Lucene search
K

1077 matches found

RedhatCVE
RedhatCVE
added 2019/10/23 6:5 p.m.23 views

CVE-2019-13699

Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.9AI score0.0108EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/10/16 9:21 p.m.23 views

CVE-2019-13693

Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page...

8.8CVSS4.7AI score0.01243EPSS
Exploits0References4
myhack58
myhack58
added 2019/09/17 12:0 a.m.208 views

In-depth exploration found in the wild iOS exploit chain VI-vulnerability warning-the black bar safety net

In this article, we will Analysis on your iOS device to get the normal permissions of the shell of the WebKit exploit method, where all the vulnerabilities are available on iOS's sandboxed renderer process WebContent implemented shellcode code execution. Although on iOS Chrome will also be affect...

6.8CVSS8.3AI score0.83898EPSS
Exploits15
0day.today
0day.today
added 2019/09/12 12:0 a.m.75 views

Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts Exploit

Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs such as web browsers and constitutes an attack surface for memory corruption bugs, as it...

6.5CVSS7.1AI score0.12096EPSS
Exploits1
exploitpack
exploitpack
added 2019/09/12 12:0 a.m.37 views

Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts

Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs such as the...

Exploits0
Exploit DB
Exploit DB
added 2019/09/12 12:0 a.m.262 views

Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts

Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs such as the Chrome, Firefox and Edge browsers and constitutes an attack surface for memory...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2019/08/06 7:28 a.m.25 views

CVE-2019-5850

Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

9.6CVSS2.6AI score0.01009EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/08/06 7:26 a.m.12 views

CVE-2019-5856

Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page...

8.8CVSS3AI score0.00796EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/08/06 7:22 a.m.39 views

CVE-2019-5862

Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page...

6.5CVSS3.7AI score0.00741EPSS
Exploits0References4
OSV
OSV
added 2019/06/27 5:15 p.m.8 views

CVE-2019-5809

Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page...

8.8CVSS9.1AI score
Exploits0References8
UbuntuCve
UbuntuCve
added 2019/06/27 5:15 p.m.19 views

CVE-2018-6118

A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page...

8.8CVSS7.2AI score0.01495EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/06/27 4:13 p.m.29 views

CVE-2018-6118

A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page...

8.3AI score0.01495EPSS
Exploits0References2
Prion
Prion
added 2019/05/23 8:29 p.m.18 views

Integer overflow

An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page...

9.3CVSS8.5AI score0.07151EPSS
Exploits1References3Affected Software3
UbuntuCve
UbuntuCve
added 2019/05/23 8:29 p.m.27 views

CVE-2019-5788

An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page...

9.3CVSS7.2AI score0.07151EPSS
Exploits1References2
NVD
NVD
added 2019/05/23 8:29 p.m.18 views

CVE-2019-5788

An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page...

9.3CVSS8.5AI score0.07151EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/05/23 7:12 p.m.24 views

CVE-2019-5789

An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page...

8.6AI score0.07287EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/05/23 7:11 p.m.32 views

CVE-2019-5788

An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page...

8.5AI score0.07151EPSS
Exploits1References3
Zero Day Initiative
Zero Day Initiative
added 2019/05/15 12:0 a.m.26 views

Microsoft Edge DownloadOperation Sandbox Escape Vulnerability

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

8.4CVSS2.2AI score0.03442EPSS
Exploits0References1
OSV
OSV
added 2019/01/09 7:29 p.m.0 views

CVE-2018-6141

Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page...

8.8CVSS7.3AI score0.01666EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2019/01/09 7:29 p.m.21 views

CVE-2018-6153

A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page...

8.8CVSS7.2AI score0.01588EPSS
Exploits0References1
Rows per page
Query Builder