Lucene search

K

Backports Security Vulnerabilities

cve
cve

CVE-2019-5822

Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

8.8CVSS

7.7AI Score

0.028EPSS

2019-06-27 05:15 PM
278
cve
cve

CVE-2019-5823

Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

5.4CVSS

5.6AI Score

0.007EPSS

2019-06-27 05:15 PM
191
cve
cve

CVE-2019-5824

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS

8.3AI Score

0.031EPSS

2019-06-27 05:15 PM
260
cve
cve

CVE-2019-5827

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS

8.6AI Score

0.005EPSS

2019-06-27 05:15 PM
426
cve
cve

CVE-2019-5828

Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8CVSS

8.1AI Score

0.045EPSS

2019-06-27 05:15 PM
266
cve
cve

CVE-2019-5829

Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8CVSS

8.2AI Score

0.059EPSS

2019-06-27 05:15 PM
274
cve
cve

CVE-2019-5830

Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS

6.2AI Score

0.011EPSS

2019-06-27 05:15 PM
275
cve
cve

CVE-2019-5831

Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS

8.4AI Score

0.015EPSS

2019-06-27 05:15 PM
296
cve
cve

CVE-2019-5832

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS

6.2AI Score

0.012EPSS

2019-06-27 05:15 PM
267
cve
cve

CVE-2019-5833

Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.

4.3CVSS

4.9AI Score

0.008EPSS

2019-06-27 05:15 PM
269
cve
cve

CVE-2019-5834

Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS

6.3AI Score

0.006EPSS

2019-06-27 05:15 PM
260
cve
cve

CVE-2019-5835

Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

6.5CVSS

6.6AI Score

0.006EPSS

2019-06-27 05:15 PM
239
cve
cve

CVE-2019-5836

Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS

8.6AI Score

0.009EPSS

2019-06-27 05:15 PM
276
cve
cve

CVE-2019-5837

Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS

6.2AI Score

0.012EPSS

2019-06-27 05:15 PM
233
cve
cve

CVE-2019-5838

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.

4.3CVSS

5.1AI Score

0.005EPSS

2019-06-27 05:15 PM
266
cve
cve

CVE-2019-5839

Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.

4.3CVSS

5AI Score

0.008EPSS

2019-06-27 05:15 PM
273
cve
cve

CVE-2019-5840

Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS

4.9AI Score

0.008EPSS

2019-06-27 05:15 PM
230
4
cve
cve

CVE-2019-7443

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this ...

8.1CVSS

7.9AI Score

0.007EPSS

2019-05-07 07:29 PM
115
cve
cve

CVE-2020-0561

Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8CVSS

8AI Score

0.0004EPSS

2020-02-13 07:15 PM
130
cve
cve

CVE-2020-10592

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.

7.5CVSS

7.2AI Score

0.005EPSS

2020-03-23 01:15 PM
156
cve
cve

CVE-2020-10938

GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.

9.8CVSS

9.5AI Score

0.002EPSS

2020-03-24 04:15 PM
189
cve
cve

CVE-2020-14983

The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.

9.8CVSS

9.2AI Score

0.002EPSS

2020-06-22 08:15 PM
117
cve
cve

CVE-2020-15803

Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

6.1CVSS

5.9AI Score

0.079EPSS

2020-07-17 03:15 AM
202
cve
cve

CVE-2020-5202

apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-li...

5.5CVSS

5AI Score

0.0004EPSS

2020-01-21 06:15 PM
117
cve
cve

CVE-2020-6425

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.

5.4CVSS

5.8AI Score

0.003EPSS

2020-03-23 04:15 PM
273
cve
cve

CVE-2020-6431

Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.

4.3CVSS

4.8AI Score

0.006EPSS

2020-04-13 06:15 PM
247
cve
cve

CVE-2020-6432

Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS

4.8AI Score

0.006EPSS

2020-04-13 06:15 PM
171
4
cve
cve

CVE-2020-6433

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS

4.8AI Score

0.006EPSS

2020-04-13 06:15 PM
255
2
cve
cve

CVE-2020-6435

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

4.3CVSS

4.8AI Score

0.006EPSS

2020-04-13 06:15 PM
166
cve
cve

CVE-2020-6437

Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.

4.3CVSS

5AI Score

0.008EPSS

2020-04-13 06:15 PM
267
4
cve
cve

CVE-2020-6439

Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.

8.8CVSS

7.7AI Score

0.008EPSS

2020-04-13 06:15 PM
262
cve
cve

CVE-2020-6440

Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.

4.3CVSS

4.9AI Score

0.003EPSS

2020-04-13 06:15 PM
261
cve
cve

CVE-2020-6441

Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.

4.3CVSS

4.8AI Score

0.009EPSS

2020-04-13 06:15 PM
270
cve
cve

CVE-2020-6442

Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3CVSS

4.7AI Score

0.047EPSS

2020-04-13 06:15 PM
171
cve
cve

CVE-2020-6443

Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.

8.8CVSS

8.2AI Score

0.027EPSS

2020-04-13 06:15 PM
276
cve
cve

CVE-2020-6445

Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5CVSS

6.3AI Score

0.007EPSS

2020-04-13 06:15 PM
164
cve
cve

CVE-2020-6446

Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5CVSS

6.3AI Score

0.007EPSS

2020-04-13 06:15 PM
260
cve
cve

CVE-2020-6452

Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS

8.6AI Score

0.009EPSS

2020-04-13 06:15 PM
176
cve
cve

CVE-2020-6455

Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS

8.4AI Score

0.003EPSS

2020-04-13 06:15 PM
268
cve
cve

CVE-2020-6456

Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.

6.5CVSS

6.4AI Score

0.389EPSS

2020-04-13 06:15 PM
259
cve
cve

CVE-2020-6493

Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS

9.2AI Score

0.014EPSS

2020-06-03 11:15 PM
252
2
cve
cve

CVE-2020-6495

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

6.5CVSS

7AI Score

0.01EPSS

2020-06-03 11:15 PM
245
2
cve
cve

CVE-2020-6610

GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.

6.5CVSS

7.2AI Score

0.001EPSS

2020-01-08 09:15 PM
112
cve
cve

CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

7.8CVSS

7.5AI Score

0.001EPSS

2022-02-19 12:15 AM
158
cve
cve

CVE-2021-46141

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

5.5CVSS

5.2AI Score

0.001EPSS

2022-01-06 04:15 AM
101
cve
cve

CVE-2021-46142

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

5.5CVSS

5.2AI Score

0.001EPSS

2022-01-06 04:15 AM
95
Total number of security vulnerabilities96