Export limit exceeded: 10624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10624 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9996 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression. | ||||
| CVE-2018-9918 | 2 Canonical, Qpdf Project | 2 Ubuntu Linux, Qpdf | 2024-11-21 | N/A |
| libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted. | ||||
| CVE-2018-9582 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112031362. | ||||
| CVE-2018-9322 | 1 Bmw | 2 Head Unit Hu Nbt, Head Unit Hu Nbt Firmware | 2024-11-21 | N/A |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell. | ||||
| CVE-2018-9320 | 1 Bmw | 2 Head Unit Hu Nbt, Head Unit Hu Nbt Firmware | 2024-11-21 | N/A |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. | ||||
| CVE-2018-9318 | 1 Bmw | 2 Telematics Control Unit, Telematics Control Unit Firmware | 2024-11-21 | N/A |
| The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network. | ||||
| CVE-2018-9314 | 1 Bmw | 2 Head Unit Hu Nbt, Head Unit Hu Nbt Firmware | 2024-11-21 | N/A |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access. | ||||
| CVE-2018-9313 | 1 Bmw | 2 Head Unit Hu Nbt, Head Unit Hu Nbt Firmware | 2024-11-21 | N/A |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot. | ||||
| CVE-2018-9312 | 1 Bmw | 2 Head Unit Hu Nbt, Head Unit Hu Nbt Firmware | 2024-11-21 | N/A |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. | ||||
| CVE-2018-9311 | 1 Bmw | 2 Telematics Control Unit, Telematics Control Unit Firmware | 2024-11-21 | N/A |
| The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network. | ||||
| CVE-2018-9303 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | N/A |
| In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort. | ||||
| CVE-2018-9263 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. | ||||
| CVE-2018-9260 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. | ||||
| CVE-2018-9259 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. | ||||
| CVE-2018-9252 | 1 Jasper Project | 1 Jasper | 2024-11-21 | N/A |
| JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c. | ||||
| CVE-2018-9154 | 1 Jasper Project | 1 Jasper | 2024-11-21 | N/A |
| There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745. | ||||
| CVE-2018-9145 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | N/A |
| In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file. | ||||
| CVE-2018-9138 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. | ||||
| CVE-2018-9116 | 1 Wiremock | 1 Wiremock | 2024-11-21 | N/A |
| An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service. | ||||
| CVE-2018-9055 | 1 Jasper Project | 1 Jasper | 2024-11-21 | N/A |
| JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. | ||||