Max CVSS | 7.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-9514 | 7.8 |
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the p
|
19-10-2023 - 03:15 | 13-08-2019 - 21:15 | |
CVE-2019-12527 | 6.8 |
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leadin
|
28-02-2023 - 20:49 | 11-07-2019 - 19:15 | |
CVE-2019-9517 | 7.8 |
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so
|
19-01-2023 - 20:13 | 13-08-2019 - 21:15 | |
CVE-2019-9852 | 6.8 |
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Script
|
03-11-2022 - 17:48 | 15-08-2019 - 22:15 | |
CVE-2019-9851 | 7.5 |
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calli
|
14-10-2022 - 02:58 | 15-08-2019 - 22:15 | |
CVE-2019-9850 | 7.5 |
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify tha
|
14-10-2022 - 02:57 | 15-08-2019 - 22:15 | |
CVE-2019-5818 | 4.3 |
Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.
|
11-10-2022 - 14:59 | 27-06-2019 - 17:15 | |
CVE-2019-5814 | 4.3 |
Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
11-10-2022 - 14:52 | 27-06-2019 - 17:15 | |
CVE-2019-5811 | 6.8 |
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
|
11-10-2022 - 14:51 | 27-06-2019 - 17:15 | |
CVE-2019-5809 | 6.8 |
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
|
11-10-2022 - 14:49 | 27-06-2019 - 17:15 | |
CVE-2019-5808 | 6.8 |
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
11-10-2022 - 14:49 | 27-06-2019 - 17:15 | |
CVE-2019-5810 | 4.3 |
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
|
11-10-2022 - 14:49 | 27-06-2019 - 17:15 | |
CVE-2019-5807 | 6.8 |
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
11-10-2022 - 14:43 | 27-06-2019 - 17:15 | |
CVE-2019-5806 | 6.8 |
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
11-10-2022 - 14:43 | 27-06-2019 - 17:15 | |
CVE-2019-5805 | 4.3 |
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
|
11-10-2022 - 14:42 | 27-06-2019 - 17:15 | |
CVE-2019-5820 | 6.8 |
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
|
11-10-2022 - 14:18 | 27-06-2019 - 17:15 | |
CVE-2019-5813 | 6.8 |
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
07-10-2022 - 18:55 | 27-06-2019 - 17:15 | |
CVE-2019-13164 | 4.6 |
qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
|
06-10-2022 - 19:51 | 03-07-2019 - 14:15 | |
CVE-2019-9511 | 7.8 |
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. T
|
12-08-2022 - 18:43 | 13-08-2019 - 21:15 | |
CVE-2019-9512 | 7.8 |
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this d
|
12-08-2022 - 18:41 | 13-08-2019 - 21:15 | |
CVE-2019-9513 | 7.8 |
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the
|
12-08-2022 - 18:41 | 13-08-2019 - 21:15 | |
CVE-2019-9515 | 7.8 |
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS f
|
12-08-2022 - 18:40 | 13-08-2019 - 21:15 | |
CVE-2019-9516 | 6.8 |
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater h
|
05-08-2022 - 14:52 | 13-08-2019 - 21:15 | |
CVE-2019-5823 | 5.8 |
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
|
29-07-2022 - 17:28 | 27-06-2019 - 17:15 | |
CVE-2019-5824 | 6.8 |
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
29-07-2022 - 17:28 | 27-06-2019 - 17:15 | |
CVE-2019-5822 | 6.8 |
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
|
29-07-2022 - 17:27 | 27-06-2019 - 17:15 | |
CVE-2019-5827 | 6.8 |
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
29-07-2022 - 17:26 | 27-06-2019 - 17:15 | |
CVE-2019-5828 | 6.8 |
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
|
29-07-2022 - 17:23 | 27-06-2019 - 17:15 | |
CVE-2019-5829 | 6.8 |
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
|
29-07-2022 - 17:21 | 27-06-2019 - 17:15 | |
CVE-2019-5821 | 6.8 |
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
|
29-07-2022 - 17:21 | 27-06-2019 - 17:15 | |
CVE-2019-5830 | 4.3 |
Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
29-07-2022 - 17:20 | 27-06-2019 - 17:15 | |
CVE-2019-5831 | 6.8 |
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
29-07-2022 - 17:19 | 27-06-2019 - 17:15 | |
CVE-2019-5832 | 4.3 |
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
29-07-2022 - 17:18 | 27-06-2019 - 17:15 | |
CVE-2019-5833 | 4.3 |
Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.
