Export limit exceeded: 337302 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75601 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13699 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports Sle, Rhel Extras | 2024-11-21 | 8.8 High |
| Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-13698 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Out of bounds memory access in JavaScript in Google Chrome prior to 73.0.3683.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-13696 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-13695 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-13694 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-13693 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. | ||||
| CVE-2019-13692 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. | ||||
| CVE-2019-13688 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-13687 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-13686 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-13685 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-13682 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | ||||
| CVE-2019-13673 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 7.4 High |
| Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-13668 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 7.4 High |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-13666 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 7.4 High |
| Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-13619 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.5 High |
| In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. | ||||
| CVE-2019-13616 | 6 Canonical, Debian, Fedoraproject and 3 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2024-11-21 | 8.1 High |
| SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. | ||||
| CVE-2019-13602 | 4 Canonical, Debian, Opensuse and 1 more | 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more | 2024-11-21 | 7.8 High |
| An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. | ||||
| CVE-2019-13567 | 1 Zoom | 1 Zoom | 2024-11-21 | 8.8 High |
| The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData. | ||||
| CVE-2019-13565 | 7 Apple, Canonical, Debian and 4 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | 7.5 High |
| An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user. | ||||