OpenSUSE Backports SLE 15.0 Service Pack 1

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

Published: 2020-02-20T15:22:53.000Z
Updated: 2024-08-04T10:26:16.038Z

ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.

Published: 2020-02-20T15:17:13.000Z
Updated: 2024-08-04T10:26:15.945Z

irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).

Published: 2020-02-12T21:58:51.000Z
Updated: 2024-08-04T10:19:18.178Z

A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.

Published: 2020-08-17T15:41:19.000Z
Updated: 2024-08-04T09:56:27.573Z

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.

Published: 2020-10-05T13:15:23.000Z
Updated: 2024-08-04T09:56:27.455Z

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

Published: 2020-06-19T17:04:13.000Z
Updated: 2024-08-04T09:48:25.653Z

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.

Published: 2020-02-04T19:08:57.000Z
Updated: 2024-08-04T09:48:25.506Z

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.

Published: 2020-08-07T09:25:13.939Z
Updated: 2024-09-16T16:57:41.593Z

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue affects: SUSE Linux Enterprise Debuginfo 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Debuginfo 11-SP4 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Module for Legacy Software 12 syslog-ng versions prior to 3.6.4-12.8.1. SUSE Linux Enterprise Point of Sale 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server 11-SP4-LTSS syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server for SAP 12-SP1 syslog-ng versions prior to 3.6.4-12.8.1. openSUSE Backports SLE-15-SP1 syslog-ng versions prior to 3.19.1-bp151.4.6.1. openSUSE Leap 15.1 syslog-ng versions prior to 3.19.1-lp151.3.6.1.

Published: 2020-06-29T11:30:14.396Z
Updated: 2024-09-17T03:43:09.266Z

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).

Published: 2020-01-16T03:55:12.000Z
Updated: 2024-08-04T09:18:03.119Z

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.

Published: 2020-02-27T17:30:51.000Z
Updated: 2024-08-04T09:18:03.013Z

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).

Published: 2020-02-27T17:30:16.000Z
Updated: 2024-08-04T09:18:02.510Z

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.

Published: 2020-02-27T17:29:38.000Z
Updated: 2024-08-04T09:18:02.548Z

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)

Published: 2020-01-21T20:03:11.000Z
Updated: 2024-08-04T09:18:02.843Z

GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).

Published: 2020-01-08T20:43:04.000Z
Updated: 2024-08-04T09:11:04.663Z

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.

Published: 2020-01-08T20:43:13.000Z
Updated: 2024-08-04T09:11:05.081Z

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.

Published: 2020-01-08T20:43:24.000Z
Updated: 2024-08-04T09:11:04.728Z

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.

Published: 2020-01-08T20:43:32.000Z
Updated: 2024-08-04T09:11:04.952Z

GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.

Published: 2020-01-08T20:43:41.000Z
Updated: 2024-08-04T09:11:05.078Z

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.

Published: 2020-01-08T20:44:00.000Z
Updated: 2024-08-04T09:11:04.341Z

Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-09-21T19:06:56.000Z
Updated: 2024-08-04T09:11:04.909Z

Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Published: 2020-09-21T19:06:55.000Z
Updated: 2024-08-04T09:11:04.682Z

Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.

Published: 2020-09-21T19:06:55.000Z
Updated: 2024-08-04T09:11:04.696Z

Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Published: 2020-09-21T19:06:54.000Z
Updated: 2024-08-04T09:11:04.530Z

Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Published: 2020-09-21T19:06:54.000Z
Updated: 2024-08-04T09:11:04.610Z

Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.

Published: 2020-09-21T19:06:54.000Z
Updated: 2024-08-04T09:11:04.363Z

Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-09-21T19:06:53.000Z
Updated: 2024-08-04T09:11:04.342Z

Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Published: 2020-09-21T19:06:53.000Z
Updated: 2024-08-04T09:11:04.673Z

Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Published: 2020-09-21T19:06:52.000Z
Updated: 2024-08-04T09:11:04.251Z

Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2020-09-21T19:06:52.000Z
Updated: 2024-08-04T09:11:04.531Z

Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: 2020-09-21T19:06:51.000Z
Updated: 2024-08-04T09:11:04.604Z

Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.

