Skip to main content

Leap

1763 CVEs product

Monthly

CVE-2019-2867 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Oracle Memory Corruption Vm Virtualbox Leap
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2019-2866 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2019-2865 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 7.5).

Information Disclosure Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2019-2864 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 7.5).

Information Disclosure Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2019-2863 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Authentication Bypass Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-2859 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-2850 LOW PATCH Monitor

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated low severity (CVSS 2.8), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
2.8
EPSS
0.5%
CVE-2019-2848 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-2842 LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +4
NVD
CVSS 3.1
3.7
EPSS
3.4%
CVE-2019-2816 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +11
NVD
CVSS 3.1
4.8
EPSS
2.3%
CVE-2019-2805 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL MariaDB Ubuntu Linux +8
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2019-2786 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +9
NVD
CVSS 3.1
3.4
EPSS
2.6%
CVE-2019-2769 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Oracle Jdk Jre +11
NVD
CVSS 3.1
5.3
EPSS
4.4%
CVE-2019-2766 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +3
NVD
CVSS 3.1
3.1
EPSS
2.7%
CVE-2019-2762 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Oracle Jdk Jre +11
NVD
CVSS 3.1
5.3
EPSS
4.4%
CVE-2019-2745 MEDIUM PATCH This Month

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Authentication Bypass Java Oracle Jdk Jre +5
NVD
CVSS 3.1
5.1
EPSS
0.5%
CVE-2019-2740 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux MariaDB +8
NVD
CVSS 3.1
6.5
EPSS
4.0%
CVE-2019-2737 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux MariaDB +2
NVD
CVSS 3.1
4.9
EPSS
3.9%
CVE-2019-9811 HIGH POC This Week

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +3
NVD
CVSS 3.1
8.3
EPSS
2.6%
CVE-2019-11730 MEDIUM This Month

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Firefox Firefox Esr +4
NVD
CVSS 3.1
6.5
EPSS
20.3%
CVE-2019-11728 MEDIUM This Month

The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Leap
NVD
CVSS 3.1
4.7
EPSS
1.1%
CVE-2019-11725 MEDIUM This Month

When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox Leap
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-11724 MEDIUM POC This Month

Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mozilla Firefox Leap
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-11723 HIGH This Week

A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Leap
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-11721 MEDIUM POC This Month

The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Leap
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-11720 MEDIUM This Month

Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Leap
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-11718 MEDIUM This Month

Activity Stream can display content from sent from the Snippet Service website. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Leap
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-11717 MEDIUM POC This Month

A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Thunderbird Debian Linux +2
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2019-11710 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 67. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-11709 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox +4
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-13962 CRITICAL POC Act Now

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Vlc Media Player Backports Sle Leap +2
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-13619 HIGH POC This Week

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wireshark Fedora Ubuntu Linux Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2019-13626 MEDIUM POC This Month

SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsdl Fedora Debian Linux +1
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-9849 MEDIUM This Month

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Ubuntu Linux Fedora Debian Linux +1
NVD
CVSS 3.1
4.3
EPSS
3.1%
CVE-2019-9848 CRITICAL Act Now

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE Libreoffice Ubuntu Linux +3
NVD
CVSS 3.1
9.8
EPSS
31.2%
CVE-2019-13616 HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer Debian Linux Backports Sle +10
NVD
CVSS 3.1
8.1
EPSS
3.3%
CVE-2019-1010006 HIGH POC This Week

Evince 3.26.0 is affected by buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Evince Ubuntu Linux +2
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-13602 HIGH This Week

An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Buffer Overflow Vlc Media Player Debian Linux +3
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-12529 MEDIUM PATCH This Month

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Squid Debian Linux Fedora +2
NVD GitHub
CVSS 3.1
5.9
EPSS
8.1%
CVE-2019-12525 CRITICAL PATCH Act Now

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Squid Debian Linux Leap +2
NVD GitHub
CVSS 3.1
9.8
EPSS
24.4%
CVE-2019-12838 CRITICAL Act Now

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Slurm Debian Linux Fedora Leap
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-13454 MEDIUM POC PATCH This Month

ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
4.4%
CVE-2019-13311 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux Debian Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2019-13310 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2019-13309 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-13308 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2019-13307 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-13306 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-13305 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-13304 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-13303 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-13302 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-13301 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-13300 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2019-13299 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2019-13298 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2019-13297 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2019-13296 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-13295 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Debian Linux Leap +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2019-5052 HIGH POC This Week

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Sdl2 Image Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2019-5051 HIGH POC This Week

