Export limit exceeded: 355829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 355829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 355829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 355829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 355829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4726 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6917 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
| In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data. | ||||
| CVE-2018-6612 | 1 Jhead Project | 1 Jhead | 2024-11-21 | 5.5 Medium |
| An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact. | ||||
| CVE-2018-6551 | 1 Gnu | 1 Glibc | 2024-11-21 | N/A |
| The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. | ||||
| CVE-2018-6543 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-6485 | 4 Gnu, Netapp, Oracle and 1 more | 16 Glibc, Cloud Backup, Data Ontap Edge and 13 more | 2024-11-21 | N/A |
| An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. | ||||
| CVE-2018-6412 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. | ||||
| CVE-2018-6323 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-6315 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-11-21 | N/A |
| The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. | ||||
| CVE-2018-6191 | 1 Artifex | 1 Mujs | 2024-11-21 | N/A |
| The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation. | ||||
| CVE-2018-6174 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page. | ||||
| CVE-2018-6133 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||||
| CVE-2018-6120 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. | ||||
| CVE-2018-6106 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page. | ||||
| CVE-2018-6100 | 4 Apple, Debian, Google and 1 more | 7 Mac Os X, Debian Linux, Chrome and 4 more | 2024-11-21 | N/A |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||||
| CVE-2018-6097 | 4 Apple, Debian, Google and 1 more | 7 Macos, Debian Linux, Chrome and 4 more | 2024-11-21 | N/A |
| Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page. | ||||
| CVE-2018-6092 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Linux Desktop and 3 more | 2024-11-21 | N/A |
| An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | ||||
| CVE-2018-6091 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2018-6090 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Linux Desktop and 3 more | 2024-11-21 | N/A |
| An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | ||||
| CVE-2018-6072 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Linux Desktop and 3 more | 2024-11-21 | N/A |
| An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||||
| CVE-2018-6071 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Linux Desktop and 3 more | 2024-11-21 | N/A |
| An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||