Export limit exceeded: 335194 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2212 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5767 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Android and 5 more | 2024-11-21 | N/A |
| Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. | ||||
| CVE-2019-5766 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-5765 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Android and 5 more | 2024-11-21 | N/A |
| An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. | ||||
| CVE-2019-5764 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-5763 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-5762 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. | ||||
| CVE-2019-5761 | 3 Fedoraproject, Google, Redhat | 6 Fedora, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-5760 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-5759 | 5 Apple, Debian, Fedoraproject and 2 more | 9 Macos, Debian Linux, Fedora and 6 more | 2024-11-21 | N/A |
| Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2019-5758 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-5757 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | ||||
| CVE-2019-5756 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. | ||||
| CVE-2019-5755 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. | ||||
| CVE-2019-5754 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy. | ||||
| CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 20 Mesos, Ubuntu Linux, Dc\/os and 17 more | 2024-11-21 | 8.6 High |
| runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | ||||
| CVE-2019-5010 | 4 Debian, Opensuse, Python and 1 more | 9 Debian Linux, Leap, Python and 6 more | 2024-11-21 | 7.5 High |
| An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. | ||||
| CVE-2019-3896 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-11-21 | N/A |
| A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS). | ||||
| CVE-2019-3887 | 4 Canonical, Fedoraproject, Linux and 1 more | 11 Ubuntu Linux, Fedora, Linux Kernel and 8 more | 2024-11-21 | 5.6 Medium |
| A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue. | ||||
| CVE-2019-3878 | 4 Canonical, Fedoraproject, Mod Auth Mellon Project and 1 more | 11 Ubuntu Linux, Fedora, Mod Auth Mellon and 8 more | 2024-11-21 | N/A |
| A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication. | ||||
| CVE-2019-3838 | 5 Artifex, Debian, Fedoraproject and 2 more | 12 Ghostscript, Debian Linux, Fedora and 9 more | 2024-11-21 | 5.5 Medium |
| It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | ||||