Total
6546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10949 | 1 Deltaww | 1 Cncsoft Screeneditor | 2019-10-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files. | |||||
| CVE-2019-10992 | 1 Deltaww | 1 Cnssoft Screeneditor | 2019-10-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files. | |||||
| CVE-2019-11926 | 1 Facebook | 1 Hhvm | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. | |||||
| CVE-2019-10994 | 1 Laquisscada | 1 Scada | 2019-10-09 | 4.3 MEDIUM | 3.3 LOW |
| Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | |||||
| CVE-2018-5380 | 4 Canonical, Debian, Quagga and 1 more | 5 Ubuntu Linux, Debian Linux, Quagga and 2 more | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. | |||||
| CVE-2018-3739 | 1 Https-proxy-agent Project | 1 Https-proxy-agent | 2019-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON). | |||||
| CVE-2018-17895 | 1 Lcds | 1 Laquis Scada | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds read vulnerabilities, which may allow remote code execution. | |||||
| CVE-2018-19020 | 1 Omron | 1 Cx-supervisor | 2019-10-09 | 3.5 LOW | 5.0 MEDIUM |
| When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array. | |||||
| CVE-2018-18994 | 1 Laquisscada | 1 Laquis Scada | 2019-10-09 | 7.8 HIGH | 7.1 HIGH |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration. | |||||
| CVE-2018-18986 | 1 Lcds | 1 Laquis Scada | 2019-10-09 | 8.3 HIGH | 7.8 HIGH |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution. | |||||
| CVE-2018-19004 | 1 Lcds | 1 Laquis Scada | 2019-10-09 | 4.3 MEDIUM | 3.3 LOW |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration. | |||||
| CVE-2018-17701 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JSON objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7132. | |||||
| CVE-2018-17671 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Lower method of a XFA object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6617. | |||||
| CVE-2018-16855 | 1 Powerdns | 1 Recursor | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash. | |||||
| CVE-2018-17693 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7130. | |||||
| CVE-2018-14800 | 1 Deltaww | 1 Ispsoft | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application. | |||||
| CVE-2018-14798 | 1 Fujielectric | 7 Frenic-ace, Frenic-eco, Frenic-mega and 4 more | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure. | |||||
| CVE-2018-15378 | 3 Canonical, Clamav, Debian | 3 Ubuntu Linux, Clamav, Debian Linux | 2019-10-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file. | |||||
| CVE-2018-14790 | 1 Fujielectric | 7 Frenic-ace, Frenic-eco, Frenic-mega and 4 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device. | |||||
| CVE-2018-14819 | 1 Fujielectric | 2 V-server, V-server Firmware | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. | |||||