threat
engine
.sh
Back
·
··:··
Home
/
Product
/
redhat enterprise linux server
Product
redhat enterprise linux server
500 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-6021
all versions
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-base
7.5
HIGH
CVE-2025-2784
all versions
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_white
7.0
HIGH
CVE-2024-12085
all versions
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate
7.5
HIGH
CVE-2024-1086
all versions
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege es
7.8
HIGH
CVE-2024-0409
all versions
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It u
7.8
HIGH
CVE-2024-0408
all versions
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabe
5.5
MEDIUM
CVE-2023-6816
all versions
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button current
9.8
CRITICAL
CVE-2023-5455
all versions
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows
6.5
MEDIUM
CVE-2023-5869
all versions
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks
8.8
HIGH
CVE-2023-46847
all versions
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of a
8.6
HIGH
CVE-2023-3972
all versions
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of
7.8
HIGH
CVE-2023-5367
all versions
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset
7.8
HIGH
CVE-2023-3899
all versions
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bu
7.8
HIGH
CVE-2023-0494
all versions
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by
7.8
HIGH
CVE-2019-8720
all versions
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitr
8.8
HIGH
CVE-2022-4254
all versions
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
8.8
HIGH
CVE-2015-1931
all versions
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1
5.5
MEDIUM
CVE-2014-0148
all versions
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating B
5.5
MEDIUM
CVE-2014-0147
all versions
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable t
6.2
MEDIUM
CVE-2014-0144
all versions
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corr
8.6
HIGH
CVE-2022-2739
all versions
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version
5.3
MEDIUM
CVE-2022-2738
all versions
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version
7.5
HIGH
CVE-2022-1227
all versions
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. O
8.8
HIGH
CVE-2022-0330
all versions
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicio
7.8
HIGH
CVE-2021-3656
all versions
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual
8.8
HIGH
CVE-2021-44142
all versions
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients
8.8
HIGH
CVE-2021-4091
all versions
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a
7.5
HIGH
CVE-2020-25717
all versions
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possibl
8.1
HIGH
CVE-2016-2124
all versions
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext passw
5.9
MEDIUM
CVE-2021-4034
all versions
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed
7.8
HIGH
CVE-2019-14850
all versions
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit serv
3.7
LOW
CVE-2020-3864
all versions
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows,
7.8
HIGH
CVE-2019-8846
all versions
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, i
8.8
HIGH
CVE-2019-8844
all versions
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, i
8.8
HIGH
CVE-2019-8835
all versions
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windo
8.8
HIGH
CVE-2020-14300
all versions
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053
8.8
HIGH
CVE-2020-14298
all versions
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version
8.8
HIGH
CVE-2020-10751
all versions
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb
6.1
MEDIUM
CVE-2020-10531
all versions
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a he
8.8
HIGH
CVE-2020-6418
all versions
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via
8.8
HIGH
CVE-2020-6386
all versions
Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption
8.8
HIGH
CVE-2020-6384
all versions
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruptio
8.8
HIGH
CVE-2020-6383
all versions
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via
8.8
HIGH
CVE-2020-3757
all versions
Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier hav
8.8
HIGH
CVE-2020-8945
all versions
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pull
7.5
HIGH
CVE-2013-4535
all versions
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a
8.8
HIGH
CVE-2020-6416
all versions
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit he
8.8
HIGH
CVE-2020-6415
all versions
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit
8.8
HIGH
CVE-2020-6408
all versions
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sens
6.5
MEDIUM
CVE-2020-6406
all versions
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption vi
8.8
HIGH
CVE-2020-6404
all versions
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap
8.8
HIGH
CVE-2020-6403
all versions
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents
4.3
MEDIUM
CVE-2020-6402
all versions
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a us
8.8
HIGH
CVE-2020-6400
all versions
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data vi
6.5
MEDIUM
CVE-2020-6398
all versions
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap c
8.8
HIGH
CVE-2020-6397
all versions
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via
6.5
MEDIUM
CVE-2020-6396
all versions
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the
4.3
MEDIUM
CVE-2020-6394
all versions
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content securi
5.4
MEDIUM
CVE-2020-6393
all versions
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin dat
6.5
MEDIUM
CVE-2020-6392
all versions
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to i
4.3
MEDIUM
CVE-2020-6391
all versions
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass cont
4.3
MEDIUM
CVE-2020-6390
all versions
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit hea
8.8
HIGH
CVE-2020-6385
all versions
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolati
8.8
HIGH
CVE-2020-6382
all versions
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corrupti
8.8
HIGH
CVE-2020-6381
all versions
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potenti
8.8
HIGH
CVE-2019-15605
all versions
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
9.8
CRITICAL
CVE-2013-4166
all versions
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9
7.5
HIGH
CVE-2014-8141
all versions
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbit
7.8
HIGH
CVE-2014-8140
all versions
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbi
7.8
HIGH
CVE-2014-8139
all versions
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrar
7.8
HIGH
CVE-2011-4088
all versions
ABRT might allow attackers to obtain sensitive information from crash reports.
