Max CVSS 10.0 Min CVSS 2.1 Total Count94
IDCVSSSummaryLast (major) updatePublished
CVE-2018-6056 6.8
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6083 6.8
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6082 4.3
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6081 4.3
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6080 4.3
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6079 4.3
Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6078 4.3
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6077 4.3
Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6076 4.3
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6075 4.3
Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6074 6.8
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6073 6.8
A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6072 6.8
An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6071 6.8
An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6070 4.3
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6069 4.3
Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6068 4.3
Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6067 6.8
Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6066 4.3
Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6065 6.8
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6064 6.8
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6063 6.8
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6062 6.8
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6061 5.1
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6060 6.8
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6057 6.8
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2017-15396 4.3
A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption
28-08-2018 - 16:29 28-08-2018 - 16:29
CVE-2017-15427 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15426 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15425 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15424 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15423 5.0
Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15422 4.3
Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15420 4.3
Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15419 4.3
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15418 4.3
Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15417 2.6
Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15416 4.3
Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15415 4.3
Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15413 6.8
Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15412 6.8
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15411 6.8
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15410 6.8
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15409 6.8
Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15408 6.8
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15407 6.8
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15119 5.0
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client
27-07-2018 - 12:29 27-07-2018 - 12:29
CVE-2018-5148 7.5
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5146 6.8
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-7600 7.5
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
29-03-2018 - 03:29 29-03-2018 - 03:29
CVE-2018-0739 4.3
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used w
27-03-2018 - 17:29 27-03-2018 - 17:29
CVE-2018-1000140 7.5
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to
23-03-2018 - 17:29 23-03-2018 - 17:29
CVE-2018-1141 4.4
When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in
20-03-2018 - 14:29 20-03-2018 - 14:29
CVE-2018-8088 7.5
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
20-03-2018 - 12:29 20-03-2018 - 12:29
CVE-2018-8740 5.0
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
16-03-2018 - 21:29 16-03-2018 - 20:29
CVE-2018-1324 4.3
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service
16-03-2018 - 09:29 16-03-2018 - 09:29
CVE-2018-7033 7.5
SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD.
15-03-2018 - 18:29 15-03-2018 - 18:29
CVE-2017-18232 2.1
The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.
15-03-2018 - 00:29 15-03-2018 - 00:29
CVE-2018-1050 2.9
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls c
13-03-2018 - 12:29 13-03-2018 - 12:29
CVE-2018-7563 4.3
An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute J
12-03-2018 - 17:29 12-03-2018 - 17:29
CVE-2018-7889 6.8
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
08-03-2018 - 16:29 08-03-2018 - 16:29
CVE-2018-7550 4.6
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or
01-03-2018 - 12:29 01-03-2018 - 12:29
CVE-2018-7420 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7419 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7418 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7417 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7337 5.0
In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7336 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7335 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7334 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7320 5.0
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets.
23-02-2018 - 17:29 23-02-2018 - 17:29
CVE-2018-7225 7.5
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an
19-02-2018 - 10:29 19-02-2018 - 10:29
CVE-2018-1000051 6.8
Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.
09-02-2018 - 18:29 09-02-2018 - 18:29
CVE-2018-6836 7.5
The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspec
08-02-2018 - 02:29 08-02-2018 - 02:29
CVE-2018-6544 4.3
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.
02-02-2018 - 04:29 02-02-2018 - 04:29
CVE-2017-18043 2.1
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).
31-01-2018 - 15:29 31-01-2018 - 15:29
CVE-2018-6406 6.8
The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (
30-01-2018 - 16:29 30-01-2018 - 16:29
CVE-2018-5683 2.1
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
23-01-2018 - 13:29 23-01-2018 - 13:29
CVE-2017-18030 2.1
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
23-01-2018 - 13:29 23-01-2018 - 13:29
CVE-2018-5335 4.3
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.
11-01-2018 - 16:29 11-01-2018 - 16:29
CVE-2018-5334 4.3
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.
11-01-2018 - 16:29 11-01-2018 - 16:29
CVE-2017-15124 7.8
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VN
09-01-2018 - 16:29 09-01-2018 - 16:29
CVE-2017-5715 4.7
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
04-01-2018 - 08:29 04-01-2018 - 08:29
CVE-2017-17997 5.0
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.
30-12-2017 - 02:29 30-12-2017 - 02:29
CVE-2017-3738 4.3
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult
07-12-2017 - 11:29 07-12-2017 - 11:29
CVE-2017-17381 2.1
The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.
06-12-2017 - 21:29 06-12-2017 - 21:29
CVE-2017-16845 7.5
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
17-11-2017 - 15:29 17-11-2017 - 15:29
CVE-2017-16820 10.0
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).
14-11-2017 - 16:29 14-11-2017 - 16:29
CVE-2017-9766 5.0
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.
21-06-2017 - 03:29 21-06-2017 - 03:29
CVE-2017-9617 4.3
In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.
14-06-2017 - 16:29 14-06-2017 - 16:29
CVE-2017-9616 4.3
In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.
14-06-2017 - 16:29 14-06-2017 - 16:29
CVE-2017-6014 7.8
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attem
17-02-2017 - 12:22 17-02-2017 - 02:59
CVE-2016-9942 7.5
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type
17-01-2017 - 21:59 31-12-2016 - 13:59
CVE-2016-9941 7.5
Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subr
17-01-2017 - 21:59 31-12-2016 - 13:59
Back to Top Mark selected
Back to Top