Published: 2020-09-21T19:06:51.000Z
Updated: 2024-08-04T09:11:04.649Z

Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

Published: 2020-09-21T19:06:50.000Z
Updated: 2024-08-04T09:11:04.414Z

Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2020-09-21T19:06:50.000Z
Updated: 2024-08-04T09:11:04.524Z

Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2020-09-21T19:06:49.000Z
Updated: 2024-08-04T09:11:05.110Z

Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2020-09-21T19:06:49.000Z
Updated: 2024-08-04T09:11:04.296Z

Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-09-21T19:06:49.000Z
Updated: 2024-08-04T09:11:04.227Z

Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Published: 2020-09-21T19:06:48.000Z
Updated: 2024-08-04T09:11:04.259Z

Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA.

Published: 2020-07-22T16:16:11.000Z
Updated: 2024-08-04T09:11:03.982Z

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page.

Published: 2020-07-22T16:16:11.000Z
Updated: 2024-08-04T09:02:40.807Z

Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-07-22T16:16:10.000Z
Updated: 2024-08-04T09:02:40.809Z

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-07-22T16:16:10.000Z
Updated: 2024-08-04T09:02:40.914Z

Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Published: 2020-07-22T16:16:09.000Z
Updated: 2024-08-04T09:02:40.796Z

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: 2020-07-22T16:16:08.000Z
Updated: 2024-08-04T09:02:40.851Z

Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Published: 2020-07-22T16:16:08.000Z
Updated: 2024-08-04T09:02:40.812Z

Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-07-22T16:16:07.000Z
Updated: 2024-08-04T09:02:40.735Z

Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Published: 2020-07-22T16:16:05.000Z
Updated: 2024-08-04T09:02:40.810Z

Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Published: 2020-07-22T16:16:05.000Z
Updated: 2024-08-04T09:02:40.737Z

Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-07-22T16:16:04.000Z
Updated: 2024-08-04T09:02:40.729Z

Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Published: 2020-07-22T16:16:04.000Z
Updated: 2024-08-04T09:02:40.736Z

Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-07-22T16:16:03.000Z
Updated: 2024-08-04T09:02:40.908Z

Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2020-07-22T16:16:02.000Z
Updated: 2024-08-04T09:02:40.785Z

Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-07-22T16:16:02.000Z
Updated: 2024-08-04T09:02:40.815Z

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

Published: 2020-07-22T16:16:01.000Z
Updated: 2024-08-04T09:02:40.886Z

Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Published: 2020-07-22T16:16:01.000Z
Updated: 2024-08-04T09:02:40.787Z

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-07-22T16:16:00.000Z
Updated: 2024-08-04T09:02:40.800Z

Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2020-07-22T16:16:00.000Z
Updated: 2024-08-04T09:02:40.730Z

Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-07-22T16:15:59.000Z
Updated: 2024-08-04T09:02:40.703Z

Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Published: 2020-06-03T22:50:37.000Z
Updated: 2024-08-04T09:02:40.813Z

Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: 2020-06-03T22:50:36.000Z
Updated: 2024-08-04T09:02:40.727Z

Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name.

Published: 2020-05-21T03:46:20.000Z
Updated: 2024-08-04T09:02:40.786Z

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page.

Published: 2020-05-21T03:46:19.000Z
Updated: 2024-08-04T09:02:40.735Z

Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page.

Published: 2020-05-21T03:46:19.000Z
Updated: 2024-08-04T09:02:40.728Z

Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Published: 2020-05-21T03:46:18.000Z
Updated: 2024-08-04T09:02:40.789Z

Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Published: 2020-05-21T03:46:18.000Z
Updated: 2024-08-04T09:02:40.762Z

Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Published: 2020-05-21T03:46:17.000Z
Updated: 2024-08-04T09:02:40.811Z

Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

Published: 2020-05-21T03:46:17.000Z
Updated: 2024-08-04T09:02:40.813Z

Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request.

Published: 2020-05-21T03:46:16.000Z
Updated: 2024-08-04T09:02:40.801Z

Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Published: 2020-05-21T03:46:16.000Z
Updated: 2024-08-04T09:02:40.715Z

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

Published: 2020-05-21T03:46:15.000Z
Updated: 2024-08-04T09:02:40.723Z

Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name.

Published: 2020-05-21T03:46:15.000Z
Updated: 2024-08-04T09:02:40.723Z

Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions.

Published: 2020-05-21T03:46:14.000Z
Updated: 2024-08-04T09:02:40.812Z

Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.

Published: 2020-05-21T03:46:14.000Z
Updated: 2024-08-04T09:02:40.716Z

Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.

Published: 2020-05-21T03:46:13.000Z
Updated: 2024-08-04T09:02:40.720Z

Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.

Published: 2020-05-21T03:46:13.000Z
Updated: 2024-08-04T09:02:40.739Z

Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

Published: 2020-05-21T03:46:12.000Z
Updated: 2024-08-04T09:02:40.711Z

Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.

Published: 2020-05-21T03:46:12.000Z
Updated: 2024-08-04T09:02:40.671Z

Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-05-21T03:46:11.000Z
Updated: 2024-08-04T09:02:40.727Z

Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Published: 2020-05-21T03:46:11.000Z
Updated: 2024-08-04T09:02:40.722Z

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension.

Published: 2020-05-21T03:46:10.000Z
Updated: 2024-08-04T09:02:40.717Z

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Published: 2020-05-21T03:46:10.000Z
Updated: 2024-08-04T09:02:40.714Z

Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents.

Published: 2020-05-21T03:46:09.000Z
Updated: 2024-08-04T09:02:40.696Z

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Published: 2020-05-21T03:46:09.000Z
Updated: 2024-08-04T09:02:40.694Z

Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-05-21T03:46:09.000Z
Updated: 2024-08-04T09:02:40.695Z

Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-05-21T03:46:08.000Z
Updated: 2024-08-04T09:02:40.811Z

Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Published: 2020-05-21T03:46:08.000Z
Updated: 2024-08-04T09:02:40.661Z

Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Published: 2020-05-21T03:46:07.000Z
Updated: 2024-08-04T09:02:40.785Z

Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-05-21T03:46:06.000Z
Updated: 2024-08-04T09:02:40.687Z

Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Published: 2020-04-13T17:31:02.000Z
Updated: 2024-08-04T09:02:40.676Z

Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-04-13T17:31:01.000Z
Updated: 2024-08-04T09:02:40.667Z

Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-04-13T17:31:01.000Z
Updated: 2024-08-04T09:02:40.683Z

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-03-20T00:00:00.000Z
Updated: 2024-08-04T09:02:40.688Z

Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-04-13T17:31:00.000Z
Updated: 2024-08-04T09:02:40.520Z

Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-04-13T17:31:00.000Z
Updated: 2024-08-04T09:02:40.684Z

Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-04-13T17:30:58.000Z
Updated: 2024-08-04T09:02:40.440Z

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.

Published: 2020-04-13T17:30:55.000Z
Updated: 2024-08-04T09:02:40.364Z

Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-04-13T17:30:54.000Z
Updated: 2024-08-04T09:02:40.186Z

Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-04-13T17:30:53.000Z
Updated: 2024-08-04T09:02:40.522Z

Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-04-13T17:30:51.000Z
Updated: 2024-08-04T09:02:40.668Z

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-03-20T13:52:37.000Z
Updated: 2024-08-04T09:02:40.620Z

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-03-20T13:52:21.000Z
Updated: 2024-08-04T09:02:40.384Z

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-03-20T13:51:57.000Z
Updated: 2024-08-04T09:02:40.590Z

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-03-20T13:51:42.000Z
Updated: 2024-08-04T09:02:40.421Z

Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-03-20T13:51:32.000Z
Updated: 2024-08-04T09:02:40.483Z

Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-04-13T17:30:51.000Z
Updated: 2024-08-04T09:02:40.521Z

Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-03-20T13:51:21.000Z
Updated: 2024-08-04T09:02:40.565Z

Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-02-11T14:42:12.000Z
Updated: 2024-08-04T09:02:40.450Z

Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-02-11T14:42:12.000Z
Updated: 2024-08-04T09:02:40.454Z

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Published: 2020-02-11T14:42:12.000Z
Updated: 2024-08-04T09:02:40.552Z

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page.

