Max CVSS 8.3 Min CVSS 1.5 Total Count224
IDCVSSSummaryLast (major) updatePublished
CVE-2018-4464 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4443 6.8
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4442 6.8
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4441 6.8
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4438 6.8
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4437 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4416 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4392 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4386 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4382 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4378 6.8
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4376 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4375 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4373 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4372 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4361 6.8
A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4359 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4358 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4345 4.3
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4328 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4323 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4319 5.8
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4318 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4317 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4316 6.8
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4315 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4314 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4312 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4309 4.3
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4306 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4299 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4197 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4191 6.8
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2019-5885 5.0
Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-0624 3.5
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
17-01-2019 - 13:29 17-01-2019 - 13:29
CVE-2018-16865 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remo
11-01-2019 - 16:29 11-01-2019 - 16:29
CVE-2018-16864 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash s
11-01-2019 - 15:29 11-01-2019 - 15:29
CVE-2018-4213 6.8
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4212 6.8
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4210 6.8
In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4209 6.8
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4208 6.8
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4207 6.8
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-6179 4.3
Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a cra
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6178 4.3
Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6175 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6174 6.8
Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6173 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6172 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6170 6.8
A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6169 4.3
Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6167 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6166 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6165 4.3
Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6164 4.3
Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6163 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6162 6.8
Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6160 4.3
JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6158 5.1
A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6153 6.8
A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6151 6.8
Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6126 6.8
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6120 6.8
An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-17459 4.3
Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-17458 6.8
An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16088 4.3
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16087 4.3
Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16085 6.8
A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16084 4.3
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16083 6.8
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16082 4.3
An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16081 4.3
Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permissi
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16080 4.3
A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16079 2.6
A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16078 4.3
Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16076 6.8
Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16072 4.3
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16071 6.8
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16068 6.8
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16067 4.3
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16066 4.3
A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16065 6.8
A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-20549 6.8
There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-20548 6.8
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-20547 5.8
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-20546 5.8
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-20545 6.8
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-20544 4.3
There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19.
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-20459 4.3
In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in a
25-12-2018 - 14:29 25-12-2018 - 14:29
CVE-2018-15127 7.5
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-18359 6.8
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18358 2.9
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18357 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18356 6.8
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18355 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18354 6.8
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18353 4.3
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18352 4.3
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18351 4.3
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18350 4.3
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18349 4.3
Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chr
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18348 4.3
Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18347 6.8
Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18346 4.3
Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18345 4.3
Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18344 4.3
Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18343 6.8
Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18342 6.8
Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a cra
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18341 6.8
An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18340 6.8
Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18339 6.8
Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18338 6.8
Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18337 6.8
Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18336 6.8
Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18335 6.8
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-17481 6.8
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-17480 6.8
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-6152 6.8
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to pote
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-19824 4.6
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.
03-12-2018 - 12:29 03-12-2018 - 12:29
CVE-2018-19626 4.3
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination.
28-11-2018 - 23:29 28-11-2018 - 23:29
CVE-2018-19625 4.3
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.
28-11-2018 - 23:29 28-11-2018 - 23:29
CVE-2018-19624 4.3
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.
28-11-2018 - 23:29 28-11-2018 - 23:29
CVE-2018-19623 5.0
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.
28-11-2018 - 23:29 28-11-2018 - 23:29
CVE-2018-19622 5.0
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.
28-11-2018 - 23:29 28-11-2018 - 23:29
CVE-2018-19407 4.9
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
20-11-2018 - 19:29 20-11-2018 - 19:29
CVE-2018-9516 7.2
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for e
07-11-2018 - 06:29 06-11-2018 - 12:29
CVE-2018-18281 4.6
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain f
30-10-2018 - 14:29 30-10-2018 - 14:29
CVE-2018-18710 2.1
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds c
29-10-2018 - 08:29 29-10-2018 - 08:29
CVE-2018-15688 7.5
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
29-10-2018 - 08:29 26-10-2018 - 10:29
CVE-2018-18690 4.9
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_
26-10-2018 - 14:29 26-10-2018 - 14:29
CVE-2018-18585 4.3
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
22-10-2018 - 22:29 22-10-2018 - 22:29
CVE-2018-18584 4.3
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
22-10-2018 - 22:29 22-10-2018 - 22:29
CVE-2018-18386 2.1
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
17-10-2018 - 16:29 17-10-2018 - 16:29
CVE-2018-3282 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3251 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3174 1.9
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3156 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3143 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3133 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows lo
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-14633 8.3
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer over
24-09-2018 - 20:29 24-09-2018 - 20:29
CVE-2018-16597 4.9
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
21-09-2018 - 12:29 21-09-2018 - 12:29
CVE-2018-17182 7.2
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, ma
19-09-2018 - 05:29 19-09-2018 - 05:29
CVE-2018-17098 6.8
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch.
16-09-2018 - 17:29 16-09-2018 - 17:29
CVE-2018-17097 6.8
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.
16-09-2018 - 17:29 16-09-2018 - 17:29
CVE-2018-16658 3.6
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds
07-09-2018 - 10:29 07-09-2018 - 10:29
CVE-2018-16276 7.2
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate
31-08-2018 - 12:29 31-08-2018 - 12:29
CVE-2018-16058 5.0
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.
29-08-2018 - 21:29 29-08-2018 - 21:29
CVE-2018-16057 5.0
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.
29-08-2018 - 21:29 29-08-2018 - 21:29
CVE-2017-15430 4.3
Unsafe navigation in Chromecast in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2018-14617 7.1
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog
27-07-2018 - 00:29 27-07-2018 - 00:29
CVE-2018-14613 7.1
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btr
27-07-2018 - 00:29 27-07-2018 - 00:29
CVE-2018-2767 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-5848 4.6
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-11713 4.3
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections
04-06-2018 - 10:29 04-06-2018 - 10:29
CVE-2018-11359 5.0
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.
22-05-2018 - 17:29 22-05-2018 - 17:29
CVE-2018-11357 5.0
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
22-05-2018 - 17:29 22-05-2018 - 17:29
CVE-2018-11356 5.0
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
22-05-2018 - 17:29 22-05-2018 - 17:29
CVE-2018-10940 4.9
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
09-05-2018 - 13:29 09-05-2018 - 13:29
CVE-2018-10322 4.9
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.
24-04-2018 - 02:29 24-04-2018 - 02:29
CVE-2018-2819 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2817 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2813 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2781 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged a
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2771 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged a
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2761 4.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated a
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2755 3.7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticat
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-9270 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9269 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9268 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9267 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9265 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9263 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9262 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9260 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9259 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-9256 5.0
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.
04-04-2018 - 03:29 04-04-2018 - 03:29
CVE-2018-4165 6.8
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves th
03-04-2018 - 02:29 03-04-2018 - 02:29
CVE-2018-4163 6.8
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is
03-04-2018 - 02:29 03-04-2018 - 02:29
CVE-2018-4162 6.8
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is
03-04-2018 - 02:29 03-04-2018 - 02:29
CVE-2018-4117 4.3
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves
03-04-2018 - 02:29 03-04-2018 - 02:29
CVE-2018-8043 2.1
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
10-03-2018 - 17:29 10-03-2018 - 17:29
CVE-2018-7757 2.1
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy
08-03-2018 - 09:29 08-03-2018 - 09:29
CVE-2018-7755 2.1
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioc
08-03-2018 - 02:29 08-03-2018 - 02:29
CVE-2018-7480 7.2
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
25-02-2018 - 15:29 25-02-2018 - 15:29
CVE-2018-7420 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7418 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7417 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7336 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7331 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7325 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7324 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7323 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7322 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-2668 6.8
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged at
17-01-2018 - 21:29 17-01-2018 - 21:29
CVE-2018-2665 6.8
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged at
17-01-2018 - 21:29 17-01-2018 - 21:29
CVE-2018-2640 6.8
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged at
17-01-2018 - 21:29 17-01-2018 - 21:29
CVE-2018-2622 6.8
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker
17-01-2018 - 21:29 17-01-2018 - 21:29
CVE-2018-2562 7.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged a
17-01-2018 - 21:29 17-01-2018 - 21:29
CVE-2017-17997 5.0
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.
30-12-2017 - 02:29 30-12-2017 - 02:29
CVE-2017-17935 5.0
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that
27-12-2017 - 12:08 27-12-2017 - 12:08
CVE-2017-10384 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacke
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10379 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privilege
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10378 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privile
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10268 1.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high pr
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-15191 5.0
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.
10-10-2017 - 17:29 10-10-2017 - 17:29
CVE-2017-13765 5.0
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
30-08-2017 - 05:29 30-08-2017 - 05:29
CVE-2017-3653 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-3651 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileg
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-3641 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged a
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-3636 4.6
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logo
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-11409 7.8
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.
18-07-2017 - 17:29 18-07-2017 - 17:29
CVE-2017-11407 5.0
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.
18-07-2017 - 17:29 18-07-2017 - 17:29
CVE-2017-11406 7.8
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.
18-07-2017 - 17:29 18-07-2017 - 17:29
CVE-2017-9766 5.0
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.
21-06-2017 - 03:29 21-06-2017 - 03:29
CVE-2016-9843 7.5
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
23-05-2017 - 00:29 23-05-2017 - 00:29
CVE-2017-7747 5.0
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.
18-04-2017 - 17:02 12-04-2017 - 19:59
CVE-2017-7746 5.0
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining leng
18-04-2017 - 17:01 12-04-2017 - 19:59
CVE-2017-7703 5.0
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.
18-04-2017 - 16:57 12-04-2017 - 19:59
CVE-2017-7700 7.1
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.
18-04-2017 - 16:54 12-04-2017 - 19:59
CVE-2015-2573 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
02-01-2017 - 21:59 16-04-2015 - 13:00
CVE-2015-2568 5.0
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.
02-01-2017 - 21:59 16-04-2015 - 13:00
CVE-2015-0441 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.
02-01-2017 - 21:59 16-04-2015 - 12:59
CVE-2015-0433 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.
02-01-2017 - 21:59 16-04-2015 - 12:59
CVE-2015-8612 7.2
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument.
07-12-2016 - 13:28 08-01-2016 - 14:59
Back to Top Mark selected
Back to Top