7.5
HIGH
CVE-2020-2659
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affe
3.7
LOW
CVE-2020-2604
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
8.1
HIGH
CVE-2020-2601
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affect
6.8
MEDIUM
CVE-2020-2593
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affe
4.8
MEDIUM
CVE-2020-2590
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affect
3.7
LOW
CVE-2020-2583
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
3.7
LOW
CVE-2015-3147
all versions
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allo
6.5
MEDIUM
CVE-2014-7844
all versions
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
7.8
HIGH
CVE-2020-6851
all versions
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k
7.5
HIGH
CVE-2019-17024
all versions
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of m
8.8
HIGH
CVE-2019-17022
all versions
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > chara
6.1
MEDIUM
CVE-2019-17017
all versions
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that wit
8.8
HIGH
CVE-2019-17016
all versions
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace r
6.1
MEDIUM
CVE-2019-19925
all versions
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
7.5
HIGH
CVE-2019-19923
all versions
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-h
7.5
HIGH
CVE-2019-19926
all versions
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRew
7.5
HIGH
CVE-2018-1311
all versions
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This
8.1
HIGH
CVE-2019-8816
all versions
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, t
8.8
HIGH
CVE-2019-8815
all versions
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, t
8.8
HIGH
CVE-2019-8814
all versions
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, t
8.8
HIGH
CVE-2019-8689
all versions
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.1
8.8
HIGH
CVE-2019-8688
all versions
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.1
8.8
HIGH
CVE-2019-8684
all versions
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.1
8.8
HIGH
CVE-2019-8676
all versions
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.1
8.8
HIGH
CVE-2019-8672
all versions
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.1
8.8
HIGH
CVE-2019-8669
all versions
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.1
8.8
HIGH
CVE-2019-8544
all versions
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Sa
8.8
HIGH
CVE-2019-8536
all versions
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Sa
8.8
HIGH
CVE-2019-8535
all versions
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, i
8.8
HIGH
CVE-2019-8506
all versions
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safar
8.8
HIGH
CVE-2019-19880
all versions
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant intege
7.5
HIGH
CVE-2019-13764
all versions
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corrupti
8.8
HIGH
CVE-2019-13763
all versions
Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised t
4.3
MEDIUM
CVE-2019-13762
all versions
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof d
3.3
LOW
CVE-2019-13761
all versions
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via I
4.3
MEDIUM
CVE-2019-13759
all versions
Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing
4.3
MEDIUM
CVE-2019-13758
all versions
Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypas
4.3
MEDIUM
CVE-2019-13757
all versions
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via I
4.3
MEDIUM
CVE-2019-13756
all versions
Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via
4.3
MEDIUM
CVE-2019-13755
all versions
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensio
4.3
MEDIUM
CVE-2019-13754
all versions
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigatio
4.3
MEDIUM
CVE-2019-13753
all versions
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive info
6.5
MEDIUM
CVE-2019-13752
all versions
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive info
6.5
MEDIUM
CVE-2019-13751
all versions
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive info
6.5
MEDIUM
CVE-2019-13750
all versions
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth
6.5
MEDIUM
CVE-2019-13749
all versions
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of
6.5
MEDIUM
CVE-2019-13748
all versions
Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain poten
6.5
MEDIUM
CVE-2019-13747
all versions
Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit
8.8
HIGH
CVE-2019-13746
all versions
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents
6.5
MEDIUM
CVE-2019-13745
all versions
Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin dat
6.5
MEDIUM
CVE-2019-13744
all versions
Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin d
6.5
MEDIUM
CVE-2019-13743
all versions
Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof secu
6.5
MEDIUM
CVE-2019-13742
all versions
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of
6.5
MEDIUM
CVE-2019-13741
all versions
Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same
8.8
HIGH
CVE-2019-13740
all versions
Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a
6.5
MEDIUM
CVE-2019-13739
all versions
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoo
6.5
MEDIUM
CVE-2019-13738
all versions
Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isol
6.5
MEDIUM
CVE-2019-13737
all versions
Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potenti
6.5
MEDIUM
CVE-2019-13736
all versions
Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption
8.8
HIGH
CVE-2019-13735
all versions
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code insid
8.8
HIGH
CVE-2019-13734
all versions
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corrupt
8.8
HIGH
CVE-2019-13732
all versions
Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption
8.8
HIGH
CVE-2019-13730
all versions
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corrupti
8.8
HIGH
CVE-2019-13729
all versions
Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corrupti
8.8
HIGH
CVE-2019-13728
all versions
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap cor
8.8
HIGH
CVE-2019-13727
all versions
Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same orig
8.8
HIGH
CVE-2019-13726
all versions
Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via
8.8
HIGH
CVE-2019-13725
all versions
Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a craft
8.8
HIGH
CVE-2019-5544
all versions
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issu
9.8
CRITICAL
CVE-2011-2515
all versions
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trus
5.3
MEDIUM
CVE-2019-10216
all versions
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to by
7.8
HIGH
CVE-2019-13723
all versions
Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer
8.8
HIGH
CVE-2012-6136
all versions
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
5.5
MEDIUM
CVE-2018-12207
all versions
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an aut
6.5
MEDIUM
CVE-2019-11135
all versions
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enabl
6.5
MEDIUM
CVE-2019-6470
all versions
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There
6.5
MEDIUM
CVE-2019-11043
all versions
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possibl
8.7
HIGH
CVE-2019-17596
all versions
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public ke
7.5
HIGH
CVE-2019-17631
all versions
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted
9.1
CRITICAL
CVE-2019-14287
all versions
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM
8.8
HIGH
CVE-2019-2999
all versions
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u2
4.7
MEDIUM
CVE-2019-2996
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is af
4.2
MEDIUM
CVE-2019-2992
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are
3.7
LOW
CVE-2019-2989
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affe
6.8
MEDIUM
CVE-2019-2988
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are
3.7
LOW
CVE-2019-2987
all versions
Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 a
3.7
LOW
CVE-2019-2983
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
3.7
LOW
CVE-2019-2981
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected a
3.7
LOW
CVE-2019-2978
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affe
3.7
LOW
CVE-2019-2975
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affec
4.8
MEDIUM
CVE-2019-2973
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected a
3.7
LOW
CVE-2019-2964
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are aff
3.7
LOW
CVE-2019-2962
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are
3.7
LOW
CVE-2019-2949
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affect
6.8
MEDIUM
CVE-2019-2945
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affe
3.1
LOW
CVE-2019-14823
all versions
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, wher
7.4
HIGH
CVE-2019-17055
all versions
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce C
3.3
LOW
CVE-2019-14816
all versions
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel,
7.8
HIGH
CVE-2019-14821
all versions
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor im
8.8
HIGH
CVE-2019-14835
all versions
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates
7.8
HIGH
CVE-2019-14813
all versions
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its p
9.8
CRITICAL
CVE-2019-1125
all versions
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacke
5.6
MEDIUM
CVE-2019-9506
all versions
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not pre
8.1
HIGH
CVE-2019-9514
all versions
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a numb
7.5
HIGH
CVE-2019-14744
all versions
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user
7.8
HIGH
CVE-2019-10168
all versions
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.
7.8
HIGH
CVE-2019-10167
all versions
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" a
7.8
HIGH
CVE-2019-10166
all versions
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the vir
7.8
HIGH
CVE-2019-10182
all versions
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attack
8.2
HIGH
CVE-2019-10153
all versions
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other f
5.0
MEDIUM
CVE-2018-16871
all versions
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is a
7.5
HIGH
CVE-2019-11775
all versions
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out
7.4
HIGH
CVE-2019-2816
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are
4.8
MEDIUM
CVE-2019-2805
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected a
6.5
MEDIUM
CVE-2019-2786
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are a
3.4
LOW
CVE-2019-2769
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are
5.3
MEDIUM
CVE-2019-2762
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are
5.3
MEDIUM
CVE-2019-2740
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are
6.5
MEDIUM
CVE-2019-1010238
all versions
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code
9.8
CRITICAL
CVE-2019-13616
all versions
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_bli
8.1
HIGH
CVE-2019-3896
all versions
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use t
7.0
HIGH
CVE-2019-10126
all versions
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/
9.8
CRITICAL
CVE-2019-7845
all versions
Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vuln
8.8
HIGH
CVE-2019-10160
all versions
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting ve
9.8
CRITICAL
CVE-2019-9755
all versions
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g wi
7.0
HIGH
CVE-2019-7837
all versions
Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulne
8.8
HIGH
CVE-2019-11833
all versions
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which mig
5.5
MEDIUM
CVE-2019-11811
all versions
An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports af
7.0
HIGH
CVE-2019-2698
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u2
8.1
HIGH
CVE-2019-2697
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u2
8.1
HIGH
CVE-2019-2684
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affect
5.9
MEDIUM
CVE-2019-2627
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
4.9
MEDIUM
CVE-2019-2614
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
4.4
MEDIUM
CVE-2019-2602
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
7.5
HIGH
CVE-2019-0223
all versions
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C libr
7.4
HIGH
CVE-2019-11235
all versions
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the receiv
9.8
CRITICAL
CVE-2019-10245
all versions
In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of b
7.5
HIGH
CVE-2019-3460
all versions
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
6.5
MEDIUM
CVE-2019-3459
all versions
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
6.5
MEDIUM
CVE-2019-0217
all versions
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could al
7.5
HIGH
CVE-2019-0160
all versions
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or
9.8
CRITICAL
CVE-2019-3878
all versions
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is con
8.1
HIGH
CVE-2019-3857
all versions
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHAN
8.8
HIGH
CVE-2019-3856
all versions
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard p
8.8
HIGH
CVE-2019-3838
all versions
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially
5.5
MEDIUM
CVE-2019-3835
all versions
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted
5.5
MEDIUM
CVE-2019-3863
all versions
A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard
7.5
HIGH
CVE-2019-9948
all versions
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protecti
9.1
CRITICAL
CVE-2019-3855
all versions
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are
8.8
HIGH
CVE-2019-7222
all versions
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
5.5
MEDIUM
CVE-2019-7221
all versions
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
7.8
HIGH
CVE-2019-6454
all versions
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-len
5.5
MEDIUM
CVE-2019-6116
all versions
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote cod
7.8
HIGH
CVE-2019-3816
all versions
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openws
7.5
HIGH
CVE-2019-9636
all versions
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc)
9.8
CRITICAL
CVE-2018-18498
all versions
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is
9.8
CRITICAL
CVE-2018-18494
all versions
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause
6.5
MEDIUM
CVE-2018-18493
all versions
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due
9.8
CRITICAL
CVE-2018-18492
all versions
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the o
9.8
CRITICAL
CVE-2018-12405
all versions
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bug
9.8
CRITICAL
CVE-2018-12397
all versions
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for
7.1
HIGH
CVE-2018-12396
all versions
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This all
6.5
MEDIUM
CVE-2018-12395
all versions
By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fron
7.5
HIGH
CVE-2018-12393
all versions
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF
7.5
HIGH
CVE-2018-12392
all versions
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exp
9.8
CRITICAL
CVE-2018-12390
all versions
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bug
9.8
CRITICAL
CVE-2018-12389
all versions
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed eviden
8.8
HIGH
CVE-2019-1559
all versions
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to
5.9
MEDIUM
CVE-2019-5782
all versions
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary cod
8.8
HIGH
CVE-2019-5781
all versions
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof
6.5
MEDIUM
CVE-2019-5780
all versions
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local at
7.8
HIGH
CVE-2019-5779
all versions
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigat
4.3