Published: 2020-02-11T14:42:12.000Z
Updated: 2024-08-04T09:02:40.339Z

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Published: 2020-02-11T14:42:12.000Z
Updated: 2024-08-04T09:02:40.419Z

Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:40.458Z

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:40.399Z

Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:40.451Z

Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:40.477Z

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:39.915Z

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:40.240Z

Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:39.784Z

Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:40.138Z

Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:40.206Z

Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:39.583Z

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:40.648Z

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:39.852Z

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:40.481Z

Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:40.372Z

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:40.391Z

Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:40.196Z

Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:39.847Z

Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-02-11T14:42:11.000Z
Updated: 2024-08-04T09:02:40.381Z

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-01-10T21:10:15.000Z
Updated: 2024-08-04T09:02:40.097Z

An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

Published: 2020-03-27T19:20:26.000Z
Updated: 2024-08-04T08:47:41.006Z

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.

Published: 2020-10-10T18:26:53.000Z
Updated: 2024-08-04T16:03:23.118Z

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

Published: 2020-10-10T18:27:11.000Z
Updated: 2024-08-04T16:03:23.167Z

In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.

Published: 2020-10-07T18:07:51.000Z
Updated: 2024-08-04T15:49:07.217Z

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).

Published: 2020-10-16T05:07:44.000Z
Updated: 2024-08-04T15:40:36.998Z

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

Published: 2020-08-31T03:57:28.000Z
Updated: 2024-08-04T15:26:09.160Z

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.

Published: 2020-08-29T20:40:19.000Z
Updated: 2024-08-04T15:26:09.330Z

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.

Published: 2020-08-25T13:36:43.000Z
Updated: 2024-08-04T15:19:08.614Z

It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

Published: 2020-03-27T12:47:49.502Z
Updated: 2024-09-16T23:25:42.434Z

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

Published: 2020-03-27T12:47:49.421Z
Updated: 2024-09-17T01:11:13.158Z

In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

Published: 2020-03-27T12:47:49.378Z
Updated: 2024-09-17T01:27:02.769Z

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.

Published: 2020-01-10T15:08:55.756Z
Updated: 2024-09-16T22:15:10.396Z

In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.

Published: 2020-07-29T17:58:51.000Z
Updated: 2024-08-04T13:37:53.604Z

Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Published: 2020-11-03T02:21:48.000Z
Updated: 2024-08-04T13:30:23.549Z

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-11-03T02:21:47.000Z
Updated: 2025-10-21T23:35:33.440Z

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.

Published: 2020-11-03T02:21:46.000Z
Updated: 2024-08-04T13:30:23.557Z

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

Published: 2020-11-03T02:21:46.000Z
Updated: 2024-08-04T13:30:23.552Z

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-11-03T02:21:45.000Z
Updated: 2024-08-04T13:30:23.588Z

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-11-03T02:21:45.000Z
Updated: 2024-08-04T13:30:23.567Z

Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-11-03T02:21:45.000Z
Updated: 2024-08-04T13:30:23.513Z

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.

Published: 2020-09-21T19:06:38.000Z
Updated: 2024-08-04T13:30:23.391Z

Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Published: 2020-09-21T19:06:37.000Z
Updated: 2024-08-04T13:30:23.670Z

Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-09-21T19:06:37.000Z
Updated: 2024-08-04T13:30:23.382Z

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Published: 2020-09-21T19:06:36.000Z
Updated: 2024-08-04T13:30:23.470Z

Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Published: 2020-09-21T19:06:36.000Z
Updated: 2024-08-04T13:30:23.452Z

Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Published: 2020-09-21T19:06:35.000Z
Updated: 2024-08-04T13:30:23.514Z

Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Published: 2020-09-21T19:06:35.000Z
Updated: 2024-08-04T13:30:23.528Z

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.

Published: 2020-09-21T19:06:34.000Z
Updated: 2024-08-04T13:30:23.418Z

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.

