Max CVSS 10.0 Min CVSS 0.0 Total Count46237
IDCVSSSummaryLast (major) updatePublished
CVE-2019-2551 5.8
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitab
23-04-2019 - 15:32 23-04-2019 - 15:32
CVE-2019-7304 None
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
23-04-2019 - 12:29 23-04-2019 - 12:29
CVE-2016-1586 None
A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.
22-04-2019 - 12:29 22-04-2019 - 12:29
CVE-2015-1341 None
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Appoprt before 2.19.2 function _python_module_path.
22-04-2019 - 12:29 22-04-2019 - 12:29
CVE-2015-1326 None
python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.
22-04-2019 - 12:29 22-04-2019 - 12:29
CVE-2011-3145 None
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
22-04-2019 - 12:29 22-04-2019 - 12:29
CVE-2017-7777 6.8
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.
15-04-2019 - 08:31 15-04-2019 - 08:31
CVE-2017-7776 5.8
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
15-04-2019 - 08:31 15-04-2019 - 08:31
CVE-2017-7774 6.4
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
15-04-2019 - 08:31 15-04-2019 - 08:31
CVE-2017-7773 6.8
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.
15-04-2019 - 08:31 15-04-2019 - 08:31
CVE-2017-7771 5.8
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
15-04-2019 - 08:31 15-04-2019 - 08:31
CVE-2017-7772 6.8
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
12-04-2019 - 14:29 12-04-2019 - 14:29
CVE-2019-3460 3.3
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
11-04-2019 - 12:29 11-04-2019 - 12:29
CVE-2019-3459 3.3
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
11-04-2019 - 12:29 11-04-2019 - 12:29
CVE-2017-3139 5.0
A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
09-04-2019 - 14:29 09-04-2019 - 14:29
CVE-2014-3603 4.3
The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAl
04-04-2019 - 10:29 04-04-2019 - 10:29
CVE-2018-4465 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4464 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4463 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4462 4.3
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4461 9.3
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4460 4.0
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4450 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4449 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4447 9.3
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4445 4.0
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4443 6.8
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4442 6.8
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4441 6.8
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4440 4.3
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4439 4.3
A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4438 6.8
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4437 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4436 5.0
A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4435 6.8
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4434 6.6
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4431 4.9
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4427 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to: iOS 12.1, watchOS 5.1.2, tvOS 12.1.1, macOS High Sierra 10.13.6 Security Update 2018-003 High Sierra, macOS Sierra 10.12.6 Security Update 2
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4426 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4425 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4424 9.3
A buffer overflow was addressed with improved size validation. This issue affected versions prior to macOS Mojave 10.14.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4423 6.8
A logic issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4422 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4420 9.3
A memory corruption issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4419 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4418 4.3
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4417 4.3
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4416 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4415 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4414 6.8
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4413 7.1
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4412 6.8
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4411 6.8
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4410 9.3
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4409 4.3
A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4408 9.3
A memory corruption issue was addressed with improved input validation This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4407 6.5
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4406 4.0
A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4403 4.3
This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4402 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4401 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4400 4.3
A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4399 4.3
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4398 5.0
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCl
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4396 4.3
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4395 2.1
This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4394 6.8
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4393 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4392 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4389 4.3
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4386 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4383 9.3
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4382 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4378 6.8
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4377 4.3
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4376 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4375 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4374 4.3
A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4373 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4372 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4371 6.8
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4369 5.0
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4368 4.0
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4363 7.1
An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4361 6.8
A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4360 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4359 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4358 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4355 4.3
A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4354 6.8
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4353 7.5
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4351 4.3
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4350 9.3
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4348 2.1
A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4347 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4346 4.3
A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4345 4.3
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4344 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4343 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4342 2.1
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4341 6.8
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4340 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4338 4.3
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4337 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4336 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4334 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4333 4.3
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4332 10.0
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4331 10.0
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4329 5.0
Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4328 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4326 6.8
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4324 4.3
A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4323 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4321 5.0
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4319 5.8
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4318 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4317 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4316 6.8
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4315 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4314 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4313 2.1
A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4312 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4311 5.8
The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4310 7.5
An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4309 4.3
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4308 4.3
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4307 4.3
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4306 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4305 3.3
An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4304 4.3
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4303 6.8
An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14, iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4299 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4295 7.5
An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4293 5.0
A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4291 10.0
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4289 7.1
An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4288 10.0
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4287 10.0
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4286 10.0
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4285 9.3
A type confusion issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4284 6.8
A type confusion issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4283 4.9
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4282 4.9
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4280 6.8
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4279 5.0
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4276 5.0
A null pointer dereference was addressed with improved validation. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4274 5.0
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4273 4.3
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4272 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4271 4.3
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4270 4.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4269 6.8
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4268 10.0
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4267 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4266 4.3
A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4265 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4264 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4263 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4261 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4260 4.3
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4259 10.0
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4248 5.0
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4203 5.0
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4197 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4195 4.3
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 12.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4191 6.8
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4178 2.1
A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4153 4.3
An injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4126 9.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-20506 6.8
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to exe
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-20505 5.0
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-3613 4.6
Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
27-03-2019 - 16:29 27-03-2019 - 16:29
CVE-2018-12551 6.8
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no
27-03-2019 - 14:29 27-03-2019 - 14:29
CVE-2018-12550 6.8
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default al
27-03-2019 - 14:29 27-03-2019 - 14:29
CVE-2018-12546 4.0
In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future
27-03-2019 - 14:29 27-03-2019 - 14:29
CVE-2019-3828 7.5
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
27-03-2019 - 09:29 27-03-2019 - 09:29
CVE-2019-3814 4.9
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
27-03-2019 - 09:29 27-03-2019 - 09:29
CVE-2018-10934 3.5
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
27-03-2019 - 09:29 27-03-2019 - 09:29
CVE-2019-3827 3.3
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can
25-03-2019 - 14:29 25-03-2019 - 14:29
CVE-2019-3810 5.0
A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this
25-03-2019 - 14:29 25-03-2019 - 14:29
CVE-2019-3809 7.5
A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility
25-03-2019 - 14:29 25-03-2019 - 14:29
CVE-2019-3808 4.0
A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places.
25-03-2019 - 14:29 25-03-2019 - 14:29
CVE-2018-16858 7.5
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice
25-03-2019 - 14:29 25-03-2019 - 14:29
CVE-2019-6116 6.8
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
21-03-2019 - 13:29 21-03-2019 - 12:01
CVE-2019-7222 2.1
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-7221 4.6
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-6778 4.6
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-6690 5.0
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-6454 4.9
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can expl
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-5885 5.0
Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2018-20669 7.2
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function ca
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-20615 5.0
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are s
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-20340 4.6
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security to
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-19985 2.1
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitr
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-18898 5.0
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-18849 2.1
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-12023 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provid
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-12022 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2017-16232 5.0
** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the
21-03-2019 - 11:59 21-03-2019 - 11:59
CVE-2018-20182 7.5
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.
