VYPR

CVEs

100,082 total · page 1649 of 2,002

  • CVE-2018-17458HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-17457HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    An object lifecycle issue in Blink could lead to a use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-16085HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-16083HigJan 9, 2019
    risk 0.61cvss 8.8epss 0.05

    An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-16081HigJan 9, 2019
    risk 0.48cvss 7.4epss 0.01

    Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome…

  • CVE-2018-16076HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.01

    Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2018-16071HigJan 9, 2019
    risk 0.61cvss 8.8epss 0.05

    A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

  • CVE-2018-16065HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.03

    A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2017-15428HigJan 9, 2019
    risk 0.59cvss 8.8epss 0.18

    Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2017-15405HigJan 9, 2019
    risk 0.46cvss 7.0epss 0.00

    Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptohomed in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local…

  • CVE-2017-15404HigJan 9, 2019
    risk 0.51cvss 7.8epss 0.00

    An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted…

  • CVE-2017-15403HigJan 9, 2019
    risk 0.48cvss 7.3epss 0.01

    Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2017-15401HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2016-9651HigJan 9, 2019
    risk 0.61cvss 8.8epss 0.11

    A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2016-10403HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.01

    Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2019-5747HigJan 9, 2019
    risk 0.49cvss 7.5epss 0.05

    An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to…

  • CVE-2018-20679HigJan 9, 2019
    risk 0.49cvss 7.5epss 0.08

    An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification…

  • CVE-2019-0542HigJan 9, 2019
    risk 0.50cvss 8.8epss 0.03

    A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.

  • CVE-2019-3581HigJan 9, 2019
    risk 0.49cvss 7.5epss 0.02

    Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter.

  • CVE-2018-20674HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.03

    D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.

  • CVE-2019-5725HigJan 8, 2019
    risk 0.49cvss 7.5epss 0.01

    qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file.

  • CVE-2019-0585HigJan 8, 2019
    risk 0.59cvss 8.8epss 0.22

    A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft…

  • CVE-2019-0584HigJan 8, 2019
    risk 0.52cvss 7.8epss 0.14

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows…

  • CVE-2019-0583HigJan 8, 2019
    risk 0.52cvss 7.8epss 0.16

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows…

  • CVE-2019-0582HigJan 8, 2019
    risk 0.52cvss 7.8epss 0.12

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows…

  • CVE-2019-0581HigJan 8, 2019
    risk 0.52cvss 7.8epss 0.14

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows…

  • CVE-2019-0580HigJan 8, 2019
    risk 0.52cvss 7.8epss 0.17

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows…

  • CVE-2019-0579HigJan 8, 2019
    risk 0.52cvss 7.8epss 0.17

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows…

  • CVE-2019-0578HigJan 8, 2019
    risk 0.52cvss 7.8epss 0.14

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows…

  • CVE-2019-0577HigJan 8, 2019
    risk 0.52cvss 7.8epss 0.17

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows…

  • CVE-2019-0576HigJan 8, 2019
    risk 0.52cvss 7.8epss 0.17

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows…

  • CVE-2019-0575HigJan 8, 2019
    risk 0.52cvss 7.8epss 0.14

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows…

  • CVE-2019-0574HigJan 8, 2019
    risk 0.55cvss 7.8epss 0.19

    An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10…

  • CVE-2019-0573HigJan 8, 2019
    risk 0.55cvss 7.8epss 0.20

    An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10…

  • CVE-2019-0572HigJan 8, 2019
    risk 0.56cvss 7.8epss 0.25

    An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10…

  • CVE-2019-0571HigJan 8, 2019
    risk 0.55cvss 7.8epss 0.16

    An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10…

  • CVE-2019-0570HigJan 8, 2019
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka "Windows Runtime Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server…

  • CVE-2019-0568HigJan 8, 2019
    risk 0.02cvss 7.5epss 0.69

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539,…

  • CVE-2019-0567HigJan 8, 2019
    risk 0.02cvss 7.5epss 0.80

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539,…

  • CVE-2019-0566HigJan 8, 2019
    risk 0.62cvss 8.8epss 0.19

    An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.

  • CVE-2019-0565HigJan 8, 2019
    risk 0.50cvss 7.5epss 0.10

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge.

  • CVE-2019-0564HigJan 8, 2019
    risk 0.49cvss 7.5epss 0.08

    A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.

  • CVE-2019-0555HigJan 8, 2019
    risk 0.54cvss 7.8epss 0.02

    An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft XmlDocument Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows…

  • CVE-2019-0552HigJan 8, 2019
    risk 0.60cvss 8.8epss 0.03

    An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.

  • CVE-2019-0551HigJan 8, 2019
    risk 0.55cvss 8.4epss 0.04

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10,…

  • CVE-2019-0550HigJan 8, 2019
    risk 0.55cvss 8.4epss 0.04

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10,…

  • CVE-2019-0548HigJan 8, 2019
    risk 0.49cvss 7.5epss 0.08

    A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564.

  • CVE-2019-0546HigJan 8, 2019
    risk 0.52cvss 7.8epss 0.16

    A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio.

  • CVE-2019-0545HigJan 8, 2019
    risk 0.50cvss 7.5epss 0.10

    An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET…

  • CVE-2019-0543HigKEVJan 8, 2019
    risk 0.72cvss 7.8epss 0.05

    An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows…