Lucene search

K

1073 matches found

CVE
CVE
added 2021/10/08 10:15 p.m.134 views

CVE-2021-37957

Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00391EPSS
CVE
CVE
added 2021/12/30 10:15 p.m.134 views

CVE-2021-4181

Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

7.5CVSS7.4AI score0.00053EPSS
CVE
CVE
added 2021/07/22 5:15 a.m.133 views

CVE-2021-1094

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure.

6.1CVSS6AI score0.00073EPSS
CVE
CVE
added 2021/05/21 3:15 p.m.133 views

CVE-2021-31439

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from...

8.8CVSS9.2AI score0.00733EPSS
CVE
CVE
added 2021/10/08 10:15 p.m.133 views

CVE-2021-37964

Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.

4.3CVSS5.2AI score0.0035EPSS
CVE
CVE
added 2021/09/20 6:15 a.m.133 views

CVE-2021-38300

arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture...

7.8CVSS7.5AI score0.00045EPSS
CVE
CVE
added 2021/06/01 8:15 p.m.132 views

CVE-2020-22042

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.

6.5CVSS7.4AI score0.00214EPSS
CVE
CVE
added 2021/04/26 5:15 p.m.132 views

CVE-2021-21219

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

5.5CVSS5.8AI score0.00602EPSS
CVE
CVE
added 2021/10/08 10:15 p.m.132 views

CVE-2021-37956

Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.00482EPSS
CVE
CVE
added 2021/10/08 10:15 p.m.132 views

CVE-2021-37961

Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00637EPSS
CVE
CVE
added 2021/10/08 10:15 p.m.132 views

CVE-2021-37966

Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.8AI score0.00274EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.132 views

CVE-2021-38007

Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00476EPSS
CVE
CVE
added 2021/09/17 6:15 a.m.132 views

CVE-2021-3805

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

7.5CVSS7.4AI score0.00113EPSS
CVE
CVE
added 2021/08/27 7:15 p.m.131 views

CVE-2021-28700

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured.

6.8CVSS5.9AI score0.0028EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.131 views

CVE-2021-4058

Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.01669EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.130 views

CVE-2021-4079

Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.

8.8CVSS8.8AI score0.00992EPSS
CVE
CVE
added 2021/08/10 9:15 p.m.129 views

CVE-2020-21697

A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.

6.5CVSS6.9AI score0.00182EPSS
CVE
CVE
added 2021/10/08 10:15 p.m.129 views

CVE-2021-37969

Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.

7.8CVSS7.7AI score0.00718EPSS
CVE
CVE
added 2021/11/19 5:15 p.m.129 views

CVE-2021-39924

Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

7.5CVSS7.4AI score0.00156EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.129 views

CVE-2021-4059

Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.4AI score0.00348EPSS
CVE
CVE
added 2021/09/08 2:15 p.m.128 views

CVE-2021-28701

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from ...

7.8CVSS7.5AI score0.00051EPSS
CVE
CVE
added 2021/04/26 5:15 p.m.127 views

CVE-2021-21216

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

6.5CVSS6.5AI score0.00938EPSS
CVE
CVE
added 2021/10/08 10:15 p.m.127 views

CVE-2021-37965

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3CVSS4.9AI score0.00263EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.127 views

CVE-2021-38012

Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01475EPSS
CVE
CVE
added 2021/06/02 4:15 p.m.126 views

CVE-2020-22049

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.

6.5CVSS7.4AI score0.01553EPSS
CVE
CVE
added 2021/11/02 10:15 p.m.126 views

CVE-2021-37986

Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.00987EPSS
CVE
CVE
added 2021/11/23 10:15 p.m.126 views

CVE-2021-37998

Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01192EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.126 views

CVE-2021-38015

Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

8.8CVSS8.2AI score0.00094EPSS
CVE
CVE
added 2021/06/02 4:15 p.m.125 views

CVE-2020-22046

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.

6.5CVSS7.2AI score0.00802EPSS
CVE
CVE
added 2021/04/26 5:15 p.m.125 views

CVE-2021-21215

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

6.5CVSS6.5AI score0.00702EPSS
CVE
CVE
added 2021/02/22 2:15 a.m.125 views

CVE-2021-26119

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.

7.5CVSS8.3AI score0.59937EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.125 views

CVE-2021-38018

Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.6AI score0.00803EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.125 views

CVE-2021-38021

Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

6.5CVSS6.5AI score0.00348EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.125 views

CVE-2021-4057

Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.02907EPSS
CVE
CVE
added 2021/04/26 5:15 p.m.124 views

CVE-2021-21217

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

5.5CVSS5.8AI score0.00572EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.124 views

CVE-2021-38009

Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.4AI score0.01139EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.124 views

CVE-2021-38017

Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

8.8CVSS8.2AI score0.001EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.124 views

CVE-2021-4078

Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00573EPSS
CVE
CVE
added 2021/08/10 9:15 p.m.123 views

CVE-2020-21688

A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.

8.8CVSS8.7AI score0.00262EPSS
CVE
CVE
added 2021/04/26 5:15 p.m.123 views

CVE-2021-21218

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

5.5CVSS5.8AI score0.00602EPSS
CVE
CVE
added 2021/02/02 7:15 p.m.123 views

CVE-2021-21289

Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which implicitl...

8.3CVSS7.8AI score0.02503EPSS
CVE
CVE
added 2021/10/12 4:15 p.m.123 views

CVE-2021-41136

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a respon...

3.7CVSS5.8AI score0.00359EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.122 views

CVE-2021-38005

Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01418EPSS
CVE
CVE
added 2021/11/19 5:15 p.m.122 views

CVE-2021-39926

Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file

7.5CVSS7.6AI score0.00178EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.122 views

CVE-2021-4062

Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.01235EPSS
CVE
CVE
added 2021/09/16 9:15 p.m.121 views

CVE-2020-21529

fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.

5.5CVSS5.7AI score0.00181EPSS
CVE
CVE
added 2021/07/22 5:15 a.m.121 views

CVE-2021-1093

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of se...

6.2CVSS5.9AI score0.00068EPSS
CVE
CVE
added 2021/04/30 6:15 a.m.121 views

CVE-2021-31873

An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.

9.8CVSS9.5AI score0.01022EPSS
CVE
CVE
added 2021/01/08 1:15 a.m.120 views

CVE-2021-1056

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.

7.1CVSS6.6AI score0.06411EPSS
CVE
CVE
added 2021/07/22 5:15 a.m.120 views

CVE-2021-1095

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.

5.5CVSS5.6AI score0.00225EPSS
Total number of security vulnerabilities1073