CWE:
 

Topic
Date
Author
High
Google SketchUp lib3ds 3DS Importer Memory Corruption
18.01.2010
CORE


CVEMAP Search Results

CVE
Details
Description
2018-04-25
Medium
CVE-2018-8837

Vendor: Advantech
Software: Webaccess hm...
 

 
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution.

 
2018-04-24
Medium
CVE-2017-2835

Vendor: Freerdp
Software: Freerdp
 

 
An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability.

 
Medium
CVE-2017-2834

Vendor: Freerdp
Software: Freerdp
 

 
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability.

 
Medium
CVE-2017-2812

Vendor: Kakadusoftware
Software: Kakadu sdk
 

 
A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise.

 
Medium
CVE-2017-2811

Vendor: Kakadusoftware
Software: Kakadu sdk
 

 
A code execution vulnerability exists in the Kakadu SDK 7.9's parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise.

 
2018-04-18
High
CVE-2016-10479

Vendor: Qualcomm
Software: Mdm9607 firmware
 

 
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, and SD 820, an arbitrary length value from an incoming message to QMI Proxy can lead to an out-of-bounds write in the stack variable message.

 
2018-04-17
High
CVE-2017-9634

Vendor: Mitsubishielectric
Software: E-designer
 

 
Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.

 
2018-04-12
Medium
CVE-2018-3862

Vendor: Computer-insel
Software: Photoline
 

 
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting

 
Medium
CVE-2018-3861

Vendor: Computer-insel
Software: Photoline
 

 
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.

 
Medium
CVE-2018-3868

Vendor: Computer-insel
Software: Photoline
 

 
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top