CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Memory Corruption)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2018-14551 119 Overflow Mem. Corr. 2018-07-23 2018-10-05
7.5
None Remote Low Not required Partial Partial Partial
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
202 CVE-2018-14496 119 Exec Code Overflow Mem. Corr. 2019-07-10 2019-09-19
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance.
203 CVE-2018-14379 704 DoS Mem. Corr. 2018-07-18 2018-09-19
6.8
None Remote Medium Not required Partial Partial Partial
MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion.
204 CVE-2018-14326 190 Overflow Mem. Corr. 2018-07-16 2018-09-12
6.8
None Remote Medium Not required Partial Partial Partial
In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.
205 CVE-2018-14325 191 Mem. Corr. 2018-07-16 2018-09-12
6.8
None Remote Medium Not required Partial Partial Partial
In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.
206 CVE-2018-14320 119 Exec Code Overflow Mem. Corr. 2018-09-17 2019-10-09
4.3
None Remote Medium Not required Partial None None
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673.
207 CVE-2018-13988 125 DoS Mem. Corr. 2018-07-25 2019-04-25
4.3
None Remote Medium Not required None None Partial
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
208 CVE-2018-13095 476 DoS Mem. Corr. 2018-07-03 2019-06-04
4.3
None Remote Medium Not required None None Partial
An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.
209 CVE-2018-12889 119 Overflow Mem. Corr. 2018-06-26 2018-08-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c.
210 CVE-2018-12811 119 Exec Code Overflow Mem. Corr. 2018-08-29 2018-10-25
7.5
None Remote Low Not required Partial Partial Partial
Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.
211 CVE-2018-12810 119 Exec Code Overflow Mem. Corr. 2018-08-29 2018-10-25
7.5
None Remote Low Not required Partial Partial Partial
Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.
212 CVE-2018-12376 119 Overflow Mem. Corr. 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
213 CVE-2018-12375 119 Overflow Mem. Corr. 2018-10-18 2018-12-06
6.8
None Remote Medium Not required Partial Partial Partial
Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.
214 CVE-2018-12233 119 Overflow Mem. Corr. 2018-06-12 2018-08-29
6.8
None Remote Medium Not required Partial Partial Partial
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.
215 CVE-2018-12214 119 Exec Code Overflow Mem. Corr. 2019-03-14 2019-04-04
7.2
None Local Low Not required Complete Complete Complete
Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access.
216 CVE-2018-12213 119 DoS Overflow Mem. Corr. 2019-03-14 2019-04-04
2.1
None Local Low Not required None None Partial
Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.
217 CVE-2018-11919 119 Overflow Mem. Corr. 2018-11-27 2018-12-21
4.6
None Local Low Not required Partial Partial Partial
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in SOC infrastructure.
218 CVE-2018-11425 119 Overflow Mem. Corr. 2019-07-03 2019-07-10
7.5
None Remote Low Not required Partial Partial Partial
Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424.
219 CVE-2018-11424 476 Mem. Corr. 2019-07-03 2019-07-10
7.8
None Remote Low Not required None None Complete
There is Memory corruption in the web interface of Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11425.
220 CVE-2018-11423 119 Overflow Mem. Corr. 2019-07-03 2019-07-10
7.8
None Remote Low Not required None None Complete
There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, different vulnerability than CVE-2018-11420.
221 CVE-2018-11420 400 Mem. Corr. 2019-07-03 2019-07-10
7.5
None Remote Low Not required Partial Partial Partial
There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.
222 CVE-2018-11270 415 Mem. Corr. 2018-09-18 2018-11-09
4.6
None Local Low Not required Partial Partial Partial
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption.
223 CVE-2018-11218 119 Overflow Mem. Corr. 2018-06-17 2019-07-25
7.5
None Remote Low Not required Partial Partial Partial
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
224 CVE-2018-10751 190 Overflow Mem. Corr. 2018-05-29 2018-07-20
5.4
None Remote High Not required None None Complete
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.
225 CVE-2018-10750 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
226 CVE-2018-10749 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
227 CVE-2018-10748 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
228 CVE-2018-10747 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
229 CVE-2018-10746 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
230 CVE-2018-10713 119 Exec Code Overflow Mem. Corr. 2018-05-03 2018-06-12
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
231 CVE-2018-10664 119 Overflow Mem. Corr. 2018-06-26 2018-08-20
5.0
None Remote Low Not required None None Partial
An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption.
232 CVE-2018-10659 119 DoS Overflow Mem. Corr. 2018-06-26 2018-08-20
5.0
None Remote Low Not required None None Partial
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction.
233 CVE-2018-10658 119 DoS Overflow Mem. Corr. 2018-06-26 2018-08-20
5.0
None Remote Low Not required None None Partial
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.
234 CVE-2018-9838 190 DoS Exec Code Overflow Mem. Corr. 2018-04-06 2018-05-15
7.5
None Remote Low Not required Partial Partial Partial
The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object.
235 CVE-2018-9568 704 Mem. Corr. 2018-12-06 2019-09-10
7.2
None Local Low Not required Complete Complete Complete
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.
236 CVE-2018-9517 416 Mem. Corr. 2018-12-07 2019-04-02
7.2
None Local Low Not required Complete Complete Complete
In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.
237 CVE-2018-9515 119 Overflow Mem. Corr. 2018-10-02 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A
238 CVE-2018-9513 415 Mem. Corr. 2018-10-02 2018-11-20
7.2
None Local Low Not required Complete Complete Complete
In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A
239 CVE-2018-9465 416 Mem. Corr. 2018-11-06 2018-12-12
4.6
None Local Low Not required Partial Partial Partial
In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel.
240 CVE-2018-9446 787 Exec Code Mem. Corr. 2018-11-06 2018-12-12
10.0
None Remote Low Not required Complete Complete Complete
In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946.
241 CVE-2018-9336 415 Mem. Corr. 2018-05-01 2018-06-13
4.6
None Local Low Not required Partial Partial Partial
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.
242 CVE-2018-8800 119 Exec Code Overflow Mem. Corr. 2019-02-05 2019-09-14
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
243 CVE-2018-8797 119 Exec Code Overflow Mem. Corr. 2019-02-05 2019-09-14
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
244 CVE-2018-8795 190 Exec Code Overflow Mem. Corr. 2019-02-05 2019-09-14
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
245 CVE-2018-8794 190 Exec Code Overflow Mem. Corr. 2019-02-05 2019-09-14
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
246 CVE-2018-8793 119 Exec Code Overflow Mem. Corr. 2019-02-05 2019-09-14
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
247 CVE-2018-8788 787 Exec Code Mem. Corr. 2018-11-29 2019-06-03
7.5
None Remote Low Not required Partial Partial Partial
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
248 CVE-2018-8787 190 Exec Code Overflow Mem. Corr. 2018-11-29 2019-06-03
7.5
None Remote Low Not required Partial Partial Partial
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
249 CVE-2018-8786 119 Exec Code Overflow Mem. Corr. 2018-11-29 2019-06-03
7.5
None Remote Low Not required Partial Partial Partial
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
250 CVE-2018-8785 119 Exec Code Overflow Mem. Corr. 2018-11-29 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.
Total number of vulnerabilities : 5333   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.