15-03-2019 - 14:29 15-03-2019 - 14:29
CVE-2018-20181 7.5
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.
15-03-2019 - 14:29 15-03-2019 - 14:29
CVE-2018-20180 7.5
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.
15-03-2019 - 14:29 15-03-2019 - 14:29
CVE-2018-20179 7.5
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.
15-03-2019 - 14:29 15-03-2019 - 14:29
CVE-2018-20178 5.0
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).
15-03-2019 - 14:29 15-03-2019 - 14:29
CVE-2018-20177 7.5
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.
15-03-2019 - 14:29 15-03-2019 - 14:29
CVE-2018-20176 5.0
rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).
15-03-2019 - 14:29 15-03-2019 - 14:29
CVE-2018-20175 5.0
rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).
15-03-2019 - 14:29 15-03-2019 - 14:29
CVE-2018-20174 5.0
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.
15-03-2019 - 14:29 15-03-2019 - 14:29
CVE-2018-20187 4.3
A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public
08-03-2019 - 14:29 08-03-2019 - 14:29
CVE-2019-0743 3.5
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0742.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0742 3.5
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0743.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0728 9.3
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0724 9.3
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0686 5.8
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0724.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0676 4.3
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disc
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0675 9.3
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0674 9.3
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0673 9.3
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0672 9.3
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0671 9.3
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0670 5.8
A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0669 4.3
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0668 6.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0664 4.3
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0663 2.1
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclo
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0662 9.3
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0618.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0661 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0621, CVE-2019-0663.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0660 4.3
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0659 4.4
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0658 4.3
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0648.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0657 4.3
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0656 6.9
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0655 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0654 4.3
A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects, aka 'Microsoft Browser Spoofing Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0652 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0651 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0650 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0634, CVE-2019-0645.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0649 6.8
A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileged Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0648 4.3
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data.To exploit the vulnerability, an attacker m
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0645 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0634, CVE-2019-0650.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0644 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0643 4.3
An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0642 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0641 4.3
A security feature bypass vulnerability exists in Microsoft Edge handles whitelisting, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0640 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0637 5.0
A security feature bypass vulnerability exists when Windows Defender Firewall incorrectly applies firewall profiles to cellular network connections, aka 'Windows Defender Firewall Security Feature Bypass Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0636 2.1
An information vulnerability exists when Windows improperly discloses file information, aka 'Windows Information Disclosure Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0635 5.5
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0634 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0645, CVE-2019-0650.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0633 9.0
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0630.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0632 4.6
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0627, CVE-2019-0631.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0631 4.6
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0627, CVE-2019-0632.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0630 9.0
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0628 2.1
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0627 4.6
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0631, CVE-2019-0632.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0626 7.5
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0625 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0623 7.2
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0621 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0661, CVE-2019-0663.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0619 4.3
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0618 9.3
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0662.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0616 4.3
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0615 4.3
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0616, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0613 9.3
A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0610 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0607 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0606 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0605 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0604 9.3
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-059
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0602 4.3
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0615, CVE-2019-0616, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0601 1.9
An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0600.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0600 1.9
An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0601.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0599 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0598 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0597 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0596 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0597, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0595 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0596, CVE-2019-0597, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0594 9.3
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-060
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0593 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0591 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0593, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0590 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0591, CVE-2019-0593, CVE-2019-0
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0540 4.3
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypas
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-6234 6.8
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6233 6.8
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6231 4.3
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to read restricted memory.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6230 6.8
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3,macOS Mojave 10.14.3,tvOS 12.1.2,watchOS 5.1.3. A malicious application may be able to break out of its sandbox.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6229 4.3
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scrip
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6228 4.3
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6227 6.8
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may le
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6226 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web conte
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6225 6.8
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6224 6.8
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6221 6.8
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, iTunes 12.9.3 for Windows. A malicious application may be able to elevate privileges.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6220 4.3
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.3. An application may be able to read restricted memory.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6219 5.0
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6218 9.3
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6217 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web conte
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6216 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web conte
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6215 6.8
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary co
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6214 6.8
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6213 9.3
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6212 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6211 6.8
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. Processing maliciously crafted web content may lead to arbitrary code execution.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6210 9.3
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to execute arbitrary code with kernel privileges.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6209 4.3
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be ab
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6208 4.3
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6205 6.8
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6202 6.8
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6200 5.8
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to execute arbitrary code.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6235 7.5
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3, iTunes 12.9.3 for Windows. A sandboxed process may be able to circumvent sandbox restrictions.
04-03-2019 - 15:29 04-03-2019 - 15:29
CVE-2018-18499 4.3
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could all
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-18498 7.5
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-18497 4.3
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to ope
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-18496 6.8
When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Not
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-18495 4.3
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-18494 4.3
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow fo
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-18493 7.5
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-18492 7.5
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firef
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12407 7.5
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox <
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12406 6.8
Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. Th
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12405 7.5
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to r
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12403 5.0
If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63.
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12402 4.3
The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windo
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12401 5.0
Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox < 63.
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12400 5.0
In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12399 4.3
When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12398 4.3
By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox < 63.
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12397 3.6
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permissi
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12396 4.3
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulner
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12395 5.0
By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Fir
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12393 5.0
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bou
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12392 7.5
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12391 9.3
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cro
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12390 7.5
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to r
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12389 6.8
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary co
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12388 6.8
Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. Th
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2019-6485 4.3
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 bef
22-02-2019 - 18:29 22-02-2019 - 18:29
CVE-2019-6340 6.8
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following co
21-02-2019 - 16:29 21-02-2019 - 16:29
CVE-2019-5782 6.8
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
19-02-2019 - 13:56 19-02-2019 - 12:29
CVE-2019-5775 4.3
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
19-02-2019 - 13:41 19-02-2019 - 12:29
CVE-2019-5781 4.3
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
19-02-2019 - 13:40 19-02-2019 - 12:29
CVE-2019-5777 4.3
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
19-02-2019 - 13:39 19-02-2019 - 12:29
CVE-2019-5776 4.3
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
19-02-2019 - 13:38 19-02-2019 - 12:29
CVE-2019-5779 4.3
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
19-02-2019 - 13:35 19-02-2019 - 12:29
CVE-2019-5783 6.8
Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5780 4.6
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5778 4.3
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileg
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5774 6.8
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .deskto
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5773 4.3
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5772 6.8
Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5771 6.8
An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5770 6.8
Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5769 6.8
Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5768 4.3
DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5767 4.3
Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5766 4.3
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5765 4.3
An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5764 6.8
Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5763 6.8
Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5762 6.8
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5761 6.8
Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5760 6.8
Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5759 6.8
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5758 6.8
Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5757 6.8
An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5756 6.8
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5755 5.8
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5754 4.3
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-6974 6.8
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
15-02-2019 - 11:12 15-02-2019 - 10:29
CVE-2019-6589 4.3
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP c
13-02-2019 - 19:29 13-02-2019 - 19:29
CVE-2019-7744 4.3
An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.
