CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2018(Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2018-3857 787 Exec Code Overflow 2018-07-19 2020-09-18
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3858.
1502 CVE-2018-3851 787 Exec Code Overflow 2018-04-26 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution.
1503 CVE-2018-3849 787 Exec Code Overflow 2018-04-16 2021-02-03
6.8
None Remote Medium Not required Partial Partial Partial
In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
1504 CVE-2018-3848 787 Exec Code Overflow 2018-04-16 2021-02-03
6.8
None Remote Medium Not required Partial Partial Partial
In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
1505 CVE-2018-3847 787 Exec Code Overflow 2018-08-01 2021-01-26
6.8
None Remote Medium Not required Partial Partial Partial
Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
1506 CVE-2018-3846 787 Exec Code Overflow 2018-04-16 2021-01-26
6.8
None Remote Medium Not required Partial Partial Partial
In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
1507 CVE-2018-3835 787 Exec Code Overflow 2018-01-29 2018-02-16
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution.
1508 CVE-2018-3693 Overflow 2018-07-10 2021-11-19
4.7
None Local Medium Not required Complete None None
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
1509 CVE-2018-3670 119 Exec Code Overflow 2018-08-01 2018-10-01
7.2
None Local Low Not required Complete Complete Complete
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow.
1510 CVE-2018-3666 Exec Code Overflow 2018-08-01 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow.
1511 CVE-2018-3661 119 DoS Overflow 2018-05-15 2018-06-19
2.1
None Local Low Not required None None Partial
Buffer overflow in Intel system Configuration utilities selview.exe and syscfg.exe before version 14 build 11 allows a local user to crash these services potentially resulting in a denial of service.
1512 CVE-2018-3657 119 Exec Code Overflow 2018-09-12 2021-05-26
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.
1513 CVE-2018-3629 119 DoS Overflow 2018-07-10 2020-08-24
3.3
None Local Network Low Not required None None Partial
Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to cause a denial of service via the same subnet.
1514 CVE-2018-3628 119 Exec Code Overflow 2018-07-10 2020-08-24
8.3
None Local Network Low Not required Complete Complete Complete
Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet.
1515 CVE-2018-3624 119 Exec Code Overflow 2018-04-05 2018-05-10
5.4
None Local Network Medium Not required Partial Partial Partial
Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network.
1516 CVE-2018-3610 119 DoS Overflow 2018-01-09 2019-10-03
3.6
None Local Low Not required Partial None Partial
SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the ability to read and writing to Memory Status registers potentially allowing information disclosure or a denial of service condition.
1517 CVE-2018-3589 119 Overflow 2018-04-11 2018-05-15
10.0
None Remote Low Not required Complete Complete Complete
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket, which can lead to a buffer overflow when the sample buffer is copied to the logPacket buffer.
1518 CVE-2018-3586 190 Overflow 2018-07-06 2018-08-28
10.0
None Remote Low Not required Complete Complete Complete
An integer overflow to buffer overflow vulnerability exists in the ADSPRPC heap manager in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
1519 CVE-2018-3582 119 Overflow 2018-06-12 2018-08-06
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
1520 CVE-2018-3581 119 Overflow 2018-06-12 2018-08-02
4.6
None Local Low Not required Partial Partial Partial
In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overwrite can occur if the vdev_id received from firmware is larger than max_bssid.
1521 CVE-2018-3580 787 Overflow 2018-06-06 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
1522 CVE-2018-3578 119 Overflow 2018-06-06 2018-07-17
9.3
None Remote Medium Not required Complete Complete Complete
Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
1523 CVE-2018-3577 190 Overflow 2018-07-06 2018-08-28
5.0
None Remote Low Not required Partial None None
While processing fragments, when the fragment count becomes very large, an integer overflow leading to a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
1524 CVE-2018-3573 119 Overflow 2018-09-19 2018-11-08
4.6
None Local Low Not required Partial Partial Partial
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while relocating kernel images with a specially crafted boot image, an out of bounds access can occur.
1525 CVE-2018-3572 119 Overflow 2018-06-12 2018-08-02
4.6
None Local Low Not required Partial Partial Partial
While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
1526 CVE-2018-3568 119 Overflow 2018-05-17 2018-06-19
4.6
None Local Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
1527 CVE-2018-3567 119 Overflow 2018-05-17 2018-06-19
4.6
None Local Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
1528 CVE-2018-3566 119 Overflow 2018-04-03 2018-04-25
6.8
None Remote Medium Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overwrite may occur in ProcSetReqInternal() due to missing length check.
1529 CVE-2018-3565 119 Overflow 2018-06-06 2018-07-17
9.3
None Remote Medium Not required Complete Complete Complete
While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overflow can occur.
1530 CVE-2018-3562 119 Overflow 2018-06-06 2018-07-17
7.1
None Remote Medium Not required None None Complete
Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
1531 CVE-2018-2386 119 Overflow 2018-02-14 2018-02-27
4.0
None Remote Low ??? None None Partial
Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53.
1532 CVE-2018-1897 787 Exec Code Overflow 2018-11-30 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462.
1533 CVE-2018-1771 119 Exec Code Overflow 2018-12-20 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687.
1534 CVE-2018-1710 119 Exec Code Overflow 2018-09-21 2019-03-21
4.6
None Local Low Not required Partial Partial Partial
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364.
1535 CVE-2018-1565 119 Overflow 2018-05-25 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022.
1536 CVE-2018-1544 119 Overflow 2018-05-25 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648.
1537 CVE-2018-1515 119 Overflow 2018-05-25 2019-10-09
4.4
None Local Medium Not required Partial Partial Partial
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624.
1538 CVE-2018-1488 119 Exec Code Overflow 2018-05-25 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973.
1539 CVE-2018-1459 787 Exec Code Overflow 2018-05-25 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210.
1540 CVE-2018-1427 119 DoS Overflow 2018-03-22 2019-10-09
2.1
None Local Low Not required None None Partial
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072.
1541 CVE-2018-1336 835 DoS Overflow 2018-08-02 2020-04-15
5.0
None Remote Low Not required None None Partial
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
1542 CVE-2018-1301 119 Overflow 2018-03-26 2021-06-06
4.3
None Remote Medium Not required None None Partial
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.
1543 CVE-2018-1232 787 Overflow 2018-03-30 2020-08-24
5.0
None Remote Low Not required None None Partial
RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation.
1544 CVE-2018-1218 119 DoS Overflow 2018-03-19 2018-04-19
5.0
None Remote Low Not required None None Partial
In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability to cause a denial of service to the users of NetWorker systems.
1545 CVE-2018-1205 119 Overflow 2018-03-27 2018-04-24
5.0
None Remote Low Not required None None Partial
Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash.
1546 CVE-2018-1159 119 Overflow Mem. Corr. 2018-08-23 2018-10-12
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting.
1547 CVE-2018-1156 787 Exec Code Overflow 2018-08-23 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.
1548 CVE-2018-1151 119 DoS Exec Code Overflow 2018-06-12 2019-05-28
10.0
None Remote Low Not required Complete Complete Complete
The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi.
1549 CVE-2018-1149 119 Exec Code Overflow 2018-09-19 2018-12-07
10.0
None Remote Low Not required Complete Complete Complete
cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.
1550 CVE-2018-1145 119 Overflow 2018-04-19 2018-05-18
7.5
None Remote Low Not required Partial Partial Partial
A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
Total number of vulnerabilities : 2121   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 (This Page)32 33 34 35 36 37 38 39 40 41 42 43
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.