Published: 2020-07-23T18:06:26.000Z
Updated: 2024-08-04T13:30:23.272Z

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.

Published: 2020-06-30T11:17:21.000Z
Updated: 2024-08-04T13:15:20.704Z

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.

Published: 2020-06-12T15:04:10.000Z
Updated: 2024-08-04T12:32:14.733Z

An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.

Published: 2020-06-08T16:32:54.000Z
Updated: 2024-08-04T12:25:16.525Z

An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.

Published: 2020-05-26T22:08:39.000Z
Updated: 2024-08-04T12:25:16.146Z

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.

Published: 2020-06-03T18:41:09.000Z
Updated: 2024-08-04T12:18:17.618Z

GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.

Published: 2020-05-06T02:47:51.000Z
Updated: 2024-08-04T12:04:22.523Z

rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

Published: 2020-05-04T14:58:15.000Z
Updated: 2025-10-21T23:35:44.407Z

Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.

Published: 2020-05-04T14:58:28.000Z
Updated: 2024-08-04T12:04:22.314Z

An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.

Published: 2020-05-04T01:57:31.000Z
Updated: 2024-08-04T12:04:22.316Z

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.

Published: 2020-05-19T13:51:39.000Z
Updated: 2024-08-04T11:48:58.374Z

/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.

Published: 2020-05-06T14:50:33.000Z
Updated: 2024-08-04T11:48:58.484Z

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.

Published: 2020-04-22T16:20:06.000Z
Updated: 2024-08-04T11:48:57.918Z

SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library.

Published: 2020-04-30T16:09:05.000Z
Updated: 2024-08-04T11:48:57.942Z

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

Published: 2020-10-07T15:02:53.000Z
Updated: 2024-08-04T11:41:59.916Z

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.

Published: 2020-04-08T00:00:00.000Z
Updated: 2024-08-04T11:35:13.694Z

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue.

Published: 2020-05-19T16:04:12.000Z
Updated: 2024-08-04T11:21:14.519Z

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).

Published: 2020-03-22T03:47:59.000Z
Updated: 2024-08-04T11:14:15.581Z

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.

Published: 2020-03-22T03:48:16.000Z
Updated: 2024-08-04T11:14:15.610Z

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.

Published: 2020-03-22T03:48:33.000Z
Updated: 2024-08-04T11:14:15.611Z

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.

Published: 2020-03-23T12:22:03.000Z
Updated: 2024-08-04T11:06:10.043Z

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).

Published: 2019-03-14T07:00:00.000Z
Updated: 2024-08-04T22:01:54.263Z

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.

Published: 2019-03-14T07:00:00.000Z
Updated: 2024-08-04T22:01:54.249Z

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.

Published: 2019-03-14T07:00:00.000Z
Updated: 2024-08-04T22:01:54.203Z

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).

Published: 2019-03-14T07:00:00.000Z
Updated: 2024-08-04T22:01:54.235Z

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.

Published: 2019-03-14T07:00:00.000Z
Updated: 2024-08-04T22:01:54.245Z

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.

Published: 2019-03-14T07:00:00.000Z
Updated: 2024-08-04T22:01:54.237Z

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.

Published: 2019-03-14T07:00:00.000Z
Updated: 2024-08-04T22:01:54.250Z

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.

Published: 2019-03-14T07:00:00.000Z
Updated: 2024-08-04T22:01:54.238Z

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.

Published: 2019-03-14T07:00:00.000Z
Updated: 2024-08-04T22:01:54.250Z

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension.

Published: 2019-03-14T07:00:00.000Z
Updated: 2024-08-04T22:01:54.181Z

An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm.

Published: 2019-03-13T22:00:00.000Z
Updated: 2024-08-04T22:01:54.195Z

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Published: 2019-04-17T13:31:08.000Z
Updated: 2024-08-04T21:54:44.100Z

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Published: 2019-04-17T13:31:08.000Z
Updated: 2024-08-04T21:54:44.081Z

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Published: 2019-04-17T13:31:08.000Z
Updated: 2024-08-04T21:54:44.180Z

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

Published: 2019-04-17T13:31:08.000Z
Updated: 2024-08-04T21:54:44.172Z

In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.