12-02-2019 - 13:29 12-02-2019 - 13:29
CVE-2019-7743 7.5
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .ph
12-02-2019 - 13:29 12-02-2019 - 13:29
CVE-2019-7741 4.3
An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS.
12-02-2019 - 13:29 12-02-2019 - 13:29
CVE-2019-7740 4.3
An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector.
12-02-2019 - 13:29 12-02-2019 - 13:29
CVE-2019-7739 4.3
An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an add
12-02-2019 - 13:29 12-02-2019 - 13:29
CVE-2019-3923 3.5
Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to ex
11-02-2019 - 23:29 11-02-2019 - 23:29
CVE-2019-5736 9.3
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types
11-02-2019 - 14:29 11-02-2019 - 14:29
CVE-2019-7665 4.3
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does n
09-02-2019 - 11:29 09-02-2019 - 11:29
CVE-2019-7664 4.3
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).
09-02-2019 - 11:29 09-02-2019 - 11:29
CVE-2019-7663 4.3
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cau
09-02-2019 - 11:29 09-02-2019 - 11:29
CVE-2019-7659 6.8
Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/l
09-02-2019 - 09:29 09-02-2019 - 09:29
CVE-2019-3823 5.0
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed n
09-02-2019 - 06:29 06-02-2019 - 15:29
CVE-2019-3822 7.5
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents
09-02-2019 - 06:29 06-02-2019 - 15:29
CVE-2018-16890 5.0
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subjec
09-02-2019 - 06:29 06-02-2019 - 15:29
CVE-2019-3463 7.5
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
08-02-2019 - 14:50 06-02-2019 - 14:29
CVE-2019-7639 4.3
An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the
08-02-2019 - 06:29 08-02-2019 - 06:29
CVE-2019-3464 7.5
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
07-02-2019 - 06:29 06-02-2019 - 14:29
CVE-2018-18506 4.3
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This b
05-02-2019 - 16:29 05-02-2019 - 16:29
CVE-2018-18505 7.5
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created
05-02-2019 - 16:29 05-02-2019 - 16:29
CVE-2018-18504 7.5
A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buff
05-02-2019 - 16:29 05-02-2019 - 16:29
CVE-2018-18503 6.8
When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65.
05-02-2019 - 16:29 05-02-2019 - 16:29
CVE-2018-18502 10.0
Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. Th
05-02-2019 - 16:29 05-02-2019 - 16:29
CVE-2018-18501 7.5
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to r
05-02-2019 - 16:29 05-02-2019 - 16:29
CVE-2018-18500 7.5
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affec
05-02-2019 - 16:29 05-02-2019 - 16:29
CVE-2018-8800 7.5
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
05-02-2019 - 15:29 05-02-2019 - 15:29
CVE-2018-8799 5.0
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).
05-02-2019 - 15:29 05-02-2019 - 15:29
CVE-2018-8798 5.0
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.
05-02-2019 - 15:29 05-02-2019 - 15:29
CVE-2018-8797 7.5
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
05-02-2019 - 15:29 05-02-2019 - 15:29
CVE-2018-8796 5.0
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).
05-02-2019 - 15:29 05-02-2019 - 15:29
CVE-2018-8795 7.5
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
05-02-2019 - 15:29 05-02-2019 - 15:29
CVE-2018-8794 7.5
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
05-02-2019 - 15:29 05-02-2019 - 15:29
CVE-2018-8793 7.5
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
05-02-2019 - 15:29 05-02-2019 - 15:29
CVE-2018-8792 5.0
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).
05-02-2019 - 15:29 05-02-2019 - 15:29
CVE-2018-8791 5.0
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.
05-02-2019 - 15:29 05-02-2019 - 15:29
CVE-2019-6590 7.1
On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic.
05-02-2019 - 14:29 05-02-2019 - 14:29
CVE-2019-6591 3.5
On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM syste
05-02-2019 - 13:29 05-02-2019 - 13:29
CVE-2018-11803 5.0
Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.
05-02-2019 - 12:29 05-02-2019 - 12:29
CVE-2019-7398 5.0
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
04-02-2019 - 19:29 04-02-2019 - 19:29
CVE-2019-7397 5.0
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
04-02-2019 - 19:29 04-02-2019 - 19:29
CVE-2019-7396 5.0
In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.
04-02-2019 - 19:29 04-02-2019 - 19:29
CVE-2019-7395 5.0
In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.
04-02-2019 - 19:29 04-02-2019 - 19:29
CVE-2019-1000021 5.0
slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access
04-02-2019 - 16:29 04-02-2019 - 16:29
CVE-2019-1000020 4.3
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, rea
04-02-2019 - 16:29 04-02-2019 - 16:29
CVE-2019-1000019 4.3
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a cr
04-02-2019 - 16:29 04-02-2019 - 16:29
CVE-2019-1000018 4.6
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An aut
04-02-2019 - 16:29 04-02-2019 - 16:29
CVE-2018-20751 6.8
An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. T
04-02-2019 - 14:29 04-02-2019 - 14:29
CVE-2019-3813 5.4
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
04-02-2019 - 13:29 04-02-2019 - 13:29
CVE-2019-3461 4.4
Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarch
04-02-2019 - 13:29 04-02-2019 - 13:29
CVE-2019-7317 2.6
png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute.
04-02-2019 - 03:29 04-02-2019 - 03:29
CVE-2019-7313 5.8
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.
03-02-2019 - 03:29 03-02-2019 - 03:29
CVE-2016-10741 4.7
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of
01-02-2019 - 11:29 01-02-2019 - 11:29
CVE-2019-6111 5.8
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned
31-01-2019 - 13:29 31-01-2019 - 13:29
CVE-2019-6110 4.0
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transfe
31-01-2019 - 13:29 31-01-2019 - 13:29
CVE-2019-6109 4.0
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes t
31-01-2019 - 13:29 31-01-2019 - 13:29
CVE-2018-11790 4.6
When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.
