Total
8398 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17230 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | N/A |
| Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. | ||||
| CVE-2018-17206 | 4 Canonical, Debian, Openvswitch and 1 more | 5 Ubuntu Linux, Debian Linux, Openvswitch and 2 more | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. | ||||
| CVE-2018-17072 | 1 Json\+\+ Project | 1 Json\+\+ | 2024-11-21 | N/A |
| JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. | ||||
| CVE-2018-16985 | 1 Lizard Project | 1 Lizard | 2024-11-21 | N/A |
| In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_continue in lz5_compress.c, related to LZ5_compress_fastSmall and MEM_read32. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | ||||
| CVE-2018-16982 | 1 Byvoid | 1 Open Chinese Convert | 2024-11-21 | N/A |
| Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file. | ||||
| CVE-2018-16890 | 8 Canonical, Debian, F5 and 5 more | 11 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 8 more | 2024-11-21 | 7.5 High |
| libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. | ||||
| CVE-2018-16885 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Linux Server and 1 more | 2024-11-21 | N/A |
| A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7. | ||||
| CVE-2018-16855 | 1 Powerdns | 1 Recursor | 2024-11-21 | N/A |
| An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash. | ||||
| CVE-2018-16847 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2024-11-21 | 7.8 High |
| An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process. | ||||
| CVE-2018-16842 | 4 Canonical, Debian, Haxx and 1 more | 6 Ubuntu Linux, Debian Linux, Curl and 3 more | 2024-11-21 | N/A |
| Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. | ||||
| CVE-2018-16764 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-11-21 | N/A |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read. | ||||
| CVE-2018-16667 | 1 Contiki-ng | 1 Contiki-ng. | 2024-11-21 | N/A |
| An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union). | ||||
| CVE-2018-16641 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | N/A |
| ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c. | ||||
| CVE-2018-16640 | 3 Canonical, Imagemagick, Redhat | 3 Ubuntu Linux, Imagemagick, Enterprise Linux | 2024-11-21 | N/A |
| ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. | ||||
| CVE-2018-16451 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 High |
| The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. | ||||
| CVE-2018-16438 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | N/A |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c. | ||||
| CVE-2018-16430 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2024-11-21 | N/A |
| GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. | ||||
| CVE-2018-16429 | 2 Canonical, Gnome | 2 Ubuntu Linux, Glib | 2024-11-21 | N/A |
| GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). | ||||
| CVE-2018-16427 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-11-21 | N/A |
| Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. | ||||
| CVE-2018-16413 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | N/A |
| ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. | ||||