Max CVSS 10.0 Min CVSS 2.1 Total Count58
IDCVSSSummaryLast (major) updatePublished
CVE-2018-6147 2.1
Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6144 6.8
Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6143 4.3
Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6141 6.8
Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6140 9.3
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6139 6.8
Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6137 4.3
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6135 4.3
Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6133 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6127 6.8
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6126 6.8
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6124 6.8
Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6123 4.3
A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-1000204 6.3
** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fix
26-06-2018 - 10:29 26-06-2018 - 10:29
CVE-2018-3665 4.7
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
21-06-2018 - 16:29 21-06-2018 - 16:29
CVE-2018-10841 6.5
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like ad
20-06-2018 - 14:29 20-06-2018 - 14:29
CVE-2018-12291 5.0
The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.
13-06-2018 - 10:29 13-06-2018 - 10:29
CVE-2018-5848 4.6
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-5803 4.9
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
12-06-2018 - 12:29 12-06-2018 - 12:29
CVE-2011-3172 10.0
A vulnerability in pam_modules of SUSE SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE SUSE Linux Enterprise: versions prior to 12.
08-06-2018 - 09:29 08-06-2018 - 09:29
CVE-2018-11235 6.8
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that
30-05-2018 - 00:29 30-05-2018 - 00:29
CVE-2018-1130 4.9
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
10-05-2018 - 09:29 10-05-2018 - 09:29
CVE-2018-2814 5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unaut
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2800 4.0
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker wit
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2799 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabil
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2798 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vuln
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2797 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vuln
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2796 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vul
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2795 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2794 3.7
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated att
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2790 2.6
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unau
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2783 5.8
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit v
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2017-13305 5.0
A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.
04-04-2018 - 12:29 04-04-2018 - 12:29
CVE-2018-1094 7.1
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system
01-04-2018 - 23:29 01-04-2018 - 23:29
CVE-2018-1093 7.1
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bi
01-04-2018 - 23:29 01-04-2018 - 23:29
CVE-2018-1092 7.1
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and
01-04-2018 - 23:29 01-04-2018 - 23:29
CVE-2018-7183 7.5
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
08-03-2018 - 15:29 08-03-2018 - 15:29
CVE-2018-7185 5.0
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association
06-03-2018 - 15:29 06-03-2018 - 15:29
CVE-2018-7184 5.0
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset
06-03-2018 - 15:29 06-03-2018 - 15:29
CVE-2018-7182 5.0
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
06-03-2018 - 15:29 06-03-2018 - 15:29
CVE-2018-7170 3.5
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sy
06-03-2018 - 15:29 06-03-2018 - 15:29
CVE-2018-7492 4.9
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.
26-02-2018 - 15:29 26-02-2018 - 15:29
CVE-2018-1417 6.8
Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.
22-02-2018 - 14:29 22-02-2018 - 14:29
CVE-2017-5715 4.7
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
04-01-2018 - 08:29 04-01-2018 - 08:29
CVE-2017-1000469 10.0
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
03-01-2018 - 15:29 03-01-2018 - 15:29
CVE-2017-11547 4.3
The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the Ti
31-07-2017 - 09:29 31-07-2017 - 09:29
CVE-2017-11546 4.3
The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background op
31-07-2017 - 09:29 31-07-2017 - 09:29
CVE-2017-10800 4.3
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.
02-07-2017 - 21:29 02-07-2017 - 21:29
CVE-2017-10799 4.3
When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().
02-07-2017 - 21:29 02-07-2017 - 21:29
CVE-2017-10794 4.3
When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.
02-07-2017 - 18:29 02-07-2017 - 18:29
CVE-2017-8350 4.3
In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
11-05-2017 - 21:29 30-04-2017 - 13:59
CVE-2016-7800 5.0
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
23-03-2017 - 21:59 06-02-2017 - 12:59
CVE-2017-6335 4.3
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.
14-03-2017 - 15:28 14-03-2017 - 10:59
CVE-2016-9830 4.3
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
02-03-2017 - 10:35 01-03-2017 - 15:59
CVE-2016-7997 5.0
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.
23-01-2017 - 18:51 18-01-2017 - 12:59
CVE-2016-7996 7.5
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
23-01-2017 - 18:49 18-01-2017 - 12:59
CVE-2016-1549 4.0
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2015-4000 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie
30-12-2016 - 21:59 20-05-2015 - 20:59
Back to Top Mark selected
Back to Top