CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2018(Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1000537 119 Exec Code Overflow 2018-06-26 2018-08-31
7.5
None Remote Low Not required Partial Partial Partial
Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardreader.cpp (Depending on branch/version) that can result in Arbitrary code execution. This attack appear to be exploitable via Crafted G-Code instruction/file is sent to the printer.
2 CVE-2018-1000524 190 DoS Overflow 2018-06-26 2018-08-28
4.3
None Remote Medium Not required None None Partial
miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote denial of service. This attack appear to be exploitable via the victim must load a specially-crafted map which calls SetLayerSize in its entry script. This vulnerability appears to have been fixed in 5.0.3, 5.1.5, 5.2.10 and later.
3 CVE-2018-1000517 120 Overflow 2018-06-26 2021-02-18
7.5
None Remote Low Not required Partial Partial Partial
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.
4 CVE-2018-13030 787 DoS Overflow 2018-06-30 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in jpeg-compressor 0.1. The build_huffman function in stb_image.c allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact.
5 CVE-2018-12982 119 Overflow 2018-06-29 2018-08-20
4.3
None Remote Medium Not required None None Partial
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.
6 CVE-2018-12932 787 DoS Overflow 2018-06-28 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by triggering a large pAlphaBlend->cbBitsSrc value.
7 CVE-2018-12918 119 Overflow 2018-06-27 2020-03-16
7.5
None Remote Low Not required Partial Partial Partial
In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c.
8 CVE-2018-12916 119 Overflow 2018-06-27 2018-08-17
7.5
None Remote Low Not required Partial Partial Partial
In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c.
9 CVE-2018-12900 787 DoS Overflow 2018-06-26 2021-03-05
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
10 CVE-2018-12889 787 Overflow Mem. Corr. 2018-06-26 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c.
11 CVE-2018-12706 119 Overflow 2018-06-24 2018-08-30
7.5
None Remote Low Not required Partial Partial Partial
DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.
12 CVE-2018-12699 787 DoS Overflow 2018-06-23 2019-08-03
7.5
None Remote Low Not required Partial Partial Partial
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.
13 CVE-2018-12693 787 DoS Overflow 2018-06-23 2020-08-24
6.8
None Remote Low ??? None None Complete
Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json.
14 CVE-2018-12640 119 Overflow 2018-06-23 2021-06-22
7.5
None Remote Low Not required Partial Partial Partial
The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100.
15 CVE-2018-12617 190 Overflow 2018-06-21 2020-11-19
5.0
None Remote Low Not required None None Partial
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
16 CVE-2018-12601 787 DoS Overflow 2018-06-20 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.
17 CVE-2018-12578 787 DoS Overflow 2018-06-19 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.
18 CVE-2018-12447 787 Exec Code Overflow 2018-06-15 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.
19 CVE-2018-12422 119 Overflow 2018-06-15 2018-08-09
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap."
20 CVE-2018-12327 787 Exec Code Overflow 2018-06-20 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
21 CVE-2018-12326 119 Exec Code Overflow 2018-06-17 2019-01-17
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
22 CVE-2018-12293 787 Overflow 2018-06-19 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.
23 CVE-2018-12265 125 Overflow 2018-06-13 2019-08-06
6.8
None Remote Medium Not required Partial Partial Partial
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
24 CVE-2018-12264 125 Overflow 2018-06-13 2019-08-06
6.8
None Remote Medium Not required Partial Partial Partial
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
25 CVE-2018-12233 119 Overflow Mem. Corr. 2018-06-12 2019-03-27
6.8
None Remote Medium Not required Partial Partial Partial
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.
26 CVE-2018-12112 119 DoS Overflow 2018-06-11 2018-07-27
6.8
None Remote Medium Not required Partial Partial Partial
md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.
27 CVE-2018-12109 787 DoS Overflow 2018-06-11 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC<FileIO>::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PAM image file.
28 CVE-2018-12085 787 Overflow 2018-06-09 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
29 CVE-2018-12070 190 Overflow 2018-06-25 2019-10-03
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.
30 CVE-2018-12068 190 Overflow 2018-06-25 2019-10-03
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.
31 CVE-2018-12067 190 Overflow 2018-06-25 2019-10-03
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.
32 CVE-2018-12063 190 Overflow 2018-06-25 2019-10-03
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.
33 CVE-2018-12062 190 Overflow 2018-06-25 2019-10-03
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.
34 CVE-2018-11806 787 Overflow 2018-06-13 2021-08-04
7.2
None Local Low Not required Complete Complete Complete
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
35 CVE-2018-11726 787 DoS Overflow 2018-06-19 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
36 CVE-2018-11724 125 DoS Overflow 2018-06-19 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
37 CVE-2018-11707 119 Overflow 2018-06-20 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
38 CVE-2018-11706 119 Overflow 2018-06-20 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
39 CVE-2018-11705 119 Overflow 2018-06-20 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
40 CVE-2018-11704 119 Overflow 2018-06-20 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
41 CVE-2018-11703 119 Overflow 2018-06-20 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
42 CVE-2018-11702 119 Overflow 2018-06-20 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
43 CVE-2018-11701 119 Overflow 2018-06-20 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
44 CVE-2018-11685 787 Overflow 2018-06-04 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
45 CVE-2018-11684 787 Overflow 2018-06-04 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
46 CVE-2018-11683 787 Overflow 2018-06-04 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
47 CVE-2018-11574 20 Overflow Bypass 2018-06-14 2020-02-24
7.5
None Remote Low Not required Partial Partial Partial
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected.
48 CVE-2018-11560 787 Overflow 2018-06-23 2021-06-22
7.5
None Remote Low Not required Partial Partial Partial
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.
49 CVE-2018-11446 190 Overflow 2018-06-25 2019-10-03
5.0
None Remote Low Not required None Partial None
The buy function of a smart contract implementation for Gold Reward (GRX), an Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the buyer because of overflow of the multiplication of its argument amount and a manipulable variable buyPrice, aka the "tradeTrap" issue.
50 CVE-2018-11219 190 Overflow 2018-06-17 2021-08-04
7.5
None Remote Low Not required Partial Partial Partial
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
Total number of vulnerabilities : 175   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.