Published: 2019-02-28T04:00:00.000Z
Updated: 2024-08-04T21:38:46.622Z

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

Published: 2019-02-08T00:00:00.000Z
Updated: 2024-08-04T20:54:28.411Z

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-01-03T22:35:25.000Z
Updated: 2024-08-04T20:09:23.687Z

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-01-03T22:35:25.000Z
Updated: 2024-08-04T20:09:23.630Z

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-01-03T22:35:24.000Z
Updated: 2024-08-04T20:09:23.584Z

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Published: 2019-02-11T00:00:00.000Z
Updated: 2024-08-04T20:01:52.208Z

An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.

Published: 2019-07-30T20:24:06.000Z
Updated: 2024-08-04T19:54:53.560Z

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.

Published: 2019-12-03T21:56:21.000Z
Updated: 2024-08-04T19:47:56.612Z

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

Published: 2019-07-31T16:51:28.000Z
Updated: 2024-08-04T19:47:55.654Z

An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

Published: 2019-07-31T16:50:45.000Z
Updated: 2024-08-04T19:47:55.936Z

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

Published: 2019-07-31T16:49:27.000Z
Updated: 2024-08-04T19:47:56.663Z

An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

Published: 2019-07-31T16:48:35.000Z
Updated: 2024-08-04T19:47:55.950Z

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

Published: 2019-07-03T18:43:07.000Z
Updated: 2024-08-04T19:47:55.665Z

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

Published: 2019-07-03T18:43:48.000Z
Updated: 2024-08-04T19:47:55.830Z

UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.

Published: 2020-02-28T13:20:14.152Z
Updated: 2024-09-16T16:33:41.138Z

A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions.

Published: 2020-01-24T10:05:17.025Z
Updated: 2024-09-17T02:46:37.656Z

The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions.

Published: 2020-01-24T08:50:12.217Z
Updated: 2024-09-16T20:51:57.334Z

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.

Published: 2020-04-08T23:01:30.000Z
Updated: 2024-08-05T02:46:10.452Z

An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec.

Published: 2019-12-27T00:14:37.000Z
Updated: 2024-08-05T02:32:10.478Z

An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.

Published: 2019-12-27T00:14:48.000Z
Updated: 2024-08-05T02:32:10.497Z

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.

Published: 2019-12-27T00:14:59.000Z
Updated: 2024-08-05T02:32:10.478Z

An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.

Published: 2019-12-27T00:15:16.000Z
Updated: 2024-08-05T02:32:10.474Z

An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.

Published: 2019-12-27T00:15:26.000Z
Updated: 2024-08-05T02:32:10.464Z

An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.

Published: 2019-12-27T00:14:23.000Z
Updated: 2024-08-05T02:32:10.522Z

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.

Published: 2019-12-27T00:15:39.000Z
Updated: 2024-08-05T02:32:10.455Z

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

Published: 2019-12-23T00:53:23.000Z
Updated: 2024-08-05T02:32:09.777Z

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

Published: 2019-12-24T16:03:07.000Z
Updated: 2024-08-05T02:32:09.706Z

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).

Published: 2019-12-24T15:43:33.000Z
Updated: 2024-08-05T02:32:09.514Z

Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.

Published: 2019-12-20T19:52:34.000Z
Updated: 2024-08-05T02:32:09.764Z

Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.

Published: 2019-12-20T19:52:43.000Z
Updated: 2024-08-05T02:32:09.851Z

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

Published: 2019-12-18T05:07:13.000Z
Updated: 2024-08-05T02:32:09.358Z

log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.

Published: 2020-01-21T17:52:21.000Z
Updated: 2024-08-05T02:02:39.854Z

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

Published: 2019-11-22T20:32:52.000Z
Updated: 2024-08-05T01:54:14.482Z

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.

Published: 2020-01-06T00:00:00.000Z
Updated: 2024-08-05T01:47:13.546Z

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

Published: 2019-10-14T01:07:41.000Z
Updated: 2024-08-05T01:40:15.927Z

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.

