CWE hub
This hub groups CVEs that NVD maps to CWE-118, so you can review recent disclosures, common vendors, and related weakness patterns in one place.
Mapped CVEs
13
Records currently returned for this weakness id.
Top vendor
qualcomm
2 mapped CVEs in the aggregate scan.
Top product
android
1 mapped CVEs in the aggregate scan.
KEV on page
0
Visible rows already present in the CISA KEV catalog.
Top products
Related CWEs
Search results
Showing 1-13 of 13 vulnerabilities.
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.
CVSS
5.5
MEDIUM
Published
Jan 11, 2019
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, made changes to map the scan type value to an index value that is in range.
CVSS
9.8
CRITICAL
Published
Apr 18, 2018
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9645, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, bounds check is missing for vtable index in DAL-TO-QDI conversion framework.
CVSS
9.8
CRITICAL
Published
Apr 18, 2018
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition.
CVSS
7.8
HIGH
Published
Apr 17, 2018
The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.
CVSS
9.8
CRITICAL
Published
Mar 29, 2018
The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.
CVSS
9.8
CRITICAL
Published
Mar 29, 2018
The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.
CVSS
9.8
CRITICAL
Published
Mar 29, 2018
The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.
CVSS
9.8
CRITICAL
Published
Mar 29, 2018
The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.
CVSS
9.8
CRITICAL
Published
Mar 29, 2018
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.
CVSS
6.5
MEDIUM
Published
Dec 22, 2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.
CVSS
9.8
CRITICAL
Published
Aug 18, 2017
In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.
CVSS
5.3
MEDIUM
Published
May 9, 2017
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
CVSS
7.8
HIGH
Published
Feb 28, 2017
