CVEs (1,891)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
3Debian GoogleRedhat5Chrome Debian LinuxEnterprise Linux Desktop+2 moreNov 21, 2024 Dec 11, 2018 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |
3Debian GoogleRedhat5Chrome Debian LinuxEnterprise Linux Desktop+2 moreNov 21, 2024 Dec 11, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page. |
3Debian GoogleRedhat5Chrome Debian LinuxEnterprise Linux Desktop+2 moreNov 21, 2024 Dec 11, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the lo...Show more |
3Debian GoogleRedhat5Chrome Debian LinuxEnterprise Linux Desktop+2 moreNov 21, 2024 Dec 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary c...Show more |
4Debian GoogleOpensuse+1 more6Chrome Debian LinuxEnterprise Linux Desktop+3 moreNov 21, 2024 Dec 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
3Debian GoogleRedhat5Chrome Debian LinuxEnterprise Linux Desktop+2 moreOct 24, 2025 Dec 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a...Show more |
2Libraw Redhat4Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+1 moreNov 21, 2024 Dec 7, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. |
2Libraw Redhat4Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+1 moreNov 21, 2024 Dec 7, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. |
4Canonical DebianLibraw+1 more6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 moreNov 21, 2024 Dec 7, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subseque...Show more |
4Canonical DebianLibraw+1 more6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 moreNov 21, 2024 Dec 7, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. |
4Canonical DebianLibraw+1 more6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 moreNov 21, 2024 Dec 7, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a cras...Show more |
8Apple CanonicalDebian+5 more18Debian Linux E Series Santricity Os ControllerEnterprise Linux+15 moreNov 21, 2024 Dec 7, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. |
4Canonical GoogleLinux+1 more9Android Enterprise Linux DesktopEnterprise Linux Server+6 moreNov 21, 2024 Dec 6, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...Show more |
3Debian GoogleRedhat5Chrome Debian LinuxEnterprise Linux Desktop+2 moreNov 21, 2024 Dec 4, 2018 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install...Show more |
2Artifex Redhat7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+4 moreNov 21, 2024 Dec 3, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a...Show more |
2Adobe Redhat5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 moreNov 21, 2024 Nov 29, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. |
2Adobe Redhat5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 moreNov 21, 2024 Nov 29, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
4Canonical DebianFreerdp+1 more9Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+6 moreNov 21, 2024 Nov 29, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution. |
5Canonical DebianFedoraproject+2 more10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 moreNov 21, 2024 Nov 29, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code exec...Show more |
2Nodejs Redhat8Enterprise Linux Enterprise Linux DesktopEnterprise Linux Eus+5 moreDec 27, 2024 Nov 28, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and...Show more |