Export limit exceeded: 10162 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43171 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6930 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | N/A |
| A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file. | ||||
| CVE-2018-6927 | 4 Canonical, Debian, Linux and 1 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2024-11-21 | N/A |
| The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. | ||||
| CVE-2018-6917 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
| In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data. | ||||
| CVE-2018-6913 | 3 Canonical, Debian, Perl | 3 Ubuntu Linux, Debian Linux, Perl | 2024-11-21 | N/A |
| Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. | ||||
| CVE-2018-6912 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | N/A |
| The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. | ||||
| CVE-2018-6909 | 1 Rainmachine | 1 Rainmachine Web Application | 2024-11-21 | N/A |
| A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request. | ||||
| CVE-2018-6892 | 1 Cloudme | 1 Sync | 2024-11-21 | N/A |
| An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution. | ||||
| CVE-2018-6876 | 2 Imagemagick, Libfpx Project | 2 Imagemagick, Libfpx | 2024-11-21 | N/A |
| The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image. | ||||
| CVE-2018-6875 | 2 Keepkey, Shapeshift | 2 Keepkey, Keepkey Firmware | 2024-11-21 | N/A |
| Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks. | ||||
| CVE-2018-6872 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment. | ||||
| CVE-2018-6857 | 1 Sophos | 3 Safeguard Easy Device Encryption Client, Safeguard Enterprise Client, Safeguard Lan Crypt Client | 2024-11-21 | N/A |
| Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. By crafting an input buffer we can control the execution path to the point where the constant 0x12 will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context. | ||||
| CVE-2018-6856 | 1 Sophos | 3 Safeguard Easy Device Encryption Client, Safeguard Enterprise Client, Safeguard Lan Crypt Client | 2024-11-21 | N/A |
| Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM. | ||||
| CVE-2018-6855 | 1 Sophos | 3 Safeguard Easy Device Encryption Client, Safeguard Enterprise Client, Safeguard Lan Crypt Client | 2024-11-21 | N/A |
| Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014. By crafting an input buffer we can control the execution path to the point where the constant 0xFFFFFFF will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context. | ||||
| CVE-2018-6854 | 1 Sophos | 3 Safeguard Easy Device Encryption Client, Safeguard Enterprise Client, Safeguard Lan Crypt Client | 2024-11-21 | N/A |
| Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B, 0x8810200F, 0x8810201B, 0x8810201F, 0x8810202B, 0x8810202F, 0x8810203F, 0x8810204B, 0x88102003, 0x88102007, 0x88102013, 0x88102017, 0x88102027, 0x88102033, 0x88102037, 0x88102043, and 0x88102047. When some conditions in the user-controlled input buffer are not met, the driver writes an error code (0x2000001A) to a user-controlled address. Also, note that all the aforementioned IOCTLs use transfer type METHOD_NEITHER, which means that the I/O manager does not validate any of the supplied pointers and buffer sizes. So, even though the driver checks for input/output buffer sizes, it doesn't validate if the pointers to those buffers are actually valid. So, we can supply a pointer for the output buffer to a kernel address space address, and the error code will be written there. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context. | ||||
| CVE-2018-6853 | 1 Sophos | 3 Safeguard Easy Device Encryption Client, Safeguard Enterprise Client, Safeguard Lan Crypt Client | 2024-11-21 | N/A |
| Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM. | ||||
| CVE-2018-6852 | 1 Sophos | 3 Safeguard Easy Device Encryption Client, Safeguard Enterprise Client, Safeguard Lan Crypt Client | 2024-11-21 | N/A |
| Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset function is called to zero out contents of a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM. | ||||
| CVE-2018-6851 | 1 Sophos | 3 Safeguard Easy Device Encryption Client, Safeguard Enterprise Client, Safeguard Lan Crypt Client | 2024-11-21 | N/A |
| Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. By crafting an input buffer we can control the execution path to the point where the constant DWORD 0 will be written to a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM. | ||||
| CVE-2018-6836 | 1 Wireshark | 1 Wireshark | 2024-11-21 | N/A |
| The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-6799 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-11-21 | N/A |
| The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. | ||||
| CVE-2018-6798 | 4 Canonical, Debian, Perl and 1 more | 6 Ubuntu Linux, Debian Linux, Perl and 3 more | 2024-11-21 | N/A |
| An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. | ||||