VYPR

CVEs

100,075 total · page 1664 of 2,002

  • CVE-2018-9521HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for…

  • CVE-2018-15711HigNov 14, 2018
    risk 0.60cvss 8.8epss 0.36

    Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.

  • CVE-2018-15710HigNov 14, 2018
    risk 0.57cvss 7.8epss 0.44

    Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.

  • CVE-2018-15709HigNov 14, 2018
    risk 0.59cvss 8.8epss 0.21

    Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.

  • CVE-2018-6083HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.

  • CVE-2018-6074HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.

  • CVE-2018-6073HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

  • CVE-2018-6072HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2018-6071HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-6067HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6065HigKEVNov 14, 2018
    risk 0.77cvss 8.8epss 0.59

    Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6064HigNov 14, 2018
    risk 0.61cvss 8.8epss 0.07

    Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6063HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.

  • CVE-2018-6062HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

  • CVE-2018-6061HigNov 14, 2018
    risk 0.49cvss 7.5epss 0.01

    A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6060HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6057HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.

  • CVE-2018-17474HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-17469HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2018-17466HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.03

    Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-17465HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

  • CVE-2018-17463HigKEVNov 14, 2018
    risk 0.79cvss 8.8epss 0.84

    Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-3698HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.00

    Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access.

  • CVE-2018-3697HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.00

    Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access.

  • CVE-2018-3635HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.00

    Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access.

  • CVE-2018-12174HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.00

    Heap overflow in Intel Trace Analyzer 2018 in Intel Parallel Studio XE 2018 Update 3 may allow an authenticated user to potentially escalate privileges via local access.

  • CVE-2018-19277HigNov 14, 2018
    risk 0.54cvss 8.8epss 0.08

    securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file

  • CVE-2018-19271HigNov 14, 2018
    risk 0.00cvss 8.8epss 0.02

    Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter.

  • CVE-2018-8609HigNov 14, 2018
    risk 0.58cvss 8.8epss 0.09

    A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This…

  • CVE-2018-8589HigKEVNov 14, 2018
    risk 0.63cvss 7.8epss 0.03

    An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.

  • CVE-2018-8588HigNov 14, 2018
    risk 0.43cvss 7.5epss 0.14

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541,…

  • CVE-2018-8584HigNov 14, 2018
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.

  • CVE-2018-8582HigNov 14, 2018
    risk 0.59cvss 8.8epss 0.19

    A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique…

  • CVE-2018-8581HigKEVNov 14, 2018
    risk 0.68cvss 7.4epss 0.28

    An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2018-8577HigNov 14, 2018
    risk 0.52cvss 7.8epss 0.19

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel…

  • CVE-2018-8576HigNov 14, 2018
    risk 0.52cvss 7.8epss 0.19

    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique…

  • CVE-2018-8575HigNov 14, 2018
    risk 0.52cvss 7.8epss 0.19

    A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.

  • CVE-2018-8574HigNov 14, 2018
    risk 0.52cvss 7.8epss 0.19

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is…

  • CVE-2018-8573HigNov 14, 2018
    risk 0.52cvss 7.8epss 0.19

    A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from…

  • CVE-2018-8570HigNov 14, 2018
    risk 0.50cvss 7.5epss 0.14

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11.

  • CVE-2018-8562HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server…

  • CVE-2018-8561HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1,…

  • CVE-2018-8557HigNov 14, 2018
    risk 0.43cvss 7.5epss 0.14

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541,…

  • CVE-2018-8556HigNov 14, 2018
    risk 0.43cvss 7.5epss 0.14

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541,…

  • CVE-2018-8555HigNov 14, 2018
    risk 0.43cvss 7.5epss 0.14

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541,…

  • CVE-2018-8554HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2018-8485, CVE-2018-8561.

  • CVE-2018-8553HigNov 14, 2018
    risk 0.52cvss 7.8epss 0.19

    A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,…

  • CVE-2018-8552HigNov 14, 2018
    risk 0.56cvss 7.5epss 0.51

    An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This…

  • CVE-2018-8551HigNov 14, 2018
    risk 0.43cvss 7.5epss 0.14

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541,…

  • CVE-2018-8550HigNov 14, 2018
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server…