CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2018(Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1801 CVE-2017-12546 119 Overflow 2018-02-15 2018-03-02
5.5
None Local High ??? Complete Complete None
A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
1802 CVE-2017-12471 119 Overflow 2018-02-07 2018-02-22
7.5
None Remote Low Not required Partial Partial Partial
The cnb_parse_lev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function.
1803 CVE-2017-12470 190 Overflow 2018-02-07 2018-02-23
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables.
1804 CVE-2017-12469 119 Overflow 2018-02-07 2018-02-23
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation.
1805 CVE-2017-12468 119 Overflow 2018-02-07 2018-02-23
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the vallen and len variables.
1806 CVE-2017-12466 119 Overflow 2018-02-07 2018-02-23
7.5
None Remote Low Not required Partial Partial Partial
CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to ssl_halen when running ccn-lite-sim, which trigger an out-of-bounds access.
1807 CVE-2017-12465 190 Overflow 2018-02-07 2018-02-23
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the (1) vallen variable in the iottlv_parse_sequence function or (2) typ, vallen and i variables in the localrpc_parse function.
1808 CVE-2017-12412 835 Overflow 2018-02-07 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow.
1809 CVE-2017-12379 119 DoS Exec Code Overflow 2018-01-26 2018-03-16
10.0
None Remote Low Not required Complete Complete Complete
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.
1810 CVE-2017-12376 119 DoS Exec Code Overflow 2018-01-26 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code.
1811 CVE-2017-12375 119 DoS Overflow 2018-01-26 2018-03-16
7.8
None Remote Low Not required None None Complete
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.
1812 CVE-2017-12179 190 Exec Code Overflow 2018-01-24 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
1813 CVE-2017-12177 190 Exec Code Overflow 2018-01-24 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
1814 CVE-2017-12122 119 Exec Code Overflow 2018-04-24 2020-07-28
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
1815 CVE-2017-12109 190 Exec Code Overflow Mem. Corr. 2018-04-24 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
1816 CVE-2017-12108 190 Exec Code Overflow Mem. Corr. 2018-04-24 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
1817 CVE-2017-12107 119 Exec Code Overflow Mem. Corr. 2018-04-24 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .PCX file to trigger this vulnerability.
1818 CVE-2017-12105 190 Exec Code Overflow 2018-04-24 2019-03-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
1819 CVE-2017-12104 190 Exec Code Overflow 2018-04-24 2019-03-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
1820 CVE-2017-12103 190 Exec Code Overflow 2018-04-24 2019-03-27
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
1821 CVE-2017-12102 190 Exec Code Overflow 2018-04-24 2019-03-27
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
1822 CVE-2017-12101 190 Exec Code Overflow 2018-04-24 2019-03-27
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
1823 CVE-2017-12100 190 Exec Code Overflow 2018-04-24 2019-03-27
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
1824 CVE-2017-12099 190 Exec Code Overflow 2018-04-24 2019-03-27
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.
1825 CVE-2017-12087 119 Overflow 2018-04-24 2018-05-25
7.5
None Remote Low Not required Partial Partial Partial
An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability.
1826 CVE-2017-12086 190 Exec Code Overflow 2018-04-24 2019-03-27
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
1827 CVE-2017-12082 190 Exec Code Overflow 2018-04-24 2019-03-27
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability.
1828 CVE-2017-12081 190 Exec Code Overflow 2018-04-24 2019-03-26
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.
1829 CVE-2017-11563 119 Exec Code Overflow 2018-08-24 2018-11-02
10.0
None Remote Low Not required Complete Complete Complete
D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device.
1830 CVE-2017-11308 787 Exec Code Overflow 2018-05-19 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1831 CVE-2017-11082 119 Overflow 2018-03-16 2018-04-05
4.4
None Local Medium Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in a firmware loading routine, a buffer overflow could potentially occur if multiple user space threads try to update the WLAN firmware file through sysfs.
1832 CVE-2017-11081 119 Overflow 2018-01-10 2018-01-26
4.6
None Local Low Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a potential buffer overflow vulnerability in hdd_parse_setrmcenable_command and hdd_parse_setrmcactionperiod_command APIs as buffers defined in this API can hold maximum 32 bytes but data more than 32 bytes can get copied.
1833 CVE-2017-11080 119 Overflow 2018-01-10 2018-01-26
4.6
None Local Low Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user supplied sparse image, a buffer overflow vulnerability could occur if the sparse header block size is equal to 4294967296.
1834 CVE-2017-11072 119 Overflow 2018-01-16 2018-02-02
4.6
None Local Low Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while calculating CRC for GPT header fields with partition entries greater than 16384 buffer overflow occurs.
1835 CVE-2017-11069 119 Overflow 2018-01-10 2018-01-29
9.3
None Remote Medium Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap overflow.
1836 CVE-2017-10853 119 Exec Code Overflow 2018-03-09 2018-03-27
8.3
None Local Network Low Not required Complete Complete Complete
Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.
1837 CVE-2017-10852 119 Exec Code Overflow 2018-03-09 2018-03-27
8.3
None Local Network Low Not required Complete Complete Complete
Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors.
1838 CVE-2017-9723 119 Overflow 2018-03-30 2018-04-27
4.6
None Local Low Not required Partial Partial Partial
The touchscreen driver synaptics_dsx in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-05, the size of a stack-allocated buffer can be set to a value which exceeds the size of the stack.
1839 CVE-2017-9694 119 Overflow 2018-03-30 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
While parsing Netlink attributes in QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE in qcacld 2.0 before 2017-05-16, a buffer overread could occur.
1840 CVE-2017-9693 119 Overflow 2018-03-30 2018-04-25
2.1
None Local Low Not required Partial None None
The length of attribute value for STA_EXT_CAPABILITY in __wlan_hdd_change_station in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-06 being less than the actual lenth of StaParams.extn_capability results in a read for extra bytes when a memcpy is done from params->ext_capab to StaParams.extn_capability using the sizeof(StaParams.extn_capability).
1841 CVE-2017-9689 119 Overflow Mem. Corr. 2018-01-10 2018-01-26
4.6
None Local Low Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a specially-crafted HDMI CEC message can be used to cause stack memory corruption.
1842 CVE-2017-9638 119 DoS Exec Code Overflow 2018-04-17 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
1843 CVE-2017-9636 119 DoS Exec Code Overflow 2018-04-17 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
1844 CVE-2017-9120 190 DoS Overflow 2018-08-02 2019-08-19
7.5
None Remote Low Not required Partial Partial Partial
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
1845 CVE-2017-9003 119 Exec Code Overflow Mem. Corr. 2018-08-06 2018-10-18
7.8
None Remote Low Not required None None Complete
Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed.
1846 CVE-2017-8275 190 Overflow 2018-04-11 2018-05-11
10.0
None Remote Low Not required Complete Complete Complete
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, SD 835, an integer overflow vulnerability exists in a video library.
1847 CVE-2017-7908 119 Overflow 2018-10-02 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls.
1848 CVE-2017-7845 119 Overflow 2018-06-11 2018-08-09
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2.
1849 CVE-2017-7827 119 Overflow Mem. Corr. 2018-06-11 2018-06-25
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57.
1850 CVE-2017-7826 119 Overflow Mem. Corr. 2018-06-11 2018-08-01
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
Total number of vulnerabilities : 2121   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 (This Page)38 39 40 41 42 43
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.