| CVE-2018-14855 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785. | |||||
| CVE-2018-14854 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785. | |||||
| CVE-2018-14852 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip's firmware. | |||||
| CVE-2018-14829 | 1 Rockwellautomation | 1 Rslinx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code. | |||||
| CVE-2018-14821 | 1 Rockwellautomation | 1 Rslinx | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality. | |||||