Lucene search

K

1073 matches found

CVE
CVE
added 2021/11/02 10:15 p.m.120 views

CVE-2021-37983

Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01308EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.120 views

CVE-2021-38019

Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.4AI score0.01139EPSS
CVE
CVE
added 2021/12/14 2:15 p.m.119 views

CVE-2021-44538

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted seq...

9.8CVSS9.4AI score0.01416EPSS
CVE
CVE
added 2021/09/01 6:15 a.m.118 views

CVE-2021-33582

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

7.5CVSS7.1AI score0.0373EPSS
CVE
CVE
added 2021/07/18 4:15 a.m.118 views

CVE-2021-36773

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).

7.5CVSS7.4AI score0.01085EPSS
CVE
CVE
added 2021/09/09 3:15 p.m.117 views

CVE-2020-19144

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.

6.5CVSS6.5AI score0.00263EPSS
CVE
CVE
added 2021/11/02 10:15 p.m.117 views

CVE-2021-37988

Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01094EPSS
CVE
CVE
added 2021/11/02 10:15 p.m.117 views

CVE-2021-37990

Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.

5.5CVSS5.8AI score0.00342EPSS
CVE
CVE
added 2021/11/23 10:15 p.m.117 views

CVE-2021-38002

Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.3AI score0.00827EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.117 views

CVE-2021-38022

Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.4AI score0.00948EPSS
CVE
CVE
added 2021/09/03 2:15 p.m.117 views

CVE-2021-39191

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported t...

6.1CVSS5.3AI score0.00406EPSS
CVE
CVE
added 2021/03/10 8:15 a.m.116 views

CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execut...

6.1CVSS6.7AI score0.04293EPSS
CVE
CVE
added 2021/05/25 6:15 p.m.116 views

CVE-2020-20446

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service.

6.5CVSS7.5AI score0.00413EPSS
CVE
CVE
added 2021/11/02 10:15 p.m.116 views

CVE-2021-37991

Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7.5CVSS7.8AI score0.0117EPSS
CVE
CVE
added 2021/11/02 10:15 p.m.116 views

CVE-2021-37994

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

6.5CVSS6.5AI score0.00342EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.116 views

CVE-2021-4056

Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.00512EPSS
CVE
CVE
added 2021/09/20 4:15 p.m.115 views

CVE-2021-32278

An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution.

7.8CVSS7.3AI score0.00148EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.115 views

CVE-2021-4053

Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00634EPSS
CVE
CVE
added 2021/06/02 4:15 p.m.114 views

CVE-2020-22048

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.

6.5CVSS7AI score0.00705EPSS
CVE
CVE
added 2021/04/30 6:15 a.m.114 views

CVE-2021-31870

An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow.

9.8CVSS9.5AI score0.01252EPSS
CVE
CVE
added 2021/11/02 10:15 p.m.114 views

CVE-2021-37985

Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01094EPSS
CVE
CVE
added 2021/11/02 10:15 p.m.114 views

CVE-2021-37995

Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.4AI score0.00355EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.114 views

CVE-2021-38010

Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

6.5CVSS6.5AI score0.00357EPSS
CVE
CVE
added 2021/05/27 7:15 p.m.112 views

CVE-2020-10729

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are...

5.5CVSS5.4AI score0.00056EPSS
CVE
CVE
added 2021/09/16 9:15 p.m.112 views

CVE-2020-21531

fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.

5.5CVSS5.7AI score0.00119EPSS
CVE
CVE
added 2021/09/20 4:15 p.m.112 views

CVE-2021-32280

An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.

5.5CVSS5.3AI score0.00092EPSS
CVE
CVE
added 2021/12/22 6:15 p.m.112 views

CVE-2021-37706

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before perfor...

9.8CVSS8.6AI score0.00133EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.112 views

CVE-2021-4052

Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

8.8CVSS8.8AI score0.00102EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.112 views

CVE-2021-4054

Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.4AI score0.00345EPSS
CVE
CVE
added 2021/05/25 8:15 p.m.111 views

CVE-2020-20453

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service

6.5CVSS7.5AI score0.0028EPSS
CVE
CVE
added 2021/07/14 1:15 p.m.111 views

CVE-2021-24119

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single st...

4.9CVSS4.9AI score0.00354EPSS
CVE
CVE
added 2021/11/23 10:15 p.m.111 views

CVE-2021-37997

Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00989EPSS
CVE
CVE
added 2021/08/12 4:15 p.m.111 views

CVE-2021-38291

FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.

7.5CVSS8.3AI score0.00135EPSS
CVE
CVE
added 2021/09/09 3:15 p.m.109 views

CVE-2020-19143

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.

6.5CVSS6.2AI score0.00972EPSS
CVE
CVE
added 2021/05/25 7:15 p.m.109 views

CVE-2020-20450

FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service.

7.5CVSS8.2AI score0.00471EPSS
CVE
CVE
added 2021/09/16 9:15 p.m.109 views

CVE-2020-21532

fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.

5.5CVSS5.7AI score0.00119EPSS
CVE
CVE
added 2021/09/16 9:15 p.m.109 views

CVE-2020-21535

fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.

5.5CVSS5.4AI score0.00113EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.109 views

CVE-2021-4055

Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

8.8CVSS8.7AI score0.00276EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.109 views

CVE-2021-4066

Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.00948EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.109 views

CVE-2021-4068

Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.00425EPSS
CVE
CVE
added 2021/12/23 1:15 a.m.108 views

CVE-2021-38016

Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

8.8CVSS8AI score0.00199EPSS
CVE
CVE
added 2021/01/19 8:15 p.m.107 views

CVE-2020-14410

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.

5.8CVSS6.1AI score0.00215EPSS
CVE
CVE
added 2021/04/21 11:15 p.m.107 views

CVE-2021-1076

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.

7.8CVSS6.9AI score0.00073EPSS
CVE
CVE
added 2021/08/05 9:15 p.m.107 views

CVE-2021-3566

Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long...

5.5CVSS6.5AI score0.00103EPSS
CVE
CVE
added 2021/08/09 7:15 p.m.107 views

CVE-2021-37622

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker ...

5.5CVSS5.5AI score0.00086EPSS
CVE
CVE
added 2021/11/23 10:15 p.m.107 views

CVE-2021-37999

Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.

6.1CVSS6.4AI score0.0054EPSS
CVE
CVE
added 2021/11/22 8:15 p.m.107 views

CVE-2021-44143

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote c...

9.8CVSS9.4AI score0.04682EPSS
CVE
CVE
added 2021/11/29 8:15 a.m.106 views

CVE-2019-8922

A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. Th...

8.8CVSS8.6AI score0.00066EPSS
CVE
CVE
added 2021/04/30 6:15 a.m.106 views

CVE-2021-31872

An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact.

9.8CVSS9.6AI score0.01149EPSS
CVE
CVE
added 2021/09/20 4:15 p.m.106 views

CVE-2021-32277

An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.

7.8CVSS7.3AI score0.00148EPSS
Total number of security vulnerabilities1073