31-01-2019 - 11:29 31-01-2019 - 11:29
CVE-2019-6438 7.5
SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.
31-01-2019 - 04:29 31-01-2019 - 04:29
CVE-2017-18360 4.9
In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.
31-01-2019 - 04:29 31-01-2019 - 04:29
CVE-2019-0190 5.0
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server ve
30-01-2019 - 17:29 30-01-2019 - 17:29
CVE-2018-3956 5.8
An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensiti
30-01-2019 - 17:29 30-01-2019 - 17:29
CVE-2018-17199 5.0
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session
30-01-2019 - 17:29 30-01-2019 - 17:29
CVE-2018-17189 5.0
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_htt
30-01-2019 - 17:29 30-01-2019 - 17:29
CVE-2019-1566 4.3
The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.
30-01-2019 - 15:29 30-01-2019 - 15:29
CVE-2018-20750 7.5
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
30-01-2019 - 13:29 30-01-2019 - 13:29
CVE-2018-20749 7.5
LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
30-01-2019 - 13:29 30-01-2019 - 13:29
CVE-2018-20748 7.5
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.
30-01-2019 - 13:29 30-01-2019 - 13:29
CVE-2019-3807 6.4
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC
29-01-2019 - 12:29 29-01-2019 - 12:29
CVE-2019-3806 6.8
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
29-01-2019 - 12:29 29-01-2019 - 12:29
CVE-2018-16880 6.9
A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory co
29-01-2019 - 11:29 29-01-2019 - 11:29
CVE-2019-7150 4.3
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted inp
28-01-2019 - 19:29 28-01-2019 - 19:29
CVE-2019-7149 4.3
A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.
28-01-2019 - 19:29 28-01-2019 - 19:29
CVE-2019-7148 4.3
**DISPUTED** An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, wh
28-01-2019 - 19:29 28-01-2019 - 19:29
CVE-2019-7146 4.3
In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.
28-01-2019 - 19:29 28-01-2019 - 19:29
CVE-2019-3815 2.1
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A
28-01-2019 - 10:29 28-01-2019 - 10:29
CVE-2018-10910 2.1
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication
28-01-2019 - 10:29 28-01-2019 - 10:29
CVE-2018-16889 5.0
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
28-01-2019 - 09:29 28-01-2019 - 09:29
CVE-2019-6978 7.5
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
28-01-2019 - 03:29 28-01-2019 - 03:29
CVE-2019-6977 6.8
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This c
26-01-2019 - 21:29 26-01-2019 - 21:29
CVE-2019-6799 4.3
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is r
26-01-2019 - 12:29 26-01-2019 - 12:29
CVE-2019-6798 7.5
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
26-01-2019 - 12:29 26-01-2019 - 12:29
CVE-2018-16881 5.0
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
25-01-2019 - 13:29 25-01-2019 - 13:29
CVE-2018-20743 5.0
murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.
25-01-2019 - 11:29 25-01-2019 - 11:29
CVE-2017-18359 5.0
PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty ge
25-01-2019 - 00:29 25-01-2019 - 00:29
CVE-2018-12237 9.0
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated syst
24-01-2019 - 16:29 24-01-2019 - 16:29
CVE-2019-1653 5.0
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access
24-01-2019 - 11:29 24-01-2019 - 11:29
CVE-2019-6486 6.4
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
24-01-2019 - 00:29 24-01-2019 - 00:29
CVE-2019-1643 4.3
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected so
23-01-2019 - 18:29 23-01-2019 - 18:29
CVE-2019-6706 5.0
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
23-01-2019 - 14:29 23-01-2019 - 14:29
CVE-2017-6923 4.0
In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is m
22-01-2019 - 11:29 22-01-2019 - 10:29
CVE-2019-6339 7.5
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code
22-01-2019 - 10:29 22-01-2019 - 10:29
CVE-2017-6922 4.0
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rathe
22-01-2019 - 10:29 22-01-2019 - 10:29
CVE-2019-6338 6.0
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-20
22-01-2019 - 09:29 22-01-2019 - 09:29
CVE-2019-1003004 6.5
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indef
22-01-2019 - 09:29 22-01-2019 - 09:29
CVE-2019-1003003 6.5
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember M
22-01-2019 - 09:29 22-01-2019 - 09:29
CVE-2018-13374 4.0
A Improper Access Control in Fortinet FortiOS allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
22-01-2019 - 09:29 22-01-2019 - 09:29
CVE-2018-19720 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19719 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19718 5.0
Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session.
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19717 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19716 7.5
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19715 10.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19714 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19713 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19712 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19711 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19710 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19709 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19708 10.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19707 10.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19706 5.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19705 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19704 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19703 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19702 10.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19701 5.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19700 10.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19699 5.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-19698 10.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16047 5.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16046 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16045 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16044 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16043 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16042 5.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16041 5.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16040 10.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16039 10.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16038 5.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16037 10.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16036 10.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16035 5.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16034 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16033 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16032 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16031 5.0
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16030 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16029 6.8
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16028 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16027 6.8
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16026 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16025 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16024 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16023 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16022 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16021 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16020 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16019 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16018 9.3
Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalat
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16017 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16016 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16015 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16014 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16013 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16012 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16011 9.3
Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code ex
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16010 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16009 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16008 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16007 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16006 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16005 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16004 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16003 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16002 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16001 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16000 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15999 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15998 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15997 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15996 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15995 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15994 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15993 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15992 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15991 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15990 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15989 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15988 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15987 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15986 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15985 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15984 4.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15983 6.8
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15982 10.0
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-12830 9.3
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-12817 5.0
Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2019-0647 4.0
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.
