CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2018(Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2018-11102 119 DoS Overflow 2018-05-15 2019-09-02
5.0
None Remote Low Not required None None Partial
An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.
1002 CVE-2018-11100 119 DoS Overflow 2018-05-15 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
1003 CVE-2018-11095 119 DoS Overflow 2018-05-15 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
1004 CVE-2018-11054 190 DoS Overflow 2018-08-31 2021-11-30
5.0
None Remote Low Not required None None Partial
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.
1005 CVE-2018-11033 119 DoS Overflow 2018-05-14 2018-06-19
6.8
None Remote Medium Not required Partial Partial Partial
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.
1006 CVE-2018-11017 119 DoS Overflow 2018-05-13 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
1007 CVE-2018-11013 787 Exec Code Overflow 2018-05-13 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.
1008 CVE-2018-10996 119 DoS Exec Code Overflow 2018-05-12 2018-06-18
10.0
None Remote Low Not required Complete Complete Complete
The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable.
1009 CVE-2018-10973 190 Overflow 2018-05-10 2018-06-14
5.0
None Remote Low Not required None Partial None
An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _value parameters.
1010 CVE-2018-10972 787 DoS Overflow 2018-05-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.
1011 CVE-2018-10958 119 Overflow 2018-05-10 2019-08-06
4.3
None Remote Medium Not required None None Partial
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.
1012 CVE-2018-10940 119 Overflow 2018-05-09 2018-10-31
4.9
None Local Low Not required None None Complete
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
1013 CVE-2018-10932 119 Overflow 2018-08-21 2019-10-09
3.3
None Local Network Low Not required None Partial None
lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.
1014 CVE-2018-10921 190 Overflow 2018-08-02 2019-10-09
5.0
None Remote Low Not required None Partial None
Certain input files may trigger an integer overflow in ttembed input file processing. This overflow could potentially lead to corruption of the input file due to a lack of checking return codes of fgetc/fputc function calls.
1015 CVE-2018-10907 121 Exec Code Overflow 2018-09-04 2021-12-16
6.5
None Remote Low ??? Partial Partial Partial
It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.
1016 CVE-2018-10893 190 Exec Code Overflow 2018-09-11 2019-08-06
6.5
None Remote Low ??? Partial Partial Partial
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
1017 CVE-2018-10887 125 DoS Overflow 2018-07-10 2020-08-31
5.8
None Remote Medium Not required Partial None Partial
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
1018 CVE-2018-10881 119 DoS Overflow 2018-07-26 2019-10-09
4.9
None Local Low Not required None None Complete
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
1019 CVE-2018-10872 119 Overflow 2018-07-10 2020-07-15
4.9
None Local Low Not required None None Complete
A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel. No other versions are affected by this CVE.
1020 CVE-2018-10858 119 Exec Code Overflow 2018-08-22 2019-06-26
6.5
None Remote Low ??? Partial Partial Partial
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
1021 CVE-2018-10840 787 Overflow 2018-07-16 2020-08-28
7.2
None Local Low Not required Complete Complete Complete
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.
1022 CVE-2018-10839 190 Overflow 2018-10-16 2019-09-24
4.0
None Remote Low ??? None None Partial
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
1023 CVE-2018-10777 119 DoS Overflow 2018-05-07 2018-06-12
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
1024 CVE-2018-10774 119 DoS Overflow 2018-05-07 2018-06-13
4.3
None Remote Medium Not required None None Partial
Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by isi2xml.
1025 CVE-2018-10772 119 DoS Overflow 2018-05-07 2019-08-06
4.3
None Remote Medium Not required None None Partial
The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
1026 CVE-2018-10771 787 DoS Overflow 2018-05-07 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
1027 CVE-2018-10753 787 DoS Overflow 2018-05-05 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
1028 CVE-2018-10751 190 Overflow Mem. Corr. 2018-05-29 2018-07-20
5.4
None Remote High Not required None None Complete
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.
1029 CVE-2018-10750 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
1030 CVE-2018-10749 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
1031 CVE-2018-10748 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
1032 CVE-2018-10747 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
1033 CVE-2018-10746 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
1034 CVE-2018-10731 119 Overflow 2018-05-17 2018-06-20
9.3
None Remote Medium Not required Complete Complete Complete
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).
1035 CVE-2018-10728 119 Overflow 2018-05-17 2018-06-20
6.8
None Remote Medium Not required Partial Partial Partial
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731).
1036 CVE-2018-10718 787 Exec Code Overflow 2018-05-03 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.
1037 CVE-2018-10717 787 DoS Overflow 2018-05-03 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file, a different vulnerability than CVE-2018-10677.
1038 CVE-2018-10713 119 Exec Code Overflow Mem. Corr. 2018-05-03 2018-06-12
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
1039 CVE-2018-10706 190 Overflow 2018-05-10 2018-06-14
5.0
None Remote Low Not required None Partial None
An integer overflow in the transferMulti function of a smart contract implementation for Social Chain (SCA), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets, aka the "multiOverflow" issue.
1040 CVE-2018-10689 119 Overflow 2018-05-03 2021-07-08
4.3
None Remote Medium Not required None None Partial
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.
1041 CVE-2018-10677 787 DoS Overflow 2018-05-02 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file.
1042 CVE-2018-10664 119 Overflow Mem. Corr. 2018-06-26 2018-08-20
5.0
None Remote Low Not required None None Partial
An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption.
1043 CVE-2018-10659 119 DoS Overflow Mem. Corr. 2018-06-26 2018-08-20
5.0
None Remote Low Not required None None Partial
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction.
1044 CVE-2018-10658 119 DoS Overflow Mem. Corr. 2018-06-26 2018-08-20
5.0
None Remote Low Not required None None Partial
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.
1045 CVE-2018-10655 119 Overflow 2018-05-10 2018-06-14
6.8
None Remote Medium Not required Partial Partial Partial
DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (SEH).
1046 CVE-2018-10637 119 Exec Code Overflow 2018-09-13 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior.
1047 CVE-2018-10636 787 Exec Code Overflow +Priv 2018-08-13 2020-08-31
9.3
None Remote Medium Not required Complete Complete Complete
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
1048 CVE-2018-10628 119 Exec Code Overflow 2018-07-24 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process.
1049 CVE-2018-10621 119 Exec Code Overflow 2018-06-18 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash.
1050 CVE-2018-10620 787 Exec Code Overflow 2018-07-19 2020-08-31
7.5
None Remote Low Not required Partial Partial Partial
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.
Total number of vulnerabilities : 2121   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 (This Page)22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.