Export limit exceeded: 19720 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19720 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6462 | 1 Tracker-software | 2 Pdf-xchange Viewer, Viewer Ax Sdk | 2024-11-21 | N/A |
| Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document. | ||||
| CVE-2018-6444 | 2 Brocade, Netapp | 2 Network Advisor, Brocade Network Advisor | 2024-11-21 | N/A |
| A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands. | ||||
| CVE-2018-6388 | 1 Iball | 2 Ib-wra150n, Ib-wra150n Firmware | 2024-11-21 | N/A |
| iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page. | ||||
| CVE-2018-6358 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-11-21 | N/A |
| The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file. | ||||
| CVE-2018-6353 | 1 Electrum | 1 Electrum | 2024-11-21 | N/A |
| The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022. | ||||
| CVE-2018-6345 | 1 Facebook | 1 Hhvm | 2024-11-21 | 9.8 Critical |
| The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below). | ||||
| CVE-2018-6304 | 1 Gemalto | 1 Sentinel Ldk Rte | 2024-11-21 | N/A |
| Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service | ||||
| CVE-2018-6240 | 1 Google | 1 Android | 2024-11-21 | N/A |
| NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address | ||||
| CVE-2018-6235 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+, Internet Security and 2 more | 2024-11-21 | N/A |
| An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2018-6231 | 1 Trendmicro | 1 Smart Protection Server | 2024-11-21 | N/A |
| A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations. | ||||
| CVE-2018-6222 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | N/A |
| Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system. | ||||
| CVE-2018-6211 | 2 D-link, Dlink | 2 Dir-620 Firmware, Dir-620 | 2024-11-21 | N/A |
| On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi. | ||||
| CVE-2018-6187 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-11-21 | N/A |
| In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file. | ||||
| CVE-2018-6170 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||||
| CVE-2018-6162 | 4 Apple, Debian, Google and 1 more | 7 Macos, Debian Linux, Chrome and 4 more | 2024-11-21 | N/A |
| Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2018-6156 | 3 Canonical, Google, Redhat | 3 Ubuntu Linux, Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | ||||
| CVE-2018-6155 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | N/A |
| Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | ||||
| CVE-2018-6154 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | N/A |
| Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2018-6153 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. | ||||
| CVE-2018-6149 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | N/A |
| Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | ||||