Max CVSS 10.0 Min CVSS 2.1 Total Count266
IDCVSSSummaryLast (major) updatePublished
CVE-2019-5785 4.3
Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
27-06-2019 - 13:25 27-06-2019 - 13:15
CVE-2019-7090 4.3
Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vuln
24-05-2019 - 15:29 24-05-2019 - 15:29
CVE-2018-18511 4.3
Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.
26-04-2019 - 13:29 26-04-2019 - 13:29
CVE-2018-18510 4.3
The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service (DOS) attack by a malicious s
26-04-2019 - 13:29 26-04-2019 - 13:29
CVE-2018-20506 6.8
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to exe
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-20505 5.0
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-20615 5.0
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are s
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2019-0670 5.8
A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0668 6.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0604 6.5
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-059
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-0594 6.5
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-060
05-03-2019 - 18:29 05-03-2019 - 18:29
CVE-2019-6234 6.8
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6233 6.8
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6229 4.3
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scrip
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6227 6.8
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may le
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6226 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web conte
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6221 6.8
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, iTunes 12.9.3 for Windows. A malicious application may be able to elevate privileges.
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6217 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web conte
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6216 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web conte
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6215 6.8
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary co
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6212 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to
05-03-2019 - 11:29 05-03-2019 - 11:29
CVE-2019-6235 7.5
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3, iTunes 12.9.3 for Windows. A sandboxed process may be able to circumvent sandbox restrictions.
04-03-2019 - 15:29 04-03-2019 - 15:29
CVE-2018-18498 7.5
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-18497 4.3
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to ope
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-18496 6.8
When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Not
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-18495 4.3
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-18494 4.3
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow fo
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-18493 7.5
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-18492 7.5
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firef
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12407 7.5
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox <
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12406 6.8
Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. Th
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12405 7.5
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to r
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12393 5.0
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bou
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12392 7.5
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12390 7.5
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to r
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12389 6.8
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary co
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2019-5782 6.8
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
19-02-2019 - 13:56 19-02-2019 - 12:29
CVE-2019-5775 4.3
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
19-02-2019 - 13:41 19-02-2019 - 12:29
CVE-2019-5781 4.3
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
19-02-2019 - 13:40 19-02-2019 - 12:29
CVE-2019-5777 4.3
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
19-02-2019 - 13:39 19-02-2019 - 12:29
CVE-2019-5776 4.3
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
19-02-2019 - 13:38 19-02-2019 - 12:29
CVE-2019-5779 4.3
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
19-02-2019 - 13:35 19-02-2019 - 12:29
CVE-2019-5780 4.6
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5778 4.3
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileg
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5774 6.8
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .deskto
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5773 4.3
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5772 6.8
Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5771 6.8
An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5770 6.8
Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5769 6.8
Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5768 4.3
DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5767 4.3
Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5766 4.3
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5765 4.3
An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5764 6.8
Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5763 6.8
Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5762 6.8
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5761 6.8
Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5760 6.8
Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5759 6.8
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5758 6.8
Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5757 6.8
An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5756 6.8
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5755 5.8
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2019-5754 4.3
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.
19-02-2019 - 12:29 19-02-2019 - 12:29
CVE-2018-18506 4.3
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This b
05-02-2019 - 16:29 05-02-2019 - 16:29
CVE-2018-18505 7.5
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created
05-02-2019 - 16:29 05-02-2019 - 16:29
CVE-2018-18504 7.5
A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buff
05-02-2019 - 16:29 05-02-2019 - 16:29
CVE-2018-18503 6.8
When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65.
05-02-2019 - 16:29 05-02-2019 - 16:29
CVE-2018-18502 10.0
Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. Th
05-02-2019 - 16:29 05-02-2019 - 16:29
CVE-2018-18501 7.5
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to r
05-02-2019 - 16:29 05-02-2019 - 16:29
CVE-2018-18500 7.5
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affec
05-02-2019 - 16:29 05-02-2019 - 16:29
CVE-2019-1000021 5.0
slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access
04-02-2019 - 16:29 04-02-2019 - 16:29
CVE-2019-1000018 4.6
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An aut
04-02-2019 - 16:29 04-02-2019 - 16:29
CVE-2019-3813 5.4
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
04-02-2019 - 13:29 04-02-2019 - 13:29
CVE-2017-6922 4.0
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rathe
22-01-2019 - 10:29 22-01-2019 - 10:29
CVE-2018-16018 9.3
Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalat
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-16011 9.3
Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code ex
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15983 6.8
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-15982 10.0
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-5741 4.0
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client,
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2018-5740 5.0
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feat
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2018-5737 5.0
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2018-5736 3.5
An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an a
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2018-20721 7.5
URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.
