CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2018(Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1000300 787 DoS Overflow 2018-05-24 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.
2 CVE-2018-1000199 119 Exec Code Overflow Mem. Corr. 2018-05-24 2020-08-24
4.9
None Local Low Not required None None Complete
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
3 CVE-2018-1000038 787 Exec Code Overflow 2018-05-24 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.
4 CVE-2018-11626 787 Overflow 2018-05-31 2020-08-24
5.0
None Remote Low Not required None None Partial
SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer overflow in the core/apev2.c init_apev2_keys function.
5 CVE-2018-11598 125 DoS Overflow 2018-05-31 2018-06-08
5.8
None Remote Medium Not required Partial None Partial
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.
6 CVE-2018-11597 674 DoS Overflow 2018-05-31 2019-10-03
4.3
None Remote Medium Not required None None Partial
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c.
7 CVE-2018-11596 119 DoS Overflow 2018-05-31 2018-06-08
4.3
None Remote Medium Not required None None Partial
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c.
8 CVE-2018-11595 119 DoS Overflow 2018-05-31 2018-06-08
6.8
None Remote Medium Not required Partial Partial Partial
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused.
9 CVE-2018-11594 119 DoS Overflow 2018-05-31 2018-06-08
4.3
None Remote Medium Not required None None Partial
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c.
10 CVE-2018-11593 787 DoS Overflow 2018-05-31 2019-10-03
5.8
None Remote Medium Not required Partial None Partial
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c.
11 CVE-2018-11590 190 DoS Overflow 2018-05-31 2018-06-08
4.3
None Remote Medium Not required None None Partial
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c.
12 CVE-2018-11578 119 Overflow 2018-05-31 2018-07-13
4.3
None Remote Medium Not required None None Partial
GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault.
13 CVE-2018-11575 787 Overflow 2018-05-31 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg.
14 CVE-2018-11545 787 Overflow 2018-05-29 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes.
15 CVE-2018-11536 787 Overflow 2018-05-29 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits.
16 CVE-2018-11531 787 Overflow 2018-05-29 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
17 CVE-2018-11506 787 DoS Overflow 2018-05-28 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call.
18 CVE-2018-11498 119 DoS Exec Code Overflow 2018-05-26 2018-07-05
6.8
None Remote Medium Not required Partial Partial Partial
In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file, as well as achieve remote code execution.
19 CVE-2018-11490 787 DoS Overflow 2018-05-26 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
20 CVE-2018-11489 787 DoS Overflow 2018-05-26 2021-03-15
6.8
None Remote Medium Not required Partial Partial Partial
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
21 CVE-2018-11440 787 Overflow 2018-05-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.
22 CVE-2018-11438 787 Exec Code Overflow 2018-05-30 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file.
23 CVE-2018-11378 119 Overflow 2018-05-22 2018-06-28
6.8
None Remote Medium Not required Partial Partial Partial
The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.
24 CVE-2018-11361 119 Overflow 2018-05-22 2020-03-20
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.
25 CVE-2018-11360 119 Overflow 2018-05-22 2020-03-20
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.
26 CVE-2018-11355 119 Overflow 2018-05-22 2020-03-20
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
27 CVE-2018-11239 190 Overflow 2018-05-19 2018-06-26
5.0
None Remote Low Not required None Partial None
An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in May 2018, aka the "burnOverflow" issue.
28 CVE-2018-11237 787 Overflow 2018-05-18 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
29 CVE-2018-11236 787 Exec Code Overflow 2018-05-18 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.
30 CVE-2018-11226 119 DoS Overflow 2018-05-17 2018-06-20
6.8
None Remote Medium Not required Partial Partial Partial
The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
31 CVE-2018-11225 119 DoS Overflow 2018-05-17 2018-06-25
6.8
None Remote Medium Not required Partial Partial Partial
The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
32 CVE-2018-11224 119 DoS Overflow 2018-05-17 2018-06-25
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Libav 12.3. A read access violation in the in_table_init16 function in libavcodec/aacsbr.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.
33 CVE-2018-11210 125 Overflow 2018-05-16 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2.
34 CVE-2018-11128 787 DoS Exec Code Overflow 2018-05-17 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly execute arbitrary code via a crafted pdf file.
35 CVE-2018-11102 119 DoS Overflow 2018-05-15 2019-09-02
5.0
None Remote Low Not required None None Partial
An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.
36 CVE-2018-11100 119 DoS Overflow 2018-05-15 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
37 CVE-2018-11095 119 DoS Overflow 2018-05-15 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
38 CVE-2018-11033 119 DoS Overflow 2018-05-14 2018-06-19
6.8
None Remote Medium Not required Partial Partial Partial
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.
39 CVE-2018-11017 119 DoS Overflow 2018-05-13 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
40 CVE-2018-11013 787 Exec Code Overflow 2018-05-13 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.
41 CVE-2018-10996 119 DoS Exec Code Overflow 2018-05-12 2018-06-18
10.0
None Remote Low Not required Complete Complete Complete
The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable.
42 CVE-2018-10973 190 Overflow 2018-05-10 2018-06-14
5.0
None Remote Low Not required None Partial None
An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _value parameters.
43 CVE-2018-10972 787 DoS Overflow 2018-05-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.
44 CVE-2018-10958 119 Overflow 2018-05-10 2019-08-06
4.3
None Remote Medium Not required None None Partial
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.
45 CVE-2018-10940 119 Overflow 2018-05-09 2018-10-31
4.9
None Local Low Not required None None Complete
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
46 CVE-2018-10777 119 DoS Overflow 2018-05-07 2018-06-12
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
47 CVE-2018-10774 119 DoS Overflow 2018-05-07 2018-06-13
4.3
None Remote Medium Not required None None Partial
Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by isi2xml.
48 CVE-2018-10772 119 DoS Overflow 2018-05-07 2019-08-06
4.3
None Remote Medium Not required None None Partial
The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
49 CVE-2018-10771 787 DoS Overflow 2018-05-07 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
50 CVE-2018-10753 787 DoS Overflow 2018-05-05 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Total number of vulnerabilities : 116   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.