17-01-2019 - 13:29 17-01-2019 - 13:29
CVE-2019-0646 3.5
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
17-01-2019 - 13:29 17-01-2019 - 13:29
CVE-2019-0624 3.5
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
17-01-2019 - 13:29 17-01-2019 - 13:29
CVE-2018-5741 4.0
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client,
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2018-5740 5.0
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feat
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2018-5738 5.0
Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is th
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2018-5737 5.0
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2018-5736 3.5
An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an a
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2018-5734 5.0
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the requ
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2018-5733 5.0
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2018-15782 7.2
The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick s
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3145 5.0
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3144 5.0
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older ve
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3143 4.3
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. A
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3142 4.3
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server tha
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3141 7.2
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3140 4.3
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3138 3.5
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has create
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3137 5.0
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which record
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3136 4.3
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3135 4.3
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2016-9778 4.3
An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an at
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2019-2556 2.1
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2555 2.1
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2554 2.1
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2553 2.1
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2552 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2550 4.3
Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker wi
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2548 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2547 3.5
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure p
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2546 4.3
Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: SQL Extensions). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitab
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2545 2.1
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDoms IO). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infras
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2544 2.1
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastr
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2543 5.0
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via KS
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2541 5.4
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: DHCP Client). The supported version that is affected is 10. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physic
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2539 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multip
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2537 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacke
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2536 1.2
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastruct
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2535 1.9
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructur
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2534 5.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2533 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2532 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2531 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2530 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2529 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged at
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2528 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with netwo
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2527 2.1
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.26 and prior to 6.0.4. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2526 4.4
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with log
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2525 1.9
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with log
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2524 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2523 4.4
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with log
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2522 4.4
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with log
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2521 4.4
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with log
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2520 4.4
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with log
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2513 1.2
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MyS
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2512 4.0
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.1, 15.2, 16.1, 16.2, 17.7-17.12 and 18.8. Di
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2511 7.8
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with netw
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2510 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2509 4.9
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2508 4.9
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2507 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged a
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2506 2.1
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2505 2.1
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2504 2.1
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2503 3.8
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low p
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2502 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2501 2.1
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2500 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2498 5.8
Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Dash board). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploit
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2497 5.8
Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability a
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2496 4.3
Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability a
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2495 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple prot
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2494 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple prot
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2492 4.3
Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vuln
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2491 4.3
Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vuln
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2489 6.4
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: OCM Query). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability al
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2488 5.0
Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Session Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulne
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2486 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2485 4.3
Vulnerability in the Oracle Mobile Field Service component of Oracle E-Business Suite (subcomponent: Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitab
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2482 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2481 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged a
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2470 5.8
Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Detail). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2455 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attac
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2453 6.4
Vulnerability in the Oracle Performance Management component of Oracle E-Business Suite (subcomponent: Performance Management Plan). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthent
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2452 6.5
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows high privileged a
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2451 2.1
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2450 2.1
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2449 2.6
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protoco
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2448 2.1
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2447 5.8
Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Detail). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2446 2.1
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2445 5.8
Vulnerability in the Oracle Content Manager component of Oracle E-Business Suite (subcomponent: Cover Letter). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vuln
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2444 4.4
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastruct
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2441 5.0
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container - JavaEE). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker wit
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2437 7.8
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to c
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2436 5.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2434 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network a
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2426 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacke
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2422 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2420 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with netwo
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2418 6.8
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Difficult to exploit vulnerability allows unauthenticated
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2414 4.6
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastr
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2406 6.5
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role pri
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2400 5.8
Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Registration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerab
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2398 4.0
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Deployment). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows low privileged attac
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2396 4.3
Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability a
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2395 5.5
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows low privileged attacker with network acc
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2018-3309 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is prior to 5.2.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru
16-01-2019 - 14:29 16-01-2019 - 14:29
CVE-2018-3305 6.5
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploita
16-01-2019 - 14:29 16-01-2019 - 14:29
CVE-2018-3304 6.4
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploita
16-01-2019 - 14:29 16-01-2019 - 14:29
CVE-2018-3303 6.4
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: EM Console). Supported versions that are affected are 13.2 and 13.3. Easily exploitable vulnerability allows unauthenticated at
16-01-2019 - 14:29 16-01-2019 - 14:29
CVE-2018-20721 7.5
URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.
16-01-2019 - 09:29 16-01-2019 - 09:29
CVE-2019-6264 4.3
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
16-01-2019 - 03:29 16-01-2019 - 03:29
CVE-2019-6263 3.5
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS.
16-01-2019 - 03:29 16-01-2019 - 03:29
CVE-2019-6262 3.5
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.
16-01-2019 - 03:29 16-01-2019 - 03:29
CVE-2019-6261 4.3
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.
16-01-2019 - 03:29 16-01-2019 - 03:29
CVE-2019-6446 7.5
** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: thir
16-01-2019 - 00:29 16-01-2019 - 00:29
CVE-2019-6445 4.0
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.
16-01-2019 - 00:29 16-01-2019 - 00:29
CVE-2019-6444 6.4
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.
16-01-2019 - 00:29 16-01-2019 - 00:29
CVE-2019-6443 6.4
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
16-01-2019 - 00:29 16-01-2019 - 00:29
CVE-2019-6442 4.0
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.
16-01-2019 - 00:29 16-01-2019 - 00:29
CVE-2019-0017 6.5
The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versi
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2019-0016 5.5
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Af
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2019-0014 5.0
On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly crash th
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2019-0013 5.0
The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a crash, repeated crashes can result in an extended Denial of Service (DoS) condition. This issue only
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2019-0012 4.3
A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2019-0011 3.3
The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2019-0009 2.1
On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE). In a virtual chassis (VC) deployment, this issue disrupts communication between the VC members
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2019-0007 7.5
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base met
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2019-0006 7.5
A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a cra
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2019-0005 5.0
On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is u
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2019-0003 4.3
When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2019-0002 7.5
On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show t
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2019-0001 7.1
Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd servic
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2018-14662 2.7
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2017-6921 4.3
In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and a
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2017-6924 5.8
In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RE
15-01-2019 - 15:29 15-01-2019 - 15:29
CVE-2018-16846 4.0
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
15-01-2019 - 13:29 15-01-2019 - 13:29
CVE-2017-6925 7.5
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entit
15-01-2019 - 12:29 15-01-2019 - 12:29
CVE-2019-3811 2.7
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem ac
15-01-2019 - 10:29 15-01-2019 - 10:29
CVE-2018-16886 6.8
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Nam
14-01-2019 - 14:29 14-01-2019 - 14:29
CVE-2019-6256 7.5
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie H
14-01-2019 - 03:29 14-01-2019 - 03:29
CVE-2019-6250 9.0
A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of byte
13-01-2019 - 10:29 13-01-2019 - 10:29
CVE-2019-6245 6.8
An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. In the function agg::cell_aa::not_equal, dx is assigned to (x2 - x1). If dx >= dx_limit, which is (16384 << poly_subpixel_shift), this function will call its
12-01-2019 - 19:29 12-01-2019 - 19:29
CVE-2018-20699 4.0
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.
