Export limit exceeded: 29926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44135 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12150 | 1 Intel | 1 Extreme Tuning Utility | 2024-11-21 | N/A |
| Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local access. | ||||
| CVE-2018-12149 | 1 Intel | 1 Extreme Tuning Utility | 2024-11-21 | N/A |
| Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access. | ||||
| CVE-2018-12116 | 3 Nodejs, Redhat, Suse | 5 Node.js, Rhel Software Collections, Suse Enterprise Storage and 2 more | 2024-11-21 | 7.5 High |
| Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server. | ||||
| CVE-2018-12115 | 2 Nodejs, Redhat | 5 Node.js, Openshift, Openshift Application Runtimes and 2 more | 2024-11-21 | N/A |
| In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written. | ||||
| CVE-2018-12113 | 1 Coreftp | 1 Core Ftp | 2024-11-21 | N/A |
| Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response. | ||||
| CVE-2018-12112 | 1 Md4c Project | 1 Md4c | 2024-11-21 | N/A |
| md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file. | ||||
| CVE-2018-12098 | 1 Liblnk Project | 1 Liblnk | 2024-11-21 | N/A |
| The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub | ||||
| CVE-2018-12097 | 1 Liblnk Project | 1 Liblnk | 2024-11-21 | N/A |
| The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub | ||||
| CVE-2018-12096 | 1 Liblnk Project | 1 Liblnk | 2024-11-21 | N/A |
| The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub | ||||
| CVE-2018-12092 | 1 Tinyexr Project | 1 Tinyexr | 2024-11-21 | N/A |
| tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code. | ||||
| CVE-2018-12085 | 4 Canonical, Liblouis, Opensuse and 1 more | 4 Ubuntu Linux, Liblouis, Leap and 1 more | 2024-11-21 | N/A |
| Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. | ||||
| CVE-2018-12070 | 1 Sec Project | 1 Sec | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | ||||
| CVE-2018-12068 | 1 Tgtcoins | 1 Target Coin | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | ||||
| CVE-2018-12067 | 1 Substratum | 1 Substratum | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | ||||
| CVE-2018-12064 | 1 Tinyexr Project | 1 Tinyexr | 2024-11-21 | N/A |
| tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h. | ||||
| CVE-2018-12063 | 1 Intchain | 1 Node Token | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | ||||
| CVE-2018-12062 | 1 Swft | 1 Swftcoin | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | ||||
| CVE-2018-12036 | 1 Owasp | 1 Dependency-check | 2024-11-21 | N/A |
| OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames. | ||||
| CVE-2018-12034 | 1 Virustotal | 1 Yara | 2024-11-21 | N/A |
| In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c. | ||||
| CVE-2018-12025 | 1 Futurxe | 1 Futurxe | 2024-11-21 | N/A |
| The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is smaller than or equal to allowed value, the transfer session would stop execution by returning false. This makes no sense, because the transferFrom() function should require the transferring value to not exceed the allowed value in the first place. Suppose this function asks for the allowed value to be smaller than the input. Then, the attacker could easily ignore the allowance: after this condition, the `allowed[from][msg.sender] -= value;` would cause an underflow because the allowed part is smaller than the value. The attacker could transfer any amount of FuturXe tokens of any accounts to an appointed account (the `_to` address) because the allowed value is initialized to 0, and the attacker could bypass this restriction even without the victim's private key. | ||||