CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2018(Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1251 CVE-2018-6069 125 Overflow 2018-11-14 2020-08-24
4.3
None Remote Medium Not required Partial None None
Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
1252 CVE-2018-6065 787 Overflow 2018-11-14 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1253 CVE-2018-6062 787 Overflow 2018-11-14 2018-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
1254 CVE-2018-6038 119 Overflow 2018-09-25 2018-11-15
4.3
None Remote Medium Not required None None Partial
Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
1255 CVE-2018-5996 119 DoS Exec Code Overflow Mem. Corr. 2018-01-31 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
1256 CVE-2018-5925 119 Exec Code Overflow 2018-08-13 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.
1257 CVE-2018-5924 787 Exec Code Overflow 2018-08-13 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution.
1258 CVE-2018-5918 119 Overflow 2018-11-28 2018-12-26
4.6
None Local Low Not required Partial Partial Partial
Possible buffer overflow in DRM Trusted application due to lack of check function return values in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.
1259 CVE-2018-5917 119 Overflow 2018-11-28 2018-12-26
7.2
None Local Low Not required Complete Complete Complete
Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.
1260 CVE-2018-5912 119 Overflow 2018-11-28 2019-06-14
7.2
None Local Low Not required Complete Complete Complete
Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660
1261 CVE-2018-5910 119 Overflow Mem. Corr. 2018-11-27 2018-12-21
4.6
None Local Low Not required Partial Partial Partial
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a memory corruption can occur in kernel due to improper check in callers count parameter in display handlers.
1262 CVE-2018-5909 119 Overflow Mem. Corr. 2018-11-27 2018-12-21
4.6
None Local Low Not required Partial Partial Partial
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow occur may occur in display handlers due to lack of checking in buffer size before copying into it and will lead to memory corruption.
1263 CVE-2018-5908 119 Overflow 2018-11-27 2018-12-21
4.6
None Local Low Not required Partial Partial Partial
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in display function due to lack of buffer length validation before copying.
1264 CVE-2018-5907 190 Overflow 2018-07-06 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
1265 CVE-2018-5906 119 Overflow 2018-11-27 2018-12-21
4.6
None Local Low Not required Partial Partial Partial
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in debugfs module due to lack of check in size of input before copying into buffer.
1266 CVE-2018-5905 119 Overflow 2018-09-19 2018-11-08
4.4
None Local Medium Not required Partial Partial Partial
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access.
1267 CVE-2018-5898 190 Overflow 2018-07-06 2018-08-27
4.6
None Local Low Not required Partial Partial Partial
Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "param_length" goes beyond certain limit in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
1268 CVE-2018-5893 119 Overflow 2018-07-06 2018-08-27
4.6
None Local Low Not required Partial Partial Partial
While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur.
1269 CVE-2018-5889 119 Overflow 2018-07-06 2018-08-27
4.6
None Local Low Not required Partial Partial Partial
While processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
1270 CVE-2018-5885 119 Overflow 2018-07-06 2018-09-10
7.5
None Remote Low Not required Partial Partial Partial
While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear.
1271 CVE-2018-5878 119 Overflow 2018-07-06 2018-09-10
7.5
None Remote Low Not required Partial Partial Partial
While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
1272 CVE-2018-5877 119 Overflow 2018-11-28 2018-12-26
7.2
None Local Low Not required Complete Complete Complete
In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20.
1273 CVE-2018-5876 119 Overflow 2018-07-06 2018-09-05
6.8
None Remote Medium Not required Partial Partial Partial
While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
1274 CVE-2018-5875 119 Overflow 2018-07-06 2018-09-05
6.8
None Remote Medium Not required Partial Partial Partial
While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
1275 CVE-2018-5874 787 Overflow 2018-07-06 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
1276 CVE-2018-5872 119 Overflow 2018-07-06 2018-08-27
8.3
None Local Network Low Not required Complete Complete Complete
While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur.
1277 CVE-2018-5870 119 Overflow 2018-11-28 2018-12-26
7.2
None Local Low Not required Complete Complete Complete
While loading a service image, an untrusted pointer dereference can occur in Snapdragon Mobile in versions SD 835, SDA660, SDX24.