MEDIUM
CVE-2019-5778
all versions
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allo
6.5
MEDIUM
CVE-2019-5777
all versions
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof
6.5
MEDIUM
CVE-2019-5776
all versions
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof
6.5
MEDIUM
CVE-2019-5775
all versions
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof
6.5
MEDIUM
CVE-2019-5774
all versions
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81
8.8
HIGH
CVE-2019-5773
all versions
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised t
6.5
MEDIUM
CVE-2019-5772
all versions
Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker t
8.8
HIGH
CVE-2019-5771
all versions
An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitr
8.8
HIGH
CVE-2019-5770
all versions
Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bound
8.8
HIGH
CVE-2019-5769
all versions
Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed
8.8
HIGH
CVE-2019-5768
all versions
DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker w
6.5
MEDIUM
CVE-2019-5767
all versions
Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who conv
6.5
MEDIUM
CVE-2019-5766
all versions
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cro
6.5
MEDIUM
CVE-2019-5765
all versions
An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain
5.5
MEDIUM
CVE-2019-5764
all versions
Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit hea
8.8
HIGH
CVE-2019-5763
all versions
Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit he
8.8
HIGH
CVE-2019-5762
all versions
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute
8.8
HIGH
CVE-2019-5761
all versions
Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potential
8.8
HIGH
CVE-2019-5760
all versions
Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially
8.8
HIGH
CVE-2019-5759
all versions
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote att
9.6
CRITICAL
CVE-2019-5758
all versions
Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exp
8.8
HIGH
CVE-2019-5757
all versions
An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit
8.8
HIGH
CVE-2019-5756
all versions
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute
8.8
HIGH
CVE-2019-5755
all versions
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary re
8.1
HIGH
CVE-2019-5754
all versions
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of
6.5
MEDIUM
CVE-2019-8383
all versions
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png
7.8
HIGH
CVE-2019-8379
all versions
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in
7.8
HIGH
CVE-2019-6974
all versions
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race
8.1
HIGH
CVE-2019-8308
all versions
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to
8.2
HIGH
CVE-2019-5736
all versions
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and
8.6
HIGH
CVE-2018-12549
all versions
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe ca
9.8
CRITICAL
CVE-2018-12547
all versions
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter
9.8
CRITICAL
CVE-2019-7665
all versions
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A cr
5.5
MEDIUM
CVE-2019-7664
all versions
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow ch
5.5
MEDIUM
CVE-2018-18506
all versions
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded loca
5.9
MEDIUM
CVE-2018-18505
all versions
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication betwee
10.0
CRITICAL
CVE-2018-18501
all versions
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bug
9.8
CRITICAL
CVE-2018-18500
all versions
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the s
9.8
CRITICAL
CVE-2019-1000020
all versions
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with
6.5
MEDIUM
CVE-2019-1000019
all versions
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bou
6.5
MEDIUM
CVE-2019-3813
all versions
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This
7.5
HIGH
CVE-2019-7310
all versions
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) al
7.8
HIGH
CVE-2019-7150
all versions
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.
5.5
MEDIUM
CVE-2019-3815
all versions
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_re
3.3
LOW
CVE-2018-16881
all versions
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to
7.5
HIGH
CVE-2018-15982
all versions
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitat
7.8
HIGH
CVE-2018-5740
all versions
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding
7.5
HIGH
CVE-2018-5733
all versions
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually ov
7.5
HIGH
CVE-2017-3145
all versions
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free
7.5
HIGH
CVE-2017-3144
all versions
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket d
7.5
HIGH
CVE-2017-3143
all versions
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name
7.5
HIGH
CVE-2017-3142
all versions
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name
5.3
MEDIUM
CVE-2017-3137
all versions
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records
7.5
HIGH
CVE-2017-3136
all versions
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. A
5.9
MEDIUM
CVE-2017-3135
all versions
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent sta
7.5
HIGH
CVE-2019-2529
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5
MEDIUM
CVE-2019-2503
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that a
6.4
MEDIUM
CVE-2019-2455
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected a
6.5
MEDIUM
CVE-2019-2449
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Jav
3.1
LOW
CVE-2019-2422
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java
3.1
LOW
CVE-2018-14662
all versions
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption
5.7
MEDIUM
CVE-2018-16846
all versions
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding
6.5
MEDIUM
CVE-2018-16886
all versions
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based acces
8.1
HIGH
CVE-2018-20699
all versions
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --c
4.9
MEDIUM
CVE-2018-16865
all versions
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in syst
7.8
HIGH
CVE-2018-16864
