Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-20177 | 7.5 |
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.
|
03-03-2023 - 21:01 | 15-03-2019 - 18:29 | |
CVE-2019-6454 | 4.9 |
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can expl
|
20-02-2022 - 06:08 | 21-03-2019 - 16:01 | |
CVE-2019-5759 | 6.8 |
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
|
08-09-2021 - 17:21 | 19-02-2019 - 17:29 | |
CVE-2019-5780 | 4.6 |
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
|
08-09-2021 - 17:21 | 19-02-2019 - 17:29 | |
CVE-2018-16876 | 3.5 |
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
|
04-08-2021 - 17:15 | 03-01-2019 - 15:29 | |
CVE-2018-10875 | 4.6 |
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
|
04-08-2021 - 17:14 | 13-07-2018 - 22:29 | |
CVE-2018-10855 | 4.3 |
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible
|
04-08-2021 - 17:14 | 03-07-2018 - 01:29 | |
CVE-2019-5777 | 4.3 |
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
|
21-07-2021 - 11:39 | 19-02-2019 - 17:29 | |
CVE-2019-5773 | 4.3 |
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
|
21-07-2021 - 11:39 | 19-02-2019 - 17:29 | |
CVE-2019-5781 | 4.3 |
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
|
21-07-2021 - 11:39 | 19-02-2019 - 17:29 | |
CVE-2019-5775 | 4.3 |
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
|
21-07-2021 - 11:39 | 19-02-2019 - 17:29 | |
CVE-2019-5774 | 6.8 |
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .deskto
|
21-07-2021 - 11:39 | 19-02-2019 - 17:29 | |
CVE-2019-5776 | 4.3 |
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
|
21-07-2021 - 11:39 | 19-02-2019 - 17:29 | |
CVE-2019-5782 | 6.8 |
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
|
21-07-2021 - 11:39 | 19-02-2019 - 17:29 | |
CVE-2019-5754 | 4.3 |
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.
|
21-07-2021 - 11:39 | 19-02-2019 - 17:29 | |
CVE-2018-8793 | 7.5 |
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
|
29-09-2020 - 01:40 | 05-02-2019 - 20:29 | |
CVE-2018-8793 | 7.5 |
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
|
29-09-2020 - 01:40 | 05-02-2019 - 20:29 | |
CVE-2018-8794 | 7.5 |
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
|
29-09-2020 - 01:39 | 05-02-2019 - 20:29 | |
CVE-2018-8794 | 7.5 |
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
|
29-09-2020 - 01:39 | 05-02-2019 - 20:29 | |
CVE-2018-8797 | 7.5 |
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
|
29-09-2020 - 01:09 | 05-02-2019 - 20:29 | |
CVE-2018-8800 | 7.5 |
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
|
29-09-2020 - 01:09 | 05-02-2019 - 20:29 | |
CVE-2018-8795 | 7.5 |
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
|
29-09-2020 - 01:09 | 05-02-2019 - 20:29 | |
CVE-2018-8800 | 7.5 |
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
|
29-09-2020 - 01:09 | 05-02-2019 - 20:29 | |
CVE-2018-8795 | 7.5 |
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
|
29-09-2020 - 01:09 | 05-02-2019 - 20:29 | |
CVE-2018-8797 | 7.5 |
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
|
29-09-2020 - 01:09 | 05-02-2019 - 20:29 | |
CVE-2019-5767 | 4.3 |
Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.
|
24-08-2020 - 17:37 | 19-02-2019 - 17:29 | |
CVE-2019-5779 | 4.3 |
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
|
24-08-2020 - 17:37 | 19-02-2019 - 17:29 | |
CVE-2019-3824 | 4.0 |
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of
|
24-08-2020 - 17:37 | 06-03-2019 - 15:29 | |
CVE-2019-5758 | 6.8 |
Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
24-08-2020 - 17:37 | 19-02-2019 - 17:29 | |
CVE-2018-20181 | 7.5 |
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.
|
24-08-2020 - 17:37 | 15-03-2019 - 18:29 | |
CVE-2019-5765 | 4.3 |
An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.