11-01-2019 - 21:29 11-01-2019 - 21:29
CVE-2018-16865 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remo
11-01-2019 - 16:29 11-01-2019 - 16:29
CVE-2018-16864 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash s
11-01-2019 - 15:29 11-01-2019 - 15:29
CVE-2018-16866 2.1
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
11-01-2019 - 14:29 11-01-2019 - 14:29
CVE-2018-4278 4.3
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tr
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4277 5.0
In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4262 6.8
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4213 6.8
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4212 6.8
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4210 6.8
In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4209 6.8
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4208 6.8
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4207 6.8
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4183 7.2
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4182 7.2
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4181 4.9
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4180 4.6
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2016-4644 4.0
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types w
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2016-4643 4.0
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2016-4642 4.3
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2019-6133 4.4
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendin
11-01-2019 - 09:29 11-01-2019 - 09:29
CVE-2019-6128 6.8
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
11-01-2019 - 00:29 11-01-2019 - 00:29
CVE-2018-15460 7.8
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of se
10-01-2019 - 17:29 10-01-2019 - 17:29
CVE-2018-20685 2.6
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
10-01-2019 - 16:29 10-01-2019 - 16:29
CVE-2017-1002157 7.5
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.
10-01-2019 - 16:29 10-01-2019 - 16:29
CVE-2017-1002152 4.3
Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles.
10-01-2019 - 16:29 10-01-2019 - 16:29
CVE-2018-15453 7.8
A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remot
10-01-2019 - 13:29 10-01-2019 - 13:29
CVE-2018-20683 6.8
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P.
09-01-2019 - 20:29 09-01-2019 - 20:29
CVE-2019-5882 7.5
Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.
09-01-2019 - 18:29 09-01-2019 - 18:29
CVE-2019-3498 4.3
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing
09-01-2019 - 18:29 09-01-2019 - 18:29
CVE-2018-1000410 2.1
An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descript
09-01-2019 - 18:29 09-01-2019 - 18:29
CVE-2018-1000409 5.8
A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one w
09-01-2019 - 18:29 09-01-2019 - 18:29
CVE-2018-1000408 6.4
A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on ins
09-01-2019 - 18:29 09-01-2019 - 18:29
CVE-2018-1000407 4.3
A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML
09-01-2019 - 18:29 09-01-2019 - 18:29
CVE-2018-6179 4.3
Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a cra
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6178 4.3
Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6175 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6174 6.8
Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6173 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6172 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6170 6.8
A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6169 4.3
Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6167 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6166 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6165 4.3
Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6164 4.3
Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6163 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6162 6.8
Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6160 4.3
JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6158 5.1
A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6153 6.8
A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6151 6.8
Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6147 2.1
Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6144 6.8
Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6143 4.3
Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6141 6.8
Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6140 9.3
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6139 6.8
Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6137 4.3
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6135 4.3
Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6133 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6127 6.8
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6126 6.8
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6124 6.8
Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6123 4.3
A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6120 6.8
An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6117 4.3
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6114 4.3
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6113 4.3
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6112 4.3
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6111 6.8
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6110 5.8
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6109 4.3
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6106 6.8
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6100 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6097 4.3
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6096 4.3
A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6093 4.3
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6091 4.3
Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6084 7.2
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6056 6.8
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-17470 4.3
A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-17459 4.3
Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-17458 6.8
An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16088 4.3
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16087 4.3
Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16085 6.8
A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16084 4.3
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16083 6.8
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16082 4.3
An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16081 4.3
Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permissi
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16080 4.3
A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16079 2.6
A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16078 4.3
Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16076 6.8
Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16072 4.3
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16071 6.8
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16068 6.8
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16067 4.3
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16066 4.3
A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16065 6.8
A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2017-15428 6.8
Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pa
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2016-9651 6.8
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2019-5721 4.3
In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.
08-01-2019 - 18:29 08-01-2019 - 18:29
CVE-2019-5719 4.3
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block.
08-01-2019 - 18:29 08-01-2019 - 18:29
CVE-2019-5718 4.3
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check.
08-01-2019 - 18:29 08-01-2019 - 18:29
CVE-2019-5717 4.3
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.
08-01-2019 - 18:29 08-01-2019 - 18:29
CVE-2019-5716 4.3
In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation.
08-01-2019 - 18:29 08-01-2019 - 18:29
CVE-2019-0588 4.0
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0586 10.0
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0585 9.3
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, O
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0584 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0583 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0582 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0581 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0580 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0579 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0578 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0577 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0576 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0575 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0574 6.8
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Se
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0573 6.8
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Se
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0572 6.8
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Se
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0571 6.8
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Se
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0570 4.6
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka "Windows Runtime Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Window
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0569 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0568 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0567 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0566 6.8
An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0565 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0564 5.0
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0562 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0561 4.3
An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0560 4.3
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0559 4.3
An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0558 3.5
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsof
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0557 3.5
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsof
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0556 3.5
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsof
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0555 4.4
An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft XmlDocument Elevation of Privilege Vulnerability." This affects Wind
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0554 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0553 2.1
An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka "Windows Subsystem for Linux Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0552 4.6
An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0551 7.7
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Window
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0550 7.7
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Window
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0549 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0548 5.0
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0547 7.5
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka "Windows DHCP Client Remote Code Execution Vulnerability." This affects Windows 10, Windows 10 Servers.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0546 9.3
A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0545 5.0
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framewor
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0543 4.6
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0541 9.3
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Inte
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0539 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0538 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0537 4.3
An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0536 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-5489 2.1
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this af
07-01-2019 - 12:29 07-01-2019 - 12:29
CVE-2018-1320 5.0
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed co
07-01-2019 - 12:29 07-01-2019 - 12:29
CVE-2018-15780 4.0
RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain read access to restricted user information.
03-01-2019 - 16:29 03-01-2019 - 16:29
CVE-2019-3701 7.1
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_AD
03-01-2019 - 11:29 03-01-2019 - 11:29
CVE-2018-16882 7.2
A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmap
03-01-2019 - 11:29 03-01-2019 - 11:29
CVE-2018-16876 5.0
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
03-01-2019 - 10:29 03-01-2019 - 10:29
CVE-2018-20662 4.3
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is m
03-01-2019 - 08:29 03-01-2019 - 08:29
CVE-2018-19478 4.3
In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.
02-01-2019 - 13:29 02-01-2019 - 13:29
CVE-2018-19362 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
02-01-2019 - 13:29 02-01-2019 - 13:29
CVE-2018-19361 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
02-01-2019 - 13:29 02-01-2019 - 13:29
CVE-2018-19360 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
02-01-2019 - 13:29 02-01-2019 - 13:29
CVE-2018-14721 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
02-01-2019 - 13:29 02-01-2019 - 13:29
CVE-2018-14720 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
02-01-2019 - 13:29 02-01-2019 - 13:29
CVE-2018-14719 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
02-01-2019 - 13:29 02-01-2019 - 13:29
CVE-2018-14718 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
02-01-2019 - 13:29 02-01-2019 - 13:29
CVE-2018-17188 6.5
Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Toget
02-01-2019 - 09:29 02-01-2019 - 09:29
CVE-2019-3500 2.1
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.