all versions
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in syst
7.8
HIGH
CVE-2018-16866
all versions
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A loca
3.3
LOW
CVE-2019-6133
all versions
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore
6.7
MEDIUM
CVE-2018-6179
all versions
Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allo
6.5
MEDIUM
CVE-2018-6178
all versions
Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a u
4.3
MEDIUM
CVE-2018-6175
all versions
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to p
6.5
MEDIUM
CVE-2018-6174
all versions
Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary
8.8
HIGH
CVE-2018-6173
all versions
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to p
6.5
MEDIUM
CVE-2018-6172
all versions
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to p
6.5
MEDIUM
CVE-2018-6170
all versions
A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a
8.8
HIGH
CVE-2018-6169
all versions
Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trig
6.5
MEDIUM
CVE-2018-6167
all versions
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to p
6.5
MEDIUM
CVE-2018-6166
all versions
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to p
6.5
MEDIUM
CVE-2018-6165
all versions
Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents
6.5
MEDIUM
CVE-2018-6164
all versions
Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross
6.5
MEDIUM
CVE-2018-6163
all versions
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to p
6.5
MEDIUM
CVE-2018-6162
all versions
Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit h
8.8
HIGH
CVE-2018-6158
all versions
A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption
7.5
HIGH
CVE-2018-6153
all versions
A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer proces
8.8
HIGH
CVE-2018-6151
all versions
Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a use
8.8
HIGH
CVE-2018-6147
all versions
Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain pote
5.5
MEDIUM
CVE-2018-6144
all versions
Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory wri
8.8
HIGH
CVE-2018-6143
all versions
Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory
6.5
MEDIUM
CVE-2018-6141
all versions
Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compro
8.8
HIGH
CVE-2018-6140
all versions
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker
8.8
HIGH
CVE-2018-6139
all versions
Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who c
8.8
HIGH
CVE-2018-6137
all versions
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HT
6.5
MEDIUM
CVE-2018-6135
all versions
Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a
6.5
MEDIUM
CVE-2018-6133
all versions
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to p
6.5
MEDIUM
CVE-2018-6127
all versions
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the re
9.6
CRITICAL
CVE-2018-6126
all versions
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory writ
8.8
HIGH
CVE-2018-6124
all versions
Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit
8.8
HIGH
CVE-2018-6123
all versions
A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption
6.5
MEDIUM
CVE-2018-6120
all versions
An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.33
8.8
HIGH
CVE-2018-6117
all versions
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive i
6.5
MEDIUM
CVE-2018-6114
all versions
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypas
6.5
MEDIUM
CVE-2018-6113
all versions
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote atta
6.5
MEDIUM
CVE-2018-6112
all versions
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker
4.3
MEDIUM
CVE-2018-6111
all versions
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker t
8.8
HIGH
CVE-2018-6110
all versions
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execut
5.4
MEDIUM
CVE-2018-6109
all versions
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API i
6.5
MEDIUM
CVE-2018-6106
all versions
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker t
8.8
HIGH
CVE-2018-6100
all versions
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote att
6.5
MEDIUM
CVE-2018-6097
all versions
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacke
6.5
MEDIUM
CVE-2018-6096
all versions
A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowe
6.5
MEDIUM
CVE-2018-6093
all versions
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data vi
6.5
MEDIUM
CVE-2018-6091
all versions
Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117
6.5
MEDIUM
CVE-2018-6084
all versions
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker
7.8
HIGH
CVE-2018-6056
all versions
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker t
8.8
HIGH
CVE-2018-17470
all versions
A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer pr
7.4
HIGH
CVE-2018-17461
all versions
An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memor
8.8
HIGH
CVE-2018-17459
all versions
Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoo
6.5
MEDIUM
CVE-2018-17458
all versions
An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attack
8.8
HIGH
CVE-2018-16088
all versions
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to downloa
6.5
MEDIUM
CVE-2018-16084
all versions
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convince
6.1
MEDIUM
CVE-2018-16083
all versions
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker
8.8
HIGH
CVE-2018-16082
all versions
An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out o
6.5
MEDIUM
CVE-2018-16081
all versions
Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who
7.4
HIGH
CVE-2018-16079
all versions
A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote att
5.3
MEDIUM
CVE-2018-16078
all versions
Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain pote
6.5
MEDIUM
CVE-2018-16076
all versions
Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory
8.8
HIGH
CVE-2018-16071
all versions
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption
8.8
HIGH
CVE-2018-16068
all versions
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escap
9.6
CRITICAL
CVE-2018-16067
all versions
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corrupti
6.5
MEDIUM
CVE-2018-16066
all versions
