CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2018(Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2018-14779 119 Overflow 2018-08-15 2020-02-25
7.2
None Local Low Not required Complete Complete Complete
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard.
302 CVE-2018-14749 119 Overflow 2018-11-28 2018-12-27
7.5
None Remote Low Not required Partial Partial Partial
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS.
303 CVE-2018-14743 119 Overflow 2018-07-30 2018-09-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c.
304 CVE-2018-14742 119 Overflow 2018-07-30 2018-09-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy.
305 CVE-2018-14741 119 Overflow 2018-07-30 2018-09-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_pack in pattern.c.
306 CVE-2018-14740 119 Overflow 2018-07-30 2018-09-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c while making a query.
307 CVE-2018-14739 119 Overflow 2018-07-30 2018-09-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c.
308 CVE-2018-14738 119 Overflow 2018-07-30 2018-09-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c.
309 CVE-2018-14653 122 DoS Overflow 2018-10-31 2021-12-16
6.5
None Remote Low ??? Partial Partial Partial
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.
310 CVE-2018-14652 120 DoS Overflow 2018-10-31 2021-11-17
4.0
None Remote Low ??? None None Partial
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.
311 CVE-2018-14634 190 Overflow 2018-09-25 2021-07-20
7.2
None Local Low Not required Complete Complete Complete
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
312 CVE-2018-14633 787 Overflow 2018-09-25 2020-08-28
8.3
None Remote Medium Not required Partial Partial Complete
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.
313 CVE-2018-14618 190 Overflow 2018-09-05 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)
314 CVE-2018-14615 119 Overflow 2018-07-27 2019-08-13
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative.
315 CVE-2018-14598 20 Overflow 2018-08-24 2019-08-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
316 CVE-2018-14590 119 Overflow 2018-07-24 2018-09-07
5.0
None Remote Low Not required None None Partial
An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp.
317 CVE-2018-14586 119 Overflow 2018-07-24 2018-09-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Mpeg2TsAudioSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp, a different vulnerability than CVE-2018-14532.
318 CVE-2018-14576 190 Overflow 2018-08-03 2021-09-07
5.0
None Remote Low Not required None Partial None
The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable.
319 CVE-2018-14564 119 Overflow 2018-07-23 2018-09-20
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in libthulac.so in THULAC through 2018-02-25. A SEGV can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.
320 CVE-2018-14563 119 Overflow Mem. Corr. 2018-07-23 2018-09-20
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in libthulac.so in THULAC through 2018-02-25. "operator delete" is used with "operator new[]" in the TaggingLearner class in include/cb_tagging_learner.h, possibly leading to memory corruption.
321 CVE-2018-14531 119 Overflow 2018-07-23 2018-09-19
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Bento4 1.5.1-624. There is an unspecified "heap-buffer-overflow" crash in the AP4_HvccAtom class in Core/Ap4HvccAtom.cpp.
322 CVE-2018-14522 119 Overflow 2018-07-23 2019-04-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.
323 CVE-2018-14521 119 Overflow 2018-07-23 2018-09-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc.
324 CVE-2018-14492 787 Overflow 2018-07-21 2020-08-24
5.0
None Remote Low Not required None None Partial
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
325 CVE-2018-14458 787 Overflow 2018-07-20 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
326 CVE-2018-14453 787 Overflow 2018-07-20 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
327 CVE-2018-14451 787 Overflow 2018-07-20 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
328 CVE-2018-14446 787 DoS Overflow 2018-07-20 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted MP4 file.
329 CVE-2018-14444 125 Overflow 2018-07-20 2018-09-17
5.0
None Remote Low Not required None None Partial
libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 in dwgutil.cpp, leading to an out-of-bounds read and application crash.
330 CVE-2018-14443 119 DoS Overflow 2018-07-20 2018-08-23
4.3
None Remote Medium Not required None None Partial
get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).
331 CVE-2018-14378 Overflow 2018-07-17 2018-07-31
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur via an invalid or empty tif argument to TIFFWriteBufferSetup in tif_write.c, and it can be exploited (at a minimum) via the following high-level library API function: TIFFWriteTile.
332 CVE-2018-14375 Overflow 2018-07-17 2018-07-31
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in LibTIFF 4.0.9. A buffer overflow vulnerability can occur via an invalid or empty tif argument to TIFFRGBAImageOK in tif_getimage.c, and it can be exploited (at a minimum) via the following high-level library API functions: TIFFReadRGBAImage, TIFFRGBAImageOK, and TIFFRGBAImageBegin.
333 CVE-2018-14374 Overflow 2018-07-17 2018-07-31
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur via an empty fmt argument to unixErrorHandler in tif_unix.c, and it can be exploited (at a minimum) via the following high-level library API functions: TIFFClientOpen, TIFFFdOpen, TIFFRawStripSize, TIFFCheckTile, TIFFComputeStrip, TIFFReadRawTile, TIFFUnRegisterCODEC, and TIFFWriteEncodedTile.
334 CVE-2018-14373 Overflow 2018-07-17 2018-07-31
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in LibTIFF 4.0.9. In TIFFFindField in tif_dirinfo.c, the structure tif is being dereferenced without first checking that the structure is not empty and has the requested fields (tif_foundfield). In the call sequences following from the affected library functions (TIFFVGetField, TIFFVGetFieldDefaulted, TIFFVStripSize, TIFFScanlineSize, TIFFTileSize, TIFFGetFieldDefaulted, and TIFFGetField), this sanitization of the tif structure is never being done and, hence, using them with an invalid or empty tif structure will trigger a buffer overflow, leading to a crash.
335 CVE-2018-14362 119 Overflow 2018-07-17 2020-05-19
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.
336 CVE-2018-14360 787 Overflow 2018-07-17 2020-05-19
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage.
337 CVE-2018-14359 120 Overflow 2018-07-17 2020-05-19
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.
338 CVE-2018-14358 787 Overflow 2018-07-17 2020-05-20
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.
339 CVE-2018-14352 787 Overflow 2018-07-17 2020-05-20
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.
340 CVE-2018-14350 787 Overflow 2018-07-17 2020-05-20
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.
341 CVE-2018-14346 787 Overflow 2018-07-17 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
342 CVE-2018-14341 190 Overflow 2018-07-19 2020-03-20
7.8
None Remote Low Not required None None Complete
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
343 CVE-2018-14338 119 Overflow 2018-07-17 2018-09-17
6.8
None Remote Medium Not required Partial Partial Partial
samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.
344 CVE-2018-14337 190 Overflow 2018-07-17 2018-09-17
5.0
None Remote Low Not required Partial None None
The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.
345 CVE-2018-14326 190 Overflow Mem. Corr. 2018-07-16 2019-11-17
6.8
None Remote Medium Not required Partial Partial Partial
In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.
346 CVE-2018-14320 119 Exec Code Overflow Mem. Corr. 2018-09-17 2019-10-09
4.3
None Remote Medium Not required Partial None None
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673.
347 CVE-2018-14295 190 Exec Code Overflow 2018-07-31 2018-09-27
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF documents. When parsing shading patterns, the process does not properly validate user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6223.
348 CVE-2018-14290 119 Exec Code Overflow 2018-07-31 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6222.
349 CVE-2018-14088 190 Overflow 2018-07-16 2018-09-12
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the "amount * 1000000000000000" will cause an integer overflow in withdrawToFounders().
350 CVE-2018-14087 190 Overflow 2018-07-16 2020-02-18
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the "msg.value * buyPrice" will cause an integer overflow in the fallback function.
Total number of vulnerabilities : 2121   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.