CVE-2018-20788

drivers/leds/leds-aw2023.c in the led driver for custom Linux kernels on the Xiaomi Redmi 6pro daisy-o-oss phone has several integer overflows because of a left-shifting operation when the right-hand operand can be equal to or greater than the integer length. This can be exploited by a crafted...

SUSE SLED12 / SLES12 Security Update : procps (SUSE-SU-2019:0450-1)

This update for procps fixes the following security issues : CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the...

Arbitrary Code Execution

procps is vulnerable to arbitrary code execution attacks. The vulnerability exists as procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in...

Arbitrary Code Execution

curl is vulnerable to arbitrary code execution attacks. The vulnerability exists as multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length...

Denial Of Service (DoS)

gegl is vulnerable to denial of service DoS attacks. The vulnerability exists as multiple integer overflows in operations/external/ppm-load.c in GEGL Generic Graphics Library 0.2.0 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a large...

Denial Of Service (DoS)

xorg-x11-apps is vulnerable to denial of service DoS attacks. The vulnerability exists due to multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors relat...

CVE-2018-6174

Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page...

CVE-2018-6174

Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page...

CVE-2018-6174

CVE-2018-6174 : An integer overflow in the SwiftShader library used by Google Chrome/Chromium prior to 68.0.3440.75 allows remote code execution via a crafted HTML page. Public notes across connected sources confirm the issue in Chromium/Chrome’s SwiftShader component, with Debian/DSA and Gentoo ...

CVE-2018-6174

Removed by vendor...

Debian: Security Advisory (DLA-1631-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES11 Security Update : kvm (SUSE-SU-2018:3987-1)

This update for kvm fixes the following issues : Security issues fixed : CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use...

Debian DSA-4338-1 : qemu - security update

Integer overflows in the processing of packets in network cards emulated by QEMU, a fast processor emulator, could result in denial of service. In addition this update backports support to passthrough the new CPU features added in the intel-microcode update shipped in DSA 4273 to x86-based guests...

Debian: Security Advisory (DSA-4338-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

spice-server security update

0.12.4-16.2 - Prevent potential buffer/integer overflows with invalid MonitorsConfig messages sent from an authenticated client Resolves: CVE-2017-7506 0.12.4-16.1 - Fix flexible array buffer overflow Resolves: rhbz1596008...

EulerOS Virtualization 2.5.0 : procps-ng (EulerOS-SA-2018-1340)

According to the versions of the procps-ng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory...

openSUSE: Security Advisory for exiv2 (openSUSE-SU-2018:3306-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for exiv2 (moderate)

This update for exiv2 fixes the following issues: exiv2 was updated to latest 0.26 branch, fixing bugs and security issues: - CVE-2018-12264, CVE-2018-12265: Integer overflows in the LoaderExifJpeg class could lead to memory corruption bsc1097599...

CVE-2018-18438

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value...

CVE-2018-16070

Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...