A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption
6.5
MEDIUM
CVE-2018-16065
all versions
A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker
8.8
HIGH
CVE-2016-9651
all versions
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote att
8.8
HIGH
CVE-2018-16885
all versions
A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero off
4.7
MEDIUM
CVE-2018-16876
all versions
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can
5.3
MEDIUM
CVE-2018-20662
all versions
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h
6.5
MEDIUM
CVE-2018-20650
all versions
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a chec
6.5
MEDIUM
CVE-2018-19134
all versions
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScri
7.8
HIGH
CVE-2018-1000878
all versions
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After
8.8
HIGH
CVE-2018-1000877
all versions
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Fre
8.8
HIGH
CVE-2018-1000876
all versions
binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_cano
7.8
HIGH
CVE-2018-15127
all versions
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of fil
9.8
CRITICAL
CVE-2018-19039
all versions
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin
6.5
MEDIUM
CVE-2018-20097
all versions
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input wi
6.5
MEDIUM
CVE-2018-18397
all versions
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as dem
5.5
MEDIUM
CVE-2018-18358
all versions
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network
5.7
MEDIUM
CVE-2018-18357
all versions
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to s
4.3
MEDIUM
CVE-2018-18356
all versions
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote atta
8.8
HIGH
CVE-2018-18355
all versions
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to s
4.3
MEDIUM
CVE-2018-18354
all versions
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remot
8.8
HIGH
CVE-2018-18353
all versions
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 all
6.5
MEDIUM
CVE-2018-18352
all versions
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a re
6.5
MEDIUM
CVE-2018-18351
all versions
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 al
6.5
MEDIUM
CVE-2018-18350
all versions
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker
6.5
MEDIUM
CVE-2018-18349
all versions
Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an a
6.5
MEDIUM
CVE-2018-18348
all versions
Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a r
4.3
MEDIUM
CVE-2018-18345
all versions
Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had comprom
6.5
MEDIUM
CVE-2018-18344
all versions
Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80
6.5
MEDIUM
CVE-2018-18342
all versions
Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in
8.8
HIGH
CVE-2018-18335
all versions
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corrupti
8.8
HIGH
CVE-2018-17480
all versions
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior
8.8
HIGH
CVE-2018-5806
all versions
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited
6.5
MEDIUM
CVE-2018-5805
all versions
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can
8.8
HIGH
CVE-2018-5802
all versions
An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions
8.8
HIGH
CVE-2018-5801
all versions
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigge
6.5
MEDIUM
CVE-2018-5800
all versions
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0
6.5
MEDIUM
CVE-2018-18311
all versions
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write ope
9.8
CRITICAL
CVE-2018-9568
all versions
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of pr
7.8
HIGH
CVE-2018-6152
all versions
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type i
9.6
CRITICAL
CVE-2018-16863
all versions
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw
7.3
HIGH
CVE-2018-15981
all versions
Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary
9.8
CRITICAL
CVE-2018-15978
all versions
Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to infor
7.5
HIGH
CVE-2018-8787
all versions
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_
9.8
CRITICAL
CVE-2018-8786
all versions
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_re
9.8
CRITICAL
CVE-2018-12121
all versions
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a c
7.5
HIGH
CVE-2018-14646
all versions
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() functi
5.5
MEDIUM
CVE-2018-19535
all versions
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash
6.5
MEDIUM
CVE-2018-19477
all versions
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2
7.8
HIGH
CVE-2018-19476
all versions
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolor
7.8
HIGH
CVE-2018-19475
all versions
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available
7.8
HIGH
CVE-2018-19409
all versions
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
9.8
CRITICAL
CVE-2018-5407
all versions
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a sid
4.7
MEDIUM
CVE-2018-6083
all versions
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a rem
8.8
HIGH
CVE-2018-6082
all versions
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker
4.7
MEDIUM
CVE-2018-6080
all versions
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had comprom
6.5
MEDIUM
CVE-2018-6079
all versions
Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a
6.5
MEDIUM
CVE-2018-6078
all versions
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof
4.3
MEDIUM
CVE-2018-6077
all versions
Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allow
6.5
MEDIUM
CVE-2018-6070
all versions
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to
6.1
MEDIUM
CVE-2018-6067
all versions
Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap
8.8
HIGH
CVE-2018-6065
all versions
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior
8.8
HIGH
CVE-2018-6064
all versions
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker t
8.8
HIGH
CVE-2018-6063
all versions
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had co
8.8
HIGH
CVE-2018-6062
all versions
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory w
8.8
HIGH
CVE-2018-6061
all versions