02-01-2019 - 02:29 02-01-2019 - 02:29
CVE-2018-20650 4.3
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
01-01-2019 - 11:29 01-01-2019 - 11:29
CVE-2018-6336 6.8
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is si
31-12-2018 - 14:29 31-12-2018 - 14:29
CVE-2018-20622 4.3
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.
31-12-2018 - 14:29 31-12-2018 - 14:29
CVE-2018-20584 4.3
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.
30-12-2018 - 00:29 30-12-2018 - 00:29
CVE-2018-20570 4.3
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-20551 4.3
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-20549 6.8
There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-20548 6.8
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-20547 5.8
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-20546 5.8
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-20545 6.8
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-20544 4.3
There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19.
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-17539 5.0
The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) el
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-1000888 6.8
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is ca
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-15335 4.3
When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may
28-12-2018 - 10:29 28-12-2018 - 10:29
CVE-2018-20511 2.1
An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next f
27-12-2018 - 09:29 27-12-2018 - 09:29
CVE-2018-20217 3.5
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U
26-12-2018 - 16:29 26-12-2018 - 16:29
CVE-2018-19873 7.5
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
26-12-2018 - 16:29 26-12-2018 - 16:29
CVE-2018-19871 4.3
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
26-12-2018 - 16:29 26-12-2018 - 16:29
CVE-2018-19870 6.8
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
26-12-2018 - 16:29 26-12-2018 - 16:29
CVE-2018-19869 4.3
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
26-12-2018 - 16:29 26-12-2018 - 16:29
CVE-2018-15518 6.8
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
26-12-2018 - 16:29 26-12-2018 - 16:29
CVE-2018-20483 2.1
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credent
26-12-2018 - 13:29 26-12-2018 - 13:29
CVE-2018-20482 1.9
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archive
26-12-2018 - 13:29 26-12-2018 - 13:29
CVE-2018-17957 2.1
The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.
26-12-2018 - 10:29 26-12-2018 - 10:29
CVE-2018-20481 4.3
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser
25-12-2018 - 23:29 25-12-2018 - 23:29
CVE-2018-20467 4.3
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
25-12-2018 - 22:29 25-12-2018 - 22:29
CVE-2018-20461 4.3
In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file.
25-12-2018 - 14:29 25-12-2018 - 14:29
CVE-2018-20460 4.3
In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file.
25-12-2018 - 14:29 25-12-2018 - 14:29
CVE-2018-20459 4.3
In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in a
25-12-2018 - 14:29 25-12-2018 - 14:29
CVE-2018-20458 4.3
In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting an input file.
25-12-2018 - 14:29 25-12-2018 - 14:29
CVE-2018-20457 4.3
In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect i
25-12-2018 - 14:29 25-12-2018 - 14:29
CVE-2018-20456 4.3
In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related iss
25-12-2018 - 14:29 25-12-2018 - 14:29
CVE-2018-20455 4.3
In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456.
25-12-2018 - 14:29 25-12-2018 - 14:29
CVE-2018-15465 5.5
A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. T
24-12-2018 - 09:29 24-12-2018 - 09:29
CVE-2018-20433 7.5
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.
24-12-2018 - 08:29 24-12-2018 - 08:29
CVE-2018-20431 4.3
GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.
24-12-2018 - 00:29 24-12-2018 - 00:29
CVE-2018-20430 4.3
GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.
24-12-2018 - 00:29 24-12-2018 - 00:29
CVE-2018-20406 5.0
Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used
23-12-2018 - 18:29 23-12-2018 - 18:29
CVE-2018-20365 4.3
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
22-12-2018 - 12:29 22-12-2018 - 12:29
CVE-2018-20364 4.3
LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
22-12-2018 - 12:29 22-12-2018 - 12:29
CVE-2018-20363 4.3
LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
22-12-2018 - 12:29 22-12-2018 - 12:29
CVE-2018-20346 6.8
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by l
21-12-2018 - 16:29 21-12-2018 - 16:29
CVE-2018-20337 6.8
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
21-12-2018 - 04:29 21-12-2018 - 04:29
CVE-2018-20330 6.8
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.
21-12-2018 - 04:29 21-12-2018 - 04:29
CVE-2018-19134 6.8
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscri
20-12-2018 - 18:29 20-12-2018 - 18:29
CVE-2018-17247 4.3
Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a spec
20-12-2018 - 17:29 20-12-2018 - 17:29
CVE-2018-17246 7.5
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to a
20-12-2018 - 17:29 20-12-2018 - 17:29
CVE-2018-17245 5.0
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request tha
20-12-2018 - 17:29 20-12-2018 - 17:29
CVE-2018-17244 4.0
Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same u
20-12-2018 - 17:29 20-12-2018 - 17:29
CVE-2018-1160 10.0
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code executio
20-12-2018 - 16:29 20-12-2018 - 16:29
CVE-2018-15331 6.8
On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system.
20-12-2018 - 15:29 20-12-2018 - 15:29
CVE-2018-15330 7.8
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkerne
20-12-2018 - 15:29 20-12-2018 - 15:29
CVE-2018-15329 6.5
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, r
20-12-2018 - 15:29 20-12-2018 - 15:29
CVE-2018-1000880 4.3
libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can resul
20-12-2018 - 12:29 20-12-2018 - 12:29
CVE-2018-1000878 6.8
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is un
20-12-2018 - 12:29 20-12-2018 - 12:29
CVE-2018-1000877 6.8
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window,
20-12-2018 - 12:29 20-12-2018 - 12:29
CVE-2018-1000876 4.6
binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows executi
20-12-2018 - 12:29 20-12-2018 - 12:29
CVE-2018-1000873 4.3
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious
20-12-2018 - 12:29 20-12-2018 - 12:29
CVE-2018-1000858 6.8
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e
20-12-2018 - 12:29 20-12-2018 - 12:29
CVE-2018-1000852 7.5
FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server c
20-12-2018 - 10:29 20-12-2018 - 10:29
CVE-2018-1000845 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultID: CVE-2017-6519. Reason: This candidate is a duplicate of CVE-2017-6519. Notes: All CVE users should reference CVE-2017-6519 instead of this candidate. All references and descriptions in th
20-12-2018 - 10:29 20-12-2018 - 10:29
CVE-2018-8653 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
20-12-2018 - 08:29 20-12-2018 - 08:29
CVE-2018-6307 6.8
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-20024 5.0
LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-20023 5.0
LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vu
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-20022 5.0
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-20021 7.8
LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-20020 7.5
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-20019 7.5
LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-15127 7.5
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-15126 7.5
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-20230 6.8
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other
19-12-2018 - 06:29 19-12-2018 - 06:29
CVE-2018-19790 5.8
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacke
18-12-2018 - 17:29 18-12-2018 - 17:29
CVE-2018-19789 5.0
An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`
18-12-2018 - 17:29 18-12-2018 - 17:29
CVE-2018-16884 6.7
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container
18-12-2018 - 17:29 18-12-2018 - 17:29
CVE-2018-6978 7.2
vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with
18-12-2018 - 15:29 18-12-2018 - 15:29
CVE-2018-20189 4.3
In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bi
17-12-2018 - 15:29 17-12-2018 - 15:29
CVE-2018-20185 2.6
In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects Graphics
17-12-2018 - 14:29 17-12-2018 - 14:29
CVE-2018-20184 4.3
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed t
17-12-2018 - 14:29 17-12-2018 - 14:29
CVE-2018-19295 7.2
Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-18245 3.5
Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-20169 7.2
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
17-12-2018 - 02:29 17-12-2018 - 02:29
CVE-2018-20167 6.8
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats re
17-12-2018 - 00:29 17-12-2018 - 00:29
CVE-2018-20153 3.5
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
14-12-2018 - 15:29 14-12-2018 - 15:29
CVE-2018-20152 4.0
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input.