|
24-08-2020 - 17:37 | 19-02-2019 - 17:29 | |
CVE-2019-5766 | 4.3 |
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
24-08-2020 - 17:37 | 19-02-2019 - 17:29 | |
CVE-2019-5760 | 6.8 |
Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
24-08-2020 - 17:37 | 19-02-2019 - 17:29 | |
CVE-2019-5764 | 6.8 |
Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
24-08-2020 - 17:37 | 19-02-2019 - 17:29 | |
CVE-2019-5772 | 6.8 |
Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
|
24-08-2020 - 17:37 | 19-02-2019 - 17:29 | |
CVE-2019-5763 | 6.8 |
Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
24-08-2020 - 17:37 | 19-02-2019 - 17:29 | |
CVE-2019-5768 | 4.3 |
DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
|
24-08-2020 - 17:37 | 19-02-2019 - 17:29 | |
CVE-2018-18356 | 6.8 |
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
24-08-2020 - 17:37 | 11-12-2018 - 16:29 | |
CVE-2018-17481 | 6.8 |
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
|
24-08-2020 - 17:37 | 11-12-2018 - 16:29 | |
CVE-2018-18505 | 7.5 |
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created
|
03-10-2019 - 00:03 | 05-02-2019 - 21:29 | |
CVE-2018-16837 | 2.1 |
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear te
|
03-10-2019 - 00:03 | 23-10-2018 - 15:29 | |
CVE-2018-8798 | 5.0 |
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.
|
15-09-2019 - 00:15 | 05-02-2019 - 20:29 | |
CVE-2018-8796 | 5.0 |
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).
|
15-09-2019 - 00:15 | 05-02-2019 - 20:29 | |
CVE-2018-8792 | 5.0 |
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).
|
15-09-2019 - 00:15 | 05-02-2019 - 20:29 | |
CVE-2018-20182 | 7.5 |
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.
|
15-09-2019 - 00:15 | 15-03-2019 - 18:29 | |
CVE-2018-8799 | 5.0 |
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).
|
15-09-2019 - 00:15 | 05-02-2019 - 20:29 | |
CVE-2018-8791 | 5.0 |
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.
|
15-09-2019 - 00:15 | 05-02-2019 - 20:29 | |
CVE-2018-20180 | 7.5 |
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.
|
15-09-2019 - 00:15 | 15-03-2019 - 18:29 | |
CVE-2018-20178 | 5.0 |
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).
|
15-09-2019 - 00:15 | 15-03-2019 - 18:29 | |
CVE-2018-20175 | 5.0 |
rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).
|
15-09-2019 - 00:15 | 15-03-2019 - 18:29 | |
CVE-2019-9023 | 7.5 |
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte
|
18-06-2019 - 18:15 | 22-02-2019 - 23:29 | |
CVE-2019-9022 | 5.0 |
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buff
|
18-06-2019 - 18:15 | 22-02-2019 - 23:29 | |
CVE-2019-9024 | 5.0 |
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlr
|
18-06-2019 - 18:15 | 22-02-2019 - 23:29 | |
CVE-2019-9021 | 7.5 |
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory
|
18-06-2019 - 18:15 | 22-02-2019 - 23:29 | |
CVE-2019-9020 | 7.5 |
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is rel
|
18-06-2019 - 18:15 | 22-02-2019 - 23:29 | |
CVE-2019-5769 | 6.8 |
Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
18-04-2019 - 16:25 | 19-02-2019 - 17:29 | |
CVE-2019-5770 | 6.8 |
Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
|
18-04-2019 - 15:57 | 19-02-2019 - 17:29 | |
CVE-2019-5757 | 6.8 |
An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
|
18-04-2019 - 15:06 | 19-02-2019 - 17:29 | |
CVE-2019-5778 | 4.3 |
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileg
|
18-04-2019 - 14:58 | 19-02-2019 - 17:29 | |
CVE-2019-5762 | 6.8 |
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
|
18-04-2019 - 14:53 | 19-02-2019 - 17:29 | |
CVE-2019-5756 | 6.8 |
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
|
17-04-2019 - 17:20 | 19-02-2019 - 17:29 | |
CVE-2019-5755 | 5.8 |
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
|
17-04-2019 - 15:03 | 19-02-2019 - 17:29 | |
CVE-2018-18500 | 7.5 |
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affec
|
02-04-2019 - 07:29 | 05-02-2019 - 21:29 | |
CVE-2018-18501 | 7.5 |
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to r
|
02-04-2019 - 07:29 | 05-02-2019 - 21:29 | |
CVE-2018-20179 | 7.5 |
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.
|
21-03-2019 - 16:00 | 15-03-2019 - 18:29 | |
CVE-2018-20176 | 5.0 |
rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).
|
21-03-2019 - 16:00 | 15-03-2019 - 18:29 | |
CVE-2018-20174 | 5.0 |
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.
|
21-03-2019 - 16:00 | 15-03-2019 - 18:29 | |
CVE-2019-5783 | 6.8 |
Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page.
|
26-02-2019 - 19:14 | 19-02-2019 - 17:29 | |
CVE-2003-0985 | 7.2 |
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing
|
03-05-2018 - 01:29 | 20-01-2004 - 05:00 | |
CVE-2004-0077 | 7.2 |
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local
|
03-05-2018 - 01:29 | 03-03-2004 - 05:00 | |
CVE-2003-0961 | 7.2 |
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.
|
18-10-2016 - 02:38 | 15-12-2003 - 05:00 |