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to p
7.5
HIGH
CVE-2018-6060
all versions
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruptio
8.8
HIGH
CVE-2018-6057
all versions
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the
8.8
HIGH
CVE-2018-17477
all versions
Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of
4.3
MEDIUM
CVE-2018-17476
all versions
Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen
4.3
MEDIUM
CVE-2018-17475
all versions
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the c
4.3
MEDIUM
CVE-2018-17474
all versions
Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially e
8.8
HIGH
CVE-2018-17472
all versions
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacke
9.6
CRITICAL
CVE-2018-17471
all versions
Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full scr
4.3
MEDIUM
CVE-2018-17468
all versions
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacke
6.5
MEDIUM
CVE-2018-17467
all versions
Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote atta
4.3
MEDIUM
CVE-2018-17466
all versions
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds m
8.8
HIGH
CVE-2018-17465
all versions
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially
8.8
HIGH
CVE-2018-17463
all versions
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code
8.8
HIGH
CVE-2018-19115
all versions
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified o
9.8
CRITICAL
CVE-2018-19108
all versions
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite
6.5
MEDIUM
CVE-2018-19107
all versions
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial o
6.5
MEDIUM
CVE-2018-19058
all versions
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile:
6.5
MEDIUM
CVE-2018-18897
all versions
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstra
6.5
MEDIUM
CVE-2018-14660
all versions
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A re
6.5
MEDIUM
CVE-2018-14661
all versions
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluste
6.5
MEDIUM
CVE-2016-2125
all versions
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authenticati
6.5
MEDIUM
CVE-2018-14659
all versions
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOST
6.5
MEDIUM
CVE-2018-14654
all versions
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with ac
6.5
MEDIUM
CVE-2018-14653
all versions
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' fu
8.8
HIGH
CVE-2018-14652
all versions
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via
6.5
MEDIUM
CVE-2018-15688
all versions
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd
8.8
HIGH
CVE-2018-14665
all versions
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when startin
6.6
MEDIUM
CVE-2018-18585
all versions
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character
4.3
MEDIUM
CVE-2018-18559
all versions
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind o
8.1
HIGH
CVE-2018-18284
all versions
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy o
8.6
HIGH
CVE-2018-18521
all versions
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a
5.5
MEDIUM
CVE-2018-18520
all versions
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is int
6.5
MEDIUM
CVE-2018-5188
all versions
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corru
9.8
CRITICAL
CVE-2018-5156
all versions
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This ca
9.8
CRITICAL
CVE-2018-12387
all versions
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack p
9.1
CRITICAL
CVE-2018-12386
all versions
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This le
8.1
HIGH
CVE-2018-12385
all versions
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the us
7.0
HIGH
CVE-2018-12383
all versions
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still
5.5
MEDIUM
CVE-2018-12379
all versions
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered
7.8
HIGH
CVE-2018-12378
all versions
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providin
9.8
CRITICAL
CVE-2018-12377
all versions
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the t
9.8
CRITICAL
CVE-2018-12376
all versions
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we pres
9.8
CRITICAL
CVE-2018-12374
all versions
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field
4.3
MEDIUM
CVE-2018-12373
all versions
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This v
6.5
MEDIUM
CVE-2018-12372
all versions
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a HTML reply/forward. T
6.5
MEDIUM
CVE-2018-12366
all versions
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value
6.5
MEDIUM
CVE-2018-12365
all versions
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without us
6.5
MEDIUM
CVE-2018-12364
all versions
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that do
8.8
HIGH
CVE-2018-12363
all versions
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the ol
8.8
HIGH
CVE-2018-12362
all versions
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resu
8.8
HIGH
CVE-2018-12360
all versions
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that
8.8
HIGH
CVE-2018-12359
all versions
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically,
8.8
HIGH
CVE-2018-18445
all versions
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF ver
7.8
HIGH
CVE-2018-3282
all versions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are a
4.9
MEDIUM
CVE-2018-3214
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that
5.3
MEDIUM
CVE-2018-3183
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions
9.0
CRITICAL
CVE-2018-3180
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that
5.6
MEDIUM
CVE-2018-3169
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are af
8.3
HIGH
CVE-2018-3149
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that
8.3
HIGH
CVE-2018-3139
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are
3.1
LOW
CVE-2018-3136
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are a
3.4
LOW
CVE-2018-18073
all versions
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the sa
6.3
MEDIUM
CVE-2018-17961
all versions
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler
8.6
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin