CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

984 matches found

Cvelist•added 2019/06/27 4:13 p.m.•16 views

CVE-2018-6157

Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

8.5AI score0.00825EPSS

Exploits0References2

Cvelist•added 2019/06/27 4:13 p.m.•34 views

CVE-2018-6132

Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file...

4.4AI score0.00868EPSS

Exploits0References2

CVE•added 2019/06/27 4:13 p.m.•267 views

CVE-2018-6156

CVE-2018-6156 affects Google Chrome/WebRTC: an incorrect derivation of a packet length in WebRTC can cause a heap-based buffer overflow, enabling potential remote arbitrary code execution via a crafted video file. The security notes in connected docs indicate the fix was applied in chrome-related...

8.8CVSS8.4AI score0.00861EPSS

Exploits0References3Affected Software1

Cvelist•added 2019/06/27 4:13 p.m.•25 views

CVE-2018-6155

Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

7AI score0.00675EPSS

Exploits0References2

CVE•added 2019/06/27 4:13 p.m.•117 views

CVE-2018-6155

CVE-2018-6155 is a use-after-free in the VP8 handling path (libvpx) used by WebRTC/video processing. Exploitation could arise from processing crafted VP8 frames, potentially affecting Chrome/WebRTC users prior to version 68.0.3440.75. The vulnerability is rooted in VP8 parsing/processing (frames ...

6.5CVSS6.9AI score0.00675EPSS

Exploits0References2Affected Software1

AlpineLinux•added 2019/06/27 4:13 p.m.•43 views

CVE-2018-6156

Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

8.8CVSS8.6AI score0.00861EPSS

Exploits0

CVE•added 2019/06/27 4:13 p.m.•119 views

CVE-2018-6157

CVE-2018-6157 is a type-confusion vulnerability in WebRTC within Google Chrome (pre-68.0.3440.75). A crafted video packet can cause the H264 parser to mis-handle data, leading to potential heap corruption. Affected product: Google Chrome/WebRTC; impact described as heap corruption via crafted vid...

8.8CVSS8.3AI score0.00825EPSS

Exploits0References2Affected Software1

Debian CVE•added 2019/06/27 4:13 p.m.•27 views

CVE-2018-6156

Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

8.8CVSS9.7AI score0.00861EPSS

Exploits0

Debian CVE•added 2019/06/27 4:13 p.m.•36 views

CVE-2018-6155

Removed by vendor...

6.5CVSS8AI score0.00675EPSS

Exploits0

Debian CVE•added 2019/06/27 4:13 p.m.•23 views

CVE-2018-6157

Removed by vendor...

8.8CVSS9.3AI score0.00825EPSS

Exploits0

Debian CVE•added 2019/06/27 4:13 p.m.•23 views

CVE-2018-6132

Removed by vendor...

4.3CVSS7.3AI score0.00868EPSS

Exploits0

The Hacker News•added 2019/06/21 7:23 p.m.•2 views

Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer

If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. That's because VLC media player software versions...

9.8CVSS8AI score0.05295EPSS

Exploits0

RedhatCVE•added 2019/05/09 7:19 a.m.•29 views

CVE-2019-9718

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ffhtmlmarkuptoass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...

6.5CVSS5.1AI score0.01565EPSS

Exploits0References3

RedHat Linux•added 2019/05/07 5:6 p.m.•16 views

chromium-browser: Uninitialized value in media reader

Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file...

6.5CVSS7.4AI score0.01614EPSS

Exploits0References5

Veracode•added 2019/05/02 5:46 a.m.•20 views

Denial Of Service (DoS)

mozilla firefox is vulnerable to heap-based buffer overflow vulnerability. This can be triggered using a malformed video file due to incorrect error handling. A remote attacker can execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin GMP sandbox bypass...

6.3CVSS8.5AI score0.04615EPSS

Exploits0References15Affected Software1

FireEye•added 2019/04/25 9:0 a.m.•16 views

CARBANAK Week Part Four: The CARBANAK Desktop Video Player

Part One, Part Two and Part Three of CARBANAK Week are behind us. In this final blog post, we dive into one of the more interesting tools that is part of the CARBANAK toolset. The CARBANAK authors wrote their own video player and we happened to come across an interesting video capture from CARBAN...

Exploits0References9

RedhatCVE•added 2019/04/25 8:24 a.m.•20 views

CVE-2019-5818

Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file...

6.5CVSS4.6AI score0.01614EPSS

Exploits0References4

Prion•added 2019/03/12 9:29 a.m.•22 views

Format string

A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handleopenbrace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...

4.3CVSS6.2AI score0.01423EPSS

Exploits0References4Affected Software2

Prion•added 2019/03/12 9:29 a.m.•24 views

Format string

4.3CVSS6.2AI score0.01565EPSS

Exploits0References6Affected Software3