Max CVSS 10.0 Min CVSS 1.9 Total Count105
IDCVSSSummaryLast (major) updatePublished
CVE-2018-18849 2.1
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2019-0588 4.0
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0586 10.0
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0585 9.3
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, O
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0584 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0583 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0582 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0581 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0580 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0579 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0578 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0577 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0576 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0575 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0574 6.8
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Se
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0573 6.8
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Se
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0572 6.8
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Se
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0571 6.8
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Se
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0570 4.6
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka "Windows Runtime Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Window
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0569 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0568 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0567 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0566 6.8
An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0565 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0561 4.3
An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0560 4.3
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0559 4.3
An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0555 4.4
An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft XmlDocument Elevation of Privilege Vulnerability." This affects Wind
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0554 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0553 2.1
An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka "Windows Subsystem for Linux Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0552 4.6
An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0551 7.7
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Window
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0550 7.7
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Window
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0549 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0547 7.5
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka "Windows DHCP Client Remote Code Execution Vulnerability." This affects Windows 10, Windows 10 Servers.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0545 5.0
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framewor
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0543 4.6
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0541 9.3
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Inte
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0539 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0538 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2019-0536 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2018-19134 6.8
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscri
20-12-2018 - 18:29 20-12-2018 - 18:29
CVE-2018-1000858 6.8
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e
20-12-2018 - 12:29 20-12-2018 - 12:29
CVE-2018-19967 4.9
An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE ins
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-19966 7.2
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow pagi
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-19965 4.7
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-19962 6.9
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-19961 6.9
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-19665 2.7
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
06-12-2018 - 18:29 06-12-2018 - 18:29
CVE-2018-19409 7.5
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
21-11-2018 - 11:29 21-11-2018 - 11:29
CVE-2018-18438 2.1
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
19-10-2018 - 18:29 19-10-2018 - 18:29
CVE-2018-18284 6.8
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
19-10-2018 - 18:29 19-10-2018 - 18:29
CVE-2018-10839 4.0
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to cra
16-10-2018 - 10:29 16-10-2018 - 10:29
CVE-2018-18073 4.3
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
15-10-2018 - 12:29 15-10-2018 - 12:29
CVE-2018-17961 6.8
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
15-10-2018 - 12:29 15-10-2018 - 12:29
CVE-2018-17963 7.5
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
09-10-2018 - 18:29 09-10-2018 - 18:29
CVE-2018-17962 5.0
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
09-10-2018 - 18:29 09-10-2018 - 18:29
CVE-2018-17958 5.0
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
09-10-2018 - 18:29 09-10-2018 - 18:29
CVE-2018-17183 6.8
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.
19-09-2018 - 11:29 19-09-2018 - 11:29
CVE-2018-16802 6.8
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe
10-09-2018 - 12:29 10-09-2018 - 12:29
CVE-2018-16541 4.3
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16539 4.3
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2017-15412 6.8
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2018-15911 6.8
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
28-08-2018 - 00:29 28-08-2018 - 00:29
CVE-2018-10844 4.3
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data
22-08-2018 - 09:29 22-08-2018 - 09:29
CVE-2018-15473 5.0
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-
17-08-2018 - 15:29 17-08-2018 - 15:29
CVE-2018-10873 6.5
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its p
17-08-2018 - 08:29 17-08-2018 - 08:29
CVE-2018-0618 3.5
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
26-07-2018 - 13:29 26-07-2018 - 13:29
CVE-2018-13988 4.3
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitab
25-07-2018 - 19:29 25-07-2018 - 19:29
CVE-2018-10906 4.6
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_
24-07-2018 - 16:29 24-07-2018 - 16:29
CVE-2018-1999010 7.5
FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connect
23-07-2018 - 11:29 23-07-2018 - 11:29
CVE-2018-14394 4.3
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file.
19-07-2018 - 01:29 19-07-2018 - 01:29
CVE-2018-13796 4.3
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
12-07-2018 - 14:29 12-07-2018 - 14:29
CVE-2018-12327 7.5
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whet
20-06-2018 - 10:29 20-06-2018 - 10:29
CVE-2018-0495 1.9
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka
13-06-2018 - 19:29 13-06-2018 - 19:29
CVE-2018-0732 5.0
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime result
12-06-2018 - 09:29 12-06-2018 - 09:29
CVE-2018-3639 4.9
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi
22-05-2018 - 08:29 22-05-2018 - 08:29
CVE-2017-18267 4.3
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
10-05-2018 - 11:29 10-05-2018 - 11:29
CVE-2018-0737 4.3
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixe
17-04-2018 - 21:29 16-04-2018 - 14:29
CVE-2018-0739 4.3
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used w
27-03-2018 - 17:29 27-03-2018 - 17:29
CVE-2018-7557 4.3
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.