1278 CVE-2018-5866 119 Overflow 2018-10-26 2019-01-23
7.2
None Local Low Not required Complete Complete Complete
While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660.
1279 CVE-2018-5863 119 Overflow 2018-06-15 2018-08-06
4.6
None Local Low Not required Partial Partial Partial
If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
1280 CVE-2018-5862 119 Overflow 2018-07-06 2018-09-04
4.6
None Local Low Not required Partial Partial Partial
In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur.
1281 CVE-2018-5858 119 Overflow 2018-07-06 2018-08-29
4.6
None Local Low Not required Partial Partial Partial
In the audio debugfs in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, out of bounds access can occur.
1282 CVE-2018-5854 787 Overflow 2018-06-15 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
1283 CVE-2018-5851 119 Overflow 2018-06-12 2018-08-03
4.6
None Local Low Not required Partial Partial Partial
Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
1284 CVE-2018-5850 191 Overflow 2018-06-06 2018-07-17
9.3
None Remote Medium Not required Complete Complete Complete
In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
1285 CVE-2018-5848 119 Overflow 2018-06-12 2019-05-02
4.6
None Local Low Not required Partial Partial Partial
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
1286 CVE-2018-5843 119 Overflow 2018-06-12 2018-08-03
4.6
None Local Low Not required Partial Partial Partial
In the function wma_pdev_div_info_evt_handler() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, there is no upper bound check on the value event->num_chains_valid received from firmware which can lead to a buffer overwrite of the fixed size chain_rssi_result structure.
1287 CVE-2018-5842 119 Overflow 2018-06-12 2018-08-03
4.6
None Local Low Not required Partial Partial Partial
An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
1288 CVE-2018-5835 119 Overflow 2018-07-06 2018-08-28
7.2
None Local Low Not required Complete Complete Complete
If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in __wlan_hdd_cfg80211_add_key() may occur when copying keyRSC in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
1289 CVE-2018-5834 119 Overflow 2018-07-06 2018-09-04
4.6
None Local Low Not required Partial Partial Partial
In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
1290 CVE-2018-5830 119 Overflow 2018-07-06 2018-08-29
7.2
None Local Low Not required Complete Complete Complete
While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buffer overflow can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
1291 CVE-2018-5828 119 Overflow 2018-04-03 2018-05-14
4.6
None Local Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_extscan_start_stop_event_handler(), vdev_id comes from the variable event from firmware and is not properly validated potentially leading to a buffer overwrite.
1292 CVE-2018-5827 119 Overflow 2018-05-17 2018-06-19
4.6
None Local Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.
1293 CVE-2018-5824 119 Overflow 2018-04-03 2018-05-11
4.6
None Local Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing HTT_T2H_MSG_TYPE_RX_FLUSH or HTT_T2H_MSG_TYPE_RX_PN_IND messages, a buffer overflow can occur if the tid value obtained from the firmware is out of range.
1294 CVE-2018-5823 119 Overflow 2018-04-03 2018-05-11
4.6
None Local Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, improper buffer length validation in extscan hotlist event can lead to potential buffer overflow.
1295 CVE-2018-5822 119 Overflow 2018-04-03 2018-05-08
7.5
None Remote Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, compromised WLAN FW can potentially cause a buffer overwrite.
1296 CVE-2018-5820 190 Overflow 2018-04-03 2018-05-08
7.5
None Remote Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the function wma_tbttoffset_update_event_handler(), a parameter received from firmware is used to allocate memory for a local buffer and is not properly validated. This can potentially result in an integer overflow subsequently leading to a heap overwrite.
1297 CVE-2018-5816 190 Overflow 2018-12-07 2019-01-03
7.1
None Remote Medium Not required None None Complete
An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804).
1298 CVE-2018-5815 190 Overflow 2018-12-07 2019-01-03
7.1
None Remote Medium Not required None None Complete
An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.
1299 CVE-2018-5810 787 Overflow 2018-12-07 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
1300 CVE-2018-5809 787 Exec Code Overflow 2018-12-07 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
Total number of vulnerabilities : 2121   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 (This Page)27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.