|
29-07-2022 - 17:17 | 27-06-2019 - 17:15 | |
CVE-2019-5836 | 6.8 |
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
29-07-2022 - 17:14 | 27-06-2019 - 17:15 | |
CVE-2019-5837 | 4.3 |
Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
29-07-2022 - 17:13 | 27-06-2019 - 17:15 | |
CVE-2019-5839 | 4.3 |
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.
|
29-07-2022 - 17:12 | 27-06-2019 - 17:15 | |
CVE-2019-5840 | 4.3 |
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
|
29-07-2022 - 17:11 | 27-06-2019 - 17:15 | |
CVE-2019-12529 | 4.3 |
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be
|
26-04-2022 - 20:22 | 11-07-2019 - 19:15 | |
CVE-2019-12525 | 7.5 |
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if t
|
26-04-2022 - 20:18 | 11-07-2019 - 19:15 | |
CVE-2019-5838 | 4.3 |
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
|
18-04-2022 - 17:17 | 27-06-2019 - 17:15 | |
CVE-2019-5834 | 4.3 |
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
|
18-04-2022 - 17:17 | 27-06-2019 - 17:15 | |
CVE-2019-13962 | 7.5 |
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
|
18-04-2022 - 17:00 | 18-07-2019 - 20:15 | |
CVE-2019-13602 | 6.8 |
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact
|
18-04-2022 - 16:57 | 14-07-2019 - 21:15 | |
CVE-2019-5819 | 4.4 |
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.
|
11-04-2022 - 20:42 | 27-06-2019 - 17:15 | |
CVE-2019-12854 | 5.0 |
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clien
|
01-01-2022 - 20:18 | 15-08-2019 - 17:15 | |
CVE-2019-10092 | 4.3 |
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only
|
09-09-2021 - 01:05 | 26-09-2019 - 16:15 | |
CVE-2019-10081 | 5.0 |
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header value
|
06-06-2021 - 11:15 | 15-08-2019 - 22:15 | |
CVE-2019-14437 | 6.8 |
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.
|
24-08-2020 - 17:37 | 29-08-2019 - 18:15 | |
CVE-2019-14809 | 7.5 |
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is relate
|
24-08-2020 - 17:37 | 13-08-2019 - 21:15 | |
CVE-2019-14970 | 6.8 |
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
|
24-08-2020 - 17:37 | 29-08-2019 - 19:15 | |
CVE-2019-14378 | 6.5 |
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
|
24-08-2020 - 17:37 | 29-07-2019 - 11:15 | |
CVE-2019-12730 | 7.5 |
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.
|
24-08-2020 - 17:37 | 04-06-2019 - 14:29 | |
CVE-2019-14776 | 6.8 |
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
|
18-08-2020 - 15:05 | 29-08-2019 - 19:15 | |
CVE-2019-14533 | 6.8 |
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
|
18-08-2020 - 15:05 | 29-08-2019 - 19:15 | |
CVE-2019-14438 | 6.8 |
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.
|
18-08-2020 - 15:05 | 29-08-2019 - 18:15 | |
CVE-2019-14535 | 6.8 |
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.
|
18-08-2020 - 15:05 | 29-08-2019 - 18:15 | |
CVE-2019-14778 | 6.8 |
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
|
18-08-2020 - 15:05 | 29-08-2019 - 19:15 | |
CVE-2019-14777 | 6.8 |
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
|
18-08-2020 - 15:05 | 29-08-2019 - 19:15 | |
CVE-2019-14534 | 4.3 |
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.
|
18-08-2020 - 15:05 | 29-08-2019 - 19:15 | |
CVE-2019-14498 | 6.8 |
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.
|
18-08-2020 - 15:05 | 29-08-2019 - 18:15 | |
CVE-2019-13345 | 4.3 |
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
|
11-07-2020 - 00:15 | 05-07-2019 - 16:15 | |
CVE-2018-20815 | 7.5 |
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
|
02-07-2019 - 23:15 | 31-05-2019 - 22:29 | |
CVE-2003-0985 | 7.2 |
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing
|
03-05-2018 - 01:29 | 20-01-2004 - 05:00 | |
CVE-2004-0077 | 7.2 |
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local
|
03-05-2018 - 01:29 | 03-03-2004 - 05:00 | |
CVE-2003-0961 | 7.2 |
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.
|
18-10-2016 - 02:38 | 15-12-2003 - 05:00 |