14-12-2018 - 15:29 14-12-2018 - 15:29
CVE-2018-20151 5.0
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the p
14-12-2018 - 15:29 14-12-2018 - 15:29
CVE-2018-20150 4.3
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
14-12-2018 - 15:29 14-12-2018 - 15:29
CVE-2018-20149 3.5
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
14-12-2018 - 15:29 14-12-2018 - 15:29
CVE-2018-20148 7.5
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_t
14-12-2018 - 15:29 14-12-2018 - 15:29
CVE-2018-20147 5.5
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.
14-12-2018 - 15:29 14-12-2018 - 15:29
CVE-2018-16875 7.8
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers
14-12-2018 - 09:29 14-12-2018 - 09:29
CVE-2018-16874 6.8
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only v
14-12-2018 - 09:29 14-12-2018 - 09:29
CVE-2018-16873 6.8
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically,
14-12-2018 - 09:29 14-12-2018 - 09:29
CVE-2018-15776 4.6
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.
13-12-2018 - 17:29 13-12-2018 - 17:29
CVE-2018-15774 6.5
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could pot
13-12-2018 - 17:29 13-12-2018 - 17:29
CVE-2018-16872 3.5
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the t
13-12-2018 - 16:29 13-12-2018 - 16:29
CVE-2018-20145 5.0
Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.
13-12-2018 - 15:29 13-12-2018 - 15:29
CVE-2018-19489 2.1
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
13-12-2018 - 14:29 13-12-2018 - 14:29
CVE-2018-19364 2.1
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
13-12-2018 - 14:29 13-12-2018 - 14:29
CVE-2018-20103 5.0
An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaus
12-12-2018 - 12:29 12-12-2018 - 12:29
CVE-2018-20102 5.0
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-
12-12-2018 - 12:29 12-12-2018 - 12:29
CVE-2018-1485 4.0
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be k
12-12-2018 - 11:29 12-12-2018 - 11:29
CVE-2018-1484 4.3
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link i
12-12-2018 - 11:29 12-12-2018 - 11:29
CVE-2018-1481 5.0
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history
12-12-2018 - 11:29 12-12-2018 - 11:29
CVE-2018-1480 5.0
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via m
12-12-2018 - 11:29 12-12-2018 - 11:29
CVE-2018-1478 4.3
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hija
12-12-2018 - 11:29 12-12-2018 - 11:29
CVE-2018-1476 5.0
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 140757.
12-12-2018 - 11:29 12-12-2018 - 11:29
CVE-2018-1474 4.3
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers
12-12-2018 - 11:29 12-12-2018 - 11:29
CVE-2018-8650 3.5
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsof
12-12-2018 - 10:29 12-12-2018 - 10:29
CVE-2018-18397 2.1
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that fil
12-12-2018 - 05:29 12-12-2018 - 05:29
CVE-2018-8649 4.9
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 10, Windows Server 2019.
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8643 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8641 7.2
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8639 7.2
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8638 2.1
An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 10, Windows Server 2019.
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8637 2.1
An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass, aka "Win32k Information Disclosure Vulnerability." Th
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8636 9.3
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Micro
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8635 6.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka "Microsoft SharePoint Server Elevation of Privilege Vulnerabil
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8634 9.3
A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory, aka "Microsoft Text-To-Speech Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, W
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8631 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8629 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8628 9.3
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProP
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8627 4.3
An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This aff
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8626 10.0
A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka "Windows DNS Server Heap Overflow Vulnerability." This affects Windows Server 2012 R2, Windows Server 2019, Windo
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8625 7.6
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 1
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8624 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8622 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8621 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2012, Windows 7, Windows Server 2008 R2. This CVE ID i
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8619 7.6
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explor
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8618 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8617 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8612 2.1
A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values, aka "Connected User Experiences and Telemetry Service Denial of Service Vulnerability." This affects Windows Ser
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8611 7.2
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Serv
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8604 4.0
A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8599 4.6
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Mi
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8598 2.6
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8597 9.3
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Micro
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8596 4.3
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8595 4.3
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8587 9.3
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft O
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8583 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8580 4.3
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Informatio
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8540 10.0
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Micros
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8517 5.0
A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka ".NET Framework Denial Of Service Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framew
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8514 2.1
An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory, aka "Remote Procedure Call runtime Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Wind
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8477 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-19970 4.3
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.
11-12-2018 - 12:29 11-12-2018 - 12:29
CVE-2018-19969 6.8
phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines,
11-12-2018 - 12:29 11-12-2018 - 12:29
CVE-2018-19968 4.0
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created
11-12-2018 - 12:29 11-12-2018 - 12:29
CVE-2018-18359 6.8
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18358 2.9
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18357 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18356 6.8
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18355 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18354 6.8
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18353 4.3
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18352 4.3
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18351 4.3
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18350 4.3
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18349 4.3
Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chr
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18348 4.3
Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18347 6.8
Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18346 4.3
Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18345 4.3
Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18344 4.3
Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18343 6.8
Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18342 6.8
Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a cra
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18341 6.8
An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18340 6.8
Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18339 6.8
Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18338 6.8
Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18337 6.8
Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18336 6.8
Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18335 6.8
Heap