CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2018(Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1301 CVE-2018-5808 787 Exec Code Overflow 2018-12-07 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
1302 CVE-2018-5805 787 Overflow 2018-12-07 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
1303 CVE-2018-5800 787 Overflow 2018-12-07 2020-11-20
4.3
None Remote Medium Not required None None Partial
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
1304 CVE-2018-5796 119 Overflow 2018-02-05 2018-02-22
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Hidden Root Shell by entering the administrator password in conjunction with the 'service start-shell' CLI command.
1305 CVE-2018-5793 787 Overflow 2018-02-05 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
1306 CVE-2018-5792 787 Overflow 2018-02-05 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
1307 CVE-2018-5791 787 Overflow 2018-02-05 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
1308 CVE-2018-5790 119 DoS Overflow 2018-02-05 2018-02-22
2.9
None Local Network Medium Not required None None Partial
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Remote, Unauthenticated "Global" Denial of Service in the RIM (Radio Interface Module) over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
1309 CVE-2018-5788 119 DoS Overflow 2018-02-05 2018-02-22
5.0
None Remote Low Not required None None Partial
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Denial of Service in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.
1310 CVE-2018-5787 787 Overflow 2018-02-05 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.
1311 CVE-2018-5785 190 DoS Overflow 2018-01-19 2021-02-03
4.3
None Remote Medium Not required None None Partial
In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
1312 CVE-2018-5766 119 DoS Overflow 2018-01-18 2019-09-02
6.8
None Remote Medium Not required Partial Partial Partial
In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file.
1313 CVE-2018-5727 190 DoS Overflow 2018-01-16 2021-01-26
4.3
None Remote Medium Not required None None Partial
In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
1314 CVE-2018-5721 787 Exec Code Overflow 2018-01-17 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a "_wan_if" substring.
1315 CVE-2018-5718 119 DoS Overflow 2018-06-12 2018-08-14
5.6
None Local Low Not required None Partial Complete
Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service (BSOD) or modify kernel-mode memory via loading of a forged DLL into an user-mode process.
1316 CVE-2018-5701 119 Overflow 2018-01-31 2018-02-15
10.0
None Remote Low Not required Complete Complete Complete
In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003.
1317 CVE-2018-5684 119 DoS Overflow 2018-01-14 2018-02-02
6.8
None Remote Medium Not required Partial Partial Partial
In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file.
1318 CVE-2018-5678 119 Exec Code Overflow 2018-05-24 2018-06-08
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5676.
1319 CVE-2018-5676 119 Exec Code Overflow 2018-05-24 2018-06-08
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5678.
1320 CVE-2018-5674 119 Exec Code Overflow 2018-05-24 2018-06-08
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5676 and CVE-2018-5678.
1321 CVE-2018-5476 787 Exec Code Overflow 2018-03-15 2020-09-18
6.8
None Remote Medium Not required Partial Partial Partial
A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code.
1322 CVE-2018-5475 787 Exec Code Overflow 2018-02-19 2020-09-18
7.5
None Remote Low Not required Partial Partial Partial
A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified, which may allow remote code execution.
1323 CVE-2018-5473 119 Exec Code Overflow 2018-02-19 2021-08-18
10.0
None Remote Low Not required Complete Complete Complete
An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device.
1324 CVE-2018-5463 119 Exec Code Overflow 2018-04-09 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution.
1325 CVE-2018-5453 119 Overflow 2018-03-05 2019-10-09
7.8
None Remote Low Not required None None Complete
An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.
1326 CVE-2018-5452 787 Overflow 2018-03-07 2020-09-18
5.0
None Remote Low Not required None None Partial
A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted packets on Port 20547 could force the PLC to change its state into halt mode.
1327 CVE-2018-5442 787 Exec Code Overflow 2018-02-05 2020-09-18
7.5
None Remote Low Not required Partial Partial Partial
A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
1328 CVE-2018-5440 787 Exec Code Overflow 2018-02-15 2020-09-18
7.5
None Remote Low Not required Partial Partial Partial
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server.
1329 CVE-2018-5378 119 Overflow 2018-02-19 2019-10-09
4.9
None Remote Medium ??? Partial None Partial
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
1330 CVE-2018-5359 119 Overflow 2018-01-23 2018-02-09
9.3
None Remote Medium Not required Complete Complete Complete
The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow.
1331 CVE-2018-5345 787 Exec Code Overflow 2018-01-12 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
1332 CVE-2018-5336 119 Overflow 2018-01-11 2019-03-12
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.
1333 CVE-2018-5335 119 Overflow 2018-01-11 2019-03-12
4.3
None Remote Medium Not required None None Partial
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.
1334 CVE-2018-5334 119 Overflow 2018-01-11 2019-03-12
4.3
None Remote Medium Not required None None Partial
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.
1335 CVE-2018-5309 190 Overflow 2018-01-09 2018-01-29
4.3
None Remote Medium Not required None None Partial
In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
1336 CVE-2018-5299 787 Exec Code Overflow Mem. Corr. 2018-01-16 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.
1337 CVE-2018-5295 190 Overflow 2018-01-08 2018-01-26
4.3
None Remote Medium Not required None None Partial
In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
1338 CVE-2018-5294 190 Overflow 2018-01-08 2019-04-26
4.3
None Remote Medium Not required None None Partial
In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.
1339 CVE-2018-5282 787 Overflow 2018-01-08 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
** DISPUTED ** Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework.
1340 CVE-2018-5268 787 Overflow 2018-01-08 2021-11-30
4.3
None Remote Medium Not required None None Partial
In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.
1341 CVE-2018-5262 787 Exec Code Overflow 2018-01-12 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account.
1342 CVE-2018-5244 119 DoS Overflow 2018-01-05 2018-10-31
4.9
None Local Low Not required None None Complete
In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.
1343 CVE-2018-5221 119 Exec Code Overflow 2018-01-09 2018-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow remote attackers to execute arbitrary code via a long argument to the (1) BottomText or (2) TopText property.
1344 CVE-2018-5210 787 Exec Code Overflow 2018-01-04 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733.
1345 CVE-2018-5208 119 Overflow 2018-01-06 2019-03-12
7.5
None Remote Low Not required Partial Partial Partial
In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.
1346 CVE-2018-5201 787 DoS Overflow 2018-12-21 2020-08-24
4.3
None Remote Medium Not required None None Partial
Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions.
1347 CVE-2018-5200 119 Exec Code Overflow Mem. Corr. 2018-12-20 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution.
1348 CVE-2018-5196 787 Exec Code Overflow 2018-12-21 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.
1349 CVE-2018-5195 119 Exec Code Overflow 2018-01-17 2018-02-02
7.5
None Remote Low Not required Partial Partial Partial
Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document.
1350 CVE-2018-5189 119 DoS Overflow +Priv 2018-01-11 2018-10-17
7.2
None Local Low Not required Complete Complete Complete
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability.
Total number of vulnerabilities : 2121   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 (This Page)28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.