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Sdl2 Image Debian Linux Backports Sle +2
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2019-13164 HIGH PATCH This Week

qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Qemu Debian Linux Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-13134 MEDIUM PATCH This Month

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-13133 MEDIUM PATCH This Month

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-13118 Ruby MEDIUM PATCH This Month

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Information Disclosure Memory Corruption Libxslt Leap Active Iq Unified Manager +22
NVD VulDB
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-13117 Ruby MEDIUM PATCH This Month

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Libxslt Debian Linux Ubuntu Linux Fedora +2
NVD VulDB
CVSS 3.1
5.3
EPSS
4.4%
CVE-2019-13050 HIGH POC This Week

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gnupg Sks Keyserver Fedora Leap +1
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2019-5840 MEDIUM This Month

Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Race Condition Apple Google Chrome +4
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2019-5839 MEDIUM This Month

Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Backports Leap +2
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2019-5838 MEDIUM This Month

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Backports Leap +2
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-5837 MEDIUM This Month

Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Leap +2
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-5836 HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-5835 MEDIUM This Month

Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Backports +2
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-5834 MEDIUM This Month

Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Leap +2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-5833 MEDIUM This Month

Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-5832 MEDIUM This Month

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Leap +2
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-5831 HIGH This Week

Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-5830 MEDIUM This Month

Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Leap +2
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-5829 HIGH This Week

Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-5828 HIGH This Week

Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Information Disclosure Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-5827 HIGH POC PATCH This Week

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Integer Overflow Buffer Overflow Chrome Backports +4
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-5824 HIGH This Week

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-5823 MEDIUM This Month

Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Open Redirect Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-5822 HIGH This Week

Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Backports Leap +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-5821 HIGH This Week

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-5820 HIGH This Week

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow Chrome Backports +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-5819 HIGH This Week

Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome Backports Leap +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-5818 MEDIUM This Month

Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Leap +2
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-5817 HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Microsoft Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-5816 HIGH This Week

Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Backports +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Oracle Memory Corruption +2
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 7.5).

Information Disclosure Oracle Vm Virtualbox +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 7.5).

Information Disclosure Oracle Vm Virtualbox +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Authentication Bypass Oracle Vm Virtualbox +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox +1
NVD
EPSS 0% CVSS 2.8
LOW PATCH Monitor

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated low severity (CVSS 2.8), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox +1
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +6
NVD
EPSS 2% CVSS 4.8
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +13
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +10
NVD
EPSS 3% CVSS 3.4
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +11
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Oracle +13
NVD
EPSS 3% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +5
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Oracle +13
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Authentication Bypass Java Oracle +7
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +10
NVD
EPSS 4% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +4
NVD
EPSS 3% CVSS 8.3
HIGH POC This Week

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox +5
NVD
EPSS 20% CVSS 6.5
MEDIUM This Month

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure +6
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mozilla Firefox +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Activity Stream can display content from sent from the Snippet Service website. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +1
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox +4
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 67. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE +3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE +6
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Vlc Media Player +4
NVD
EPSS 6% CVSS 7.5
HIGH POC This Week

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wireshark Fedora +3
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsdl +3
NVD
EPSS 3% CVSS 4.3
MEDIUM This Month

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Ubuntu Linux +3
NVD
EPSS 31% CVSS 9.8
CRITICAL Act Now

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE +5
NVD
EPSS 3% CVSS 8.1
HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer +12
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

Evince 3.26.0 is affected by buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow +4
NVD
EPSS 2% CVSS 7.8
HIGH This Week

An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Buffer Overflow +5
NVD
EPSS 8% CVSS 5.9
MEDIUM PATCH This Month

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Squid +4
NVD GitHub
EPSS 24% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Squid +4
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Slurm Debian Linux +2
NVD
EPSS 4% CVSS 6.5
MEDIUM POC PATCH This Month

ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux +2
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux +2
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick +3
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick +3
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Debian Linux +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Debian Linux +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick +3
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux +2
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick +3
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick +3
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick +3
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC This Week

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow +5
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Sdl2 Image +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Qemu Debian Linux +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Leap
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Leap
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Information Disclosure Memory Corruption Libxslt +24
NVD VulDB
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Libxslt Debian Linux +4
NVD VulDB
EPSS 3% CVSS 7.5
HIGH POC This Week

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gnupg Sks Keyserver +3
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Race Condition Apple +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +4
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption +5
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption +5
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Information Disclosure +6
NVD
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Integer Overflow Buffer Overflow +6
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption +5
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Open Redirect Chrome +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome +4
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Microsoft +6
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +3
NVD
Prev Page 11 of 20 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy