Lucene search

K

1190 matches found

CVE
CVE
added 2019/02/19 5:29 p.m.241 views

CVE-2019-5769

Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.2AI score0.01655EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.241 views

CVE-2019-5778

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.

6.5CVSS5.9AI score0.00493EPSS
CVE
CVE
added 2019/07/17 8:15 p.m.240 views

CVE-2019-13619

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.

7.5CVSS7.3AI score0.06514EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.240 views

CVE-2019-5775

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5CVSS5.6AI score0.00852EPSS
CVE
CVE
added 2019/10/03 4:15 p.m.239 views

CVE-2018-14880

The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

7.5CVSS8.6AI score0.04236EPSS
CVE
CVE
added 2019/10/03 4:15 p.m.239 views

CVE-2018-14882

The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

7.5CVSS8.6AI score0.01693EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.239 views

CVE-2019-13726

Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

8.8CVSS8.6AI score0.074EPSS
CVE
CVE
added 2019/11/27 4:15 p.m.238 views

CVE-2019-10220

Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.

9.3CVSS8.9AI score0.00709EPSS
CVE
CVE
added 2019/07/01 8:15 p.m.238 views

CVE-2019-13137

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.

6.5CVSS7AI score0.01192EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.238 views

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

6.5CVSS5.6AI score0.00288EPSS
CVE
CVE
added 2019/02/06 9:29 p.m.238 views

CVE-2019-7548

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

7.8CVSS9AI score0.01109EPSS
CVE
CVE
added 2019/11/27 5:15 p.m.237 views

CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

6.1CVSS6.2AI score0.09949EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.237 views

CVE-2019-13736

Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.5AI score0.02375EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.237 views

CVE-2019-13747

Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.2AI score0.02356EPSS
CVE
CVE
added 2019/08/09 1:15 p.m.237 views

CVE-2019-14234

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQ...

9.8CVSS7.9AI score0.19463EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.237 views

CVE-2019-2958

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

5.9CVSS6AI score0.01833EPSS
CVE
CVE
added 2019/01/11 5:29 a.m.237 views

CVE-2019-6128

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

8.8CVSS8.4AI score0.02457EPSS
CVE
CVE
added 2019/03/07 11:29 p.m.237 views

CVE-2019-7175

In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.

7.5CVSS7.8AI score0.00181EPSS
CVE
CVE
added 2019/02/05 12:29 a.m.237 views

CVE-2019-7397

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.

7.5CVSS7.4AI score0.00203EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.236 views

CVE-2019-13737

Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.1AI score0.02568EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.236 views

CVE-2019-13759

Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

4.3CVSS5AI score0.0234EPSS
CVE
CVE
added 2019/10/03 4:15 p.m.235 views

CVE-2018-16230

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

7.5CVSS8.6AI score0.00438EPSS
CVE
CVE
added 2019/09/30 7:15 p.m.235 views

CVE-2019-16276

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

7.5CVSS7.5AI score0.11631EPSS
CVE
CVE
added 2019/01/08 11:29 p.m.235 views

CVE-2019-5716

In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation.

5.5CVSS5.4AI score0.0029EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.235 views

CVE-2019-5758

Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.2AI score0.01655EPSS
CVE
CVE
added 2019/02/06 8:29 p.m.234 views

CVE-2018-16890

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that ...

7.5CVSS8.6AI score0.01104EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.234 views

CVE-2018-18501

Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu...

9.8CVSS8AI score0.03064EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.234 views

CVE-2019-13732

Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.03525EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.234 views

CVE-2019-13763

Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

4.3CVSS4.7AI score0.02019EPSS
CVE
CVE
added 2019/09/05 5:15 p.m.234 views

CVE-2019-15945

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.

6.4CVSS6.2AI score0.0006EPSS
CVE
CVE
added 2019/02/19 5:29 p.m.234 views

CVE-2019-5768

DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.

6.5CVSS5.7AI score0.00488EPSS
CVE
CVE
added 2019/06/17 8:15 p.m.234 views

CVE-2019-8322

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.

7.5CVSS8AI score0.00254EPSS
CVE
CVE
added 2019/08/13 2:15 p.m.233 views

CVE-2017-18509

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue...

7.8CVSS7.7AI score0.00044EPSS
CVE
CVE
added 2019/07/01 2:15 p.m.233 views

CVE-2019-12781

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest....

5.3CVSS5.6AI score0.02419EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.233 views

CVE-2019-2933

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

4.3CVSS3.9AI score0.00721EPSS
CVE
CVE
added 2019/06/17 7:15 p.m.233 views

CVE-2019-8325

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)

7.5CVSS8AI score0.00254EPSS
CVE
CVE
added 2019/03/08 5:29 a.m.233 views

CVE-2019-9631

Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

9.8CVSS6.8AI score0.02876EPSS
CVE
CVE
added 2019/07/11 8:15 p.m.232 views

CVE-2019-1010315

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed ver...

5.5CVSS5.7AI score0.00625EPSS
CVE
CVE
added 2019/04/30 7:29 p.m.232 views

CVE-2019-10131

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.

7.1CVSS7.7AI score0.00074EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.232 views

CVE-2019-13729

Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.03545EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.232 views

CVE-2019-13739

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.4AI score0.01851EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.232 views

CVE-2019-13748

Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6AI score0.00846EPSS
CVE
CVE
added 2019/08/19 10:15 p.m.232 views

CVE-2019-15215

An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.

4.9CVSS6AI score0.00111EPSS
CVE
CVE
added 2019/01/03 4:29 p.m.232 views

CVE-2019-3701

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that...

4.9CVSS6.2AI score0.00089EPSS
CVE
CVE
added 2019/06/27 5:15 p.m.232 views

CVE-2019-5814

Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.00552EPSS
CVE
CVE
added 2019/02/08 11:29 a.m.232 views

CVE-2019-7636

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.

8.1CVSS8.4AI score0.03732EPSS
CVE
CVE
added 2019/10/03 4:15 p.m.231 views

CVE-2018-14464

The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().

7.5CVSS8.6AI score0.0223EPSS
CVE
CVE
added 2019/07/11 8:15 p.m.231 views

CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://git...

5.5CVSS5.9AI score0.01041EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.231 views

CVE-2019-13741

Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.

8.8CVSS7.8AI score0.01702EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.231 views

CVE-2019-13742

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5CVSS6.2AI score0.0234EPSS
Total number of security vulnerabilities1190