16-01-2019 - 09:29 16-01-2019 - 09:29
CVE-2018-16865 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remo
11-01-2019 - 16:29 11-01-2019 - 16:29
CVE-2018-16864 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash s
11-01-2019 - 15:29 11-01-2019 - 15:29
CVE-2019-0588 4.0
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0586 10.0
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0585 9.3
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, O
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0584 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0583 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0582 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0581 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0580 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0579 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0578 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0577 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0576 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0575 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0574 6.8
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Se
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0573 6.8
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Se
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0572 6.8
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Se
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0571 6.8
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Se
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0570 4.6
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka "Windows Runtime Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Window
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0569 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0568 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0567 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0566 6.8
An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0565 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0561 4.3
An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0560 4.3
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0559 4.3
An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0555 4.4
An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft XmlDocument Elevation of Privilege Vulnerability." This affects Wind
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0554 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0553 2.1
An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka "Windows Subsystem for Linux Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0552 4.6
An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0551 7.7
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Window
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0550 7.7
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Window
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0549 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0547 7.5
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka "Windows DHCP Client Remote Code Execution Vulnerability." This affects Windows 10, Windows 10 Servers.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0545 5.0
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framewor
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0543 4.6
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0541 9.3
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Inte
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0539 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0538 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0536 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2018-1000888 6.8
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is ca
28-12-2018 - 11:29 28-12-2018 - 11:29
CVE-2018-20346 6.8
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by l
21-12-2018 - 16:29 21-12-2018 - 16:29
CVE-2018-19134 6.8
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscri
20-12-2018 - 18:29 20-12-2018 - 18:29
CVE-2018-1000876 4.6
binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows executi
20-12-2018 - 12:29 20-12-2018 - 12:29
CVE-2018-1000858 6.8
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e
20-12-2018 - 12:29 20-12-2018 - 12:29
CVE-2018-15127 7.5
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-16884 6.7
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container
18-12-2018 - 17:29 18-12-2018 - 17:29
CVE-2018-8636 9.3
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Micro
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8627 4.3
An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This aff
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8598 2.6
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8597 9.3
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Micro
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-18356 6.8
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-16863 9.3
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript d
03-12-2018 - 12:29 03-12-2018 - 12:29
CVE-2018-19409 7.5
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
21-11-2018 - 11:29 21-11-2018 - 11:29
CVE-2018-8529 7.5
A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affect
15-11-2018 - 14:29 15-11-2018 - 14:29
CVE-2018-17466 6.8
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-8602 3.5
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-19200 5.0
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.
12-11-2018 - 10:29 12-11-2018 - 10:29
CVE-2018-19199 7.5
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
12-11-2018 - 10:29 12-11-2018 - 10:29
CVE-2018-19198 7.5
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
12-11-2018 - 10:29 12-11-2018 - 10:29
CVE-2018-15688 7.5
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
29-10-2018 - 08:29 26-10-2018 - 10:29
CVE-2018-18690 4.9
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_
26-10-2018 - 14:29 26-10-2018 - 14:29
CVE-2018-18284 6.8
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
19-10-2018 - 18:29 19-10-2018 - 18:29
CVE-2018-18386 2.1
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
17-10-2018 - 16:29 17-10-2018 - 16:29
CVE-2018-18073 4.3
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
15-10-2018 - 12:29 15-10-2018 - 12:29
CVE-2018-17961 6.8
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
15-10-2018 - 12:29 15-10-2018 - 12:29
CVE-2018-15965 10.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15964 5.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15963 5.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15962 5.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15961 10.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15960 6.4
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15959 10.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15958 10.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15957 10.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-17183 6.8
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.
19-09-2018 - 11:29 19-09-2018 - 11:29
CVE-2018-16802 6.8
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe
10-09-2018 - 12:29 10-09-2018 - 12:29
CVE-2018-16658 3.6
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds
07-09-2018 - 10:29 07-09-2018 - 10:29
CVE-2018-14618 10.0
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocat
05-09-2018 - 15:29 05-09-2018 - 15:29
CVE-2018-16543 6.8
In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16540 6.8
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-12829 7.5
Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-15911 6.8
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
28-08-2018 - 00:29 28-08-2018 - 00:29
CVE-2018-10844 4.3
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data
22-08-2018 - 09:29 22-08-2018 - 09:29
CVE-2016-4406 4.3
A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44.
07-08-2018 - 21:29 06-08-2018 - 16:29
CVE-2018-1113 4.6
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell bein
02-07-2018 - 21:29 02-07-2018 - 21:29
CVE-2018-3639 4.9
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi
22-05-2018 - 08:29 22-05-2018 - 08:29
CVE-2018-11236 7.5
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer over
18-05-2018 - 12:29 18-05-2018 - 12:29
CVE-2018-10535 4.3
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" va
29-04-2018 - 11:29 29-04-2018 - 11:29
CVE-2018-10534 4.3
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the valu
29-04-2018 - 11:29 29-04-2018 - 11:29
CVE-2018-10373 4.3
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file
25-04-2018 - 05:29 25-04-2018 - 05:29
CVE-2018-10372 4.3
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.
25-04-2018 - 05:29 25-04-2018 - 05:29
CVE-2018-8945 4.3
The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.
22-03-2018 - 17:29 22-03-2018 - 17:29
CVE-2018-7642 4.3
The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and app
02-03-2018 - 10:29 02-03-2018 - 10:29
CVE-2018-7569 4.3
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF F
28-02-2018 - 16:29 28-02-2018 - 16:29
CVE-2018-7568 4.3
The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corru
28-02-2018 - 16:29 28-02-2018 - 16:29
CVE-2018-6485 7.5
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to
01-02-2018 - 09:29 01-02-2018 - 09:29
CVE-2017-16921 9.0
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell com
08-12-2017 - 10:29 08-12-2017 - 10:29
CVE-2017-13872 9.3
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain
29-11-2017 - 12:29 29-11-2017 - 12:29
CVE-2015-7943 5.8
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and
18-10-2017 - 14:29 18-10-2017 - 14:29
CVE-2017-14482 6.8
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched exten
14-09-2017 - 12:29 14-09-2017 - 12:29
CVE-2017-14130 4.3
The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-rea
04-09-2017 - 16:29 04-09-2017 - 16:29
CVE-2014-9831 6.8
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2017-12640 6.8
ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
07-08-2017 - 11:29 07-08-2017 - 11:29
CVE-2017-12587 6.8
ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
06-08-2017 - 10:29 06-08-2017 - 10:29
CVE-2017-12433 4.3
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c.
04-08-2017 - 06:29 04-08-2017 - 06:29
CVE-2017-12427 4.3
The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.
04-08-2017 - 05:29 04-08-2017 - 05:29
CVE-2017-12418 5.0
ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c.
03-08-2017 - 20:29 03-08-2017 - 20:29
CVE-2017-12140 7.1
The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.
02-08-2017 - 01:29 02-08-2017 - 01:29
CVE-2017-11724 4.3
The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures.
29-07-2017 - 01:29 29-07-2017 - 01:29
CVE-2017-11644 4.3
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c.
26-07-2017 - 04:29 26-07-2017 - 04:29
CVE-2017-11640 4.3
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.
26-07-2017 - 04:29 26-07-2017 - 04:29
CVE-2017-11639 4.3
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h.
26-07-2017 - 04:29 26-07-2017 - 04:29
CVE-2017-11523 7.1
The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.
22-07-2017 - 17:29 22-07-2017 - 17:29
CVE-2017-11450 6.8
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
19-07-2017 - 03:29 19-07-2017 - 03:29
CVE-2017-11449 6.8
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image rec
19-07-2017 - 03:29 19-07-2017 - 03:29
CVE-2017-11448 4.3
The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
19-07-2017 - 03:29 19-07-2017 - 03:29
CVE-2017-11447 4.3
The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service.
19-07-2017 - 03:29 19-07-2017 - 03:29
CVE-2017-11446 7.1
The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.
19-07-2017 - 03:29 19-07-2017 - 03:29
CVE-2017-11360 4.3
The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.
17-07-2017 - 09:18 17-07-2017 - 09:18
CVE-2017-11352 4.3
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.
17-07-2017 - 09:18 17-07-2017 - 09:18
CVE-2017-11188 7.8
The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.
12-07-2017 - 11:29 12-07-2017 - 11:29
CVE-2017-11170 6.8
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.
11-07-2017 - 16:29 11-07-2017 - 16:29
CVE-2017-11141 7.1
The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.
09-07-2017 - 23:29 09-07-2017 - 23:29
CVE-2017-10995 4.3
The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.
07-07-2017 - 12:29 07-07-2017 - 12:29
CVE-2017-10928 6.8
In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mis
05-07-2017 - 07:29 05-07-2017 - 07:29
CVE-2017-9141 4.3
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.
22-05-2017 - 10:29 22-05-2017 - 10:29
CVE-2017-9098 5.0
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a lon
19-05-2017 - 15:29 19-05-2017 - 15:29
CVE-2014-9837 4.3
coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.
09-05-2017 - 08:40 11-04-2017 - 15:59
CVE-2014-9907 4.3
coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.
09-05-2017 - 08:40 19-04-2017 - 10:59
CVE-2016-5010 4.3
coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file.
09-05-2017 - 08:40 20-04-2017 - 14:59
CVE-2016-7515 4.3
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels.
09-05-2017 - 08:40 19-04-2017 - 10:59
CVE-2016-7522 4.3
The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
09-05-2017 - 08:39 19-04-2017 - 10:59
CVE-2016-7528 4.3
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.
09-05-2017 - 08:39 19-04-2017 - 10:59
CVE-2016-7529 4.3
coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file.
09-05-2017 - 08:39 19-04-2017 - 10:59
CVE-2016-7530 4.3
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.
09-05-2017 - 08:39 20-04-2017 - 14:59
CVE-2016-7531 4.3
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.
09-05-2017 - 08:39 19-04-2017 - 10:59
CVE-2016-7533 4.3
The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.
09-05-2017 - 08:39 19-04-2017 - 10:59
CVE-2016-7537 4.3
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.
09-05-2017 - 08:37 19-04-2017 - 10:59
CVE-2017-7941 4.3
The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
09-05-2017 - 08:36 18-04-2017 - 15:59
CVE-2014-9820 6.8
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.
04-04-2017 - 11:44 30-03-2017 - 11:59
CVE-2014-9817 6.8
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.
04-04-2017 - 11:42 30-03-2017 - 11:59
CVE-2014-9815 4.3
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.
04-04-2017 - 11:37 30-03-2017 - 11:59
CVE-2014-9809 4.3
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.
04-04-2017 - 11:35 30-03-2017 - 11:59
CVE-2014-9807 4.3
The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.
04-04-2017 - 11:34 30-03-2017 - 11:59
CVE-2014-9805 4.3
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.
04-04-2017 - 11:31 30-03-2017 - 11:59
CVE-2016-8866 6.8
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because
27-03-2017 - 21:59 15-02-2017 - 14:59
CVE-2016-8862 6.8
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
27-03-2017 - 21:59 15-02-2017 - 14:59
CVE-2016-9556 4.3
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
24-03-2017 - 11:09 23-03-2017 - 14:59
CVE-2014-9835 6.8
Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.
24-03-2017 - 08:39 22-03-2017 - 10:59
CVE-2014-9834 6.8
Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.
24-03-2017 - 08:39 22-03-2017 - 10:59
CVE-2016-7800 5.0
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
23-03-2017 - 21:59 06-02-2017 - 12:59
CVE-2014-9846 7.5
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
22-03-2017 - 15:03 20-03-2017 - 12:59
CVE-2014-9845 4.3
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
22-03-2017 - 15:02 20-03-2017 - 12:59
CVE-2014-9848 5.0
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
22-03-2017 - 13:23 20-03-2017 - 12:59
CVE-2014-9853 4.3
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
21-03-2017 - 09:16 17-03-2017 - 10:59
CVE-2016-9559 4.3
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
02-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2016-9773 4.3
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists bec
23-02-2017 - 11:09 16-02-2017 - 21:59
CVE-2016-8677 6.8
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
22-02-2017 - 14:12 15-02-2017 - 16:59
CVE-2016-8682 5.0
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
17-02-2017 - 09:30 15-02-2017 - 14:59
CVE-2016-8684 6.8
The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
17-02-2017 - 09:22 15-02-2017 - 14:59
CVE-2016-8683 6.8
The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
17-02-2017 - 09:02 15-02-2017 - 14:59
CVE-2016-7997 5.0
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.
23-01-2017 - 18:51 18-01-2017 - 12:59
CVE-2016-7996 7.5
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
23-01-2017 - 18:49 18-01-2017 - 12:59
CVE-2016-7799 4.3
MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
23-01-2017 - 14:56 18-01-2017 - 12:59
CVE-2016-7906 4.3
magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.
23-01-2017 - 14:56 18-01-2017 - 12:59
CVE-2016-7101 4.3
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.
23-01-2017 - 14:53 18-01-2017 - 12:59
CVE-2016-6823 5.0
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
23-01-2017 - 14:53 18-01-2017 - 12:59
CVE-2016-5118 10.0
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
03-01-2017 - 21:59 10-06-2016 - 11:59
CVE-2016-8707 6.8
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code ex
27-12-2016 - 21:59 23-12-2016 - 17:59
CVE-2015-5435 4.0
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors.
23-12-2016 - 21:59 29-09-2015 - 21:59
CVE-2016-6491 6.8
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.
16-12-2016 - 15:04 13-12-2016 - 10:59
CVE-2016-5841 7.5
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
14-12-2016 - 22:02 13-12-2016 - 10:59
CVE-2015-2106 6.4
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors.
29-11-2016 - 22:01 31-03-2015 - 06:59
CVE-2016-3189 4.3
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
28-11-2016 - 15:06 30-06-2016 - 13:59
CVE-2013-4843 6.8
Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.
19-11-2013 - 13:12 17-11-2013 - 22:55
CVE-2013-4842 4.3
Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19-11-2013 - 13:10 17-11-2013 - 22:55
CVE-2012-1892 4.3
Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
02-11-2013 - 23:23 11-09-2012 - 14:55
CVE-2012-3271 9.3
Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors.
18-04-2013 - 23:23 29-11-2012 - 08:14
Back to Top Mark selected
Back to Top