Published: 2019-10-10T17:17:48.000Z
Updated: 2024-08-05T01:40:15.921Z

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this.

Published: 2019-12-16T19:35:13.000Z
Updated: 2024-08-05T01:24:48.572Z

BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.

Published: 2019-09-09T14:34:57.000Z
Updated: 2024-08-05T01:10:41.269Z

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.

Published: 2020-02-04T19:08:57.000Z
Updated: 2024-08-05T00:56:20.906Z

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

Published: 2020-03-31T16:20:41.000Z
Updated: 2024-08-05T00:34:52.317Z

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

Published: 2020-01-02T14:23:56.000Z
Updated: 2024-08-05T00:26:39.116Z

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None

Published: 2019-11-26T13:01:31.000Z
Updated: 2024-08-05T00:26:39.119Z

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.

Published: 2019-10-08T18:44:09.000Z
Updated: 2024-08-05T00:26:39.176Z

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.

Published: 2019-08-07T14:30:35.000Z
Updated: 2024-08-05T00:26:38.664Z

MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c.

Published: 2019-07-26T03:15:42.000Z
Updated: 2024-08-05T00:12:42.562Z

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

Published: 2019-07-18T19:58:30.000Z
Updated: 2024-08-05T00:05:43.976Z

Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-01-10T21:10:14.000Z
Updated: 2024-08-05T00:05:43.709Z

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2019-12-10T21:01:57.000Z
Updated: 2024-08-05T00:05:43.767Z

Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2019-12-10T21:01:49.000Z
Updated: 2024-08-05T00:05:43.582Z

Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2019-12-10T21:01:45.000Z
Updated: 2024-08-05T00:05:43.986Z

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

Published: 2019-11-25T14:22:55.000Z
Updated: 2024-08-05T00:05:43.432Z

Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Published: 2019-11-25T14:22:55.000Z
Updated: 2024-08-05T00:05:43.685Z

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

Published: 2019-11-25T14:22:55.000Z
Updated: 2024-08-05T00:05:44.159Z

Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Published: 2019-11-25T14:22:55.000Z
Updated: 2024-08-05T00:05:44.160Z

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Published: 2019-11-25T14:22:55.000Z
Updated: 2024-08-05T00:05:43.625Z

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL.

Published: 2019-11-25T14:22:55.000Z
Updated: 2024-08-05T00:05:43.670Z

Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

Published: 2019-11-25T14:22:55.000Z
Updated: 2024-08-05T00:05:43.684Z

Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

Published: 2019-11-25T14:22:55.000Z
Updated: 2024-08-05T00:05:42.208Z

Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: 2019-11-25T14:22:55.000Z
Updated: 2024-08-05T00:05:43.576Z

Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Published: 2019-11-25T14:22:55.000Z
Updated: 2024-08-05T00:05:42.200Z

Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Published: 2019-11-25T14:22:54.000Z
Updated: 2024-08-05T00:05:43.733Z

Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: 2019-11-25T14:22:54.000Z
Updated: 2024-08-05T00:05:42.185Z

Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.

Published: 2019-11-25T14:22:54.000Z
Updated: 2024-08-05T00:05:43.661Z

Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: 2019-11-25T14:22:54.000Z
Updated: 2024-08-04T23:57:39.646Z

Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Published: 2019-11-25T14:22:54.000Z
Updated: 2024-08-04T23:57:39.579Z

Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Published: 2019-11-25T14:22:54.000Z
Updated: 2024-08-04T23:57:39.566Z

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

Published: 2019-07-16T00:00:00.000Z
Updated: 2024-08-04T23:57:39.517Z

An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.

Published: 2019-07-14T21:00:27.000Z
Updated: 2024-08-04T23:57:39.451Z

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.

Published: 2020-03-18T17:39:30.000Z
Updated: 2024-08-04T23:32:55.569Z

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.

Published: 2019-05-20T16:33:37.000Z
Updated: 2024-08-04T23:17:38.857Z

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

Published: 2019-05-15T22:41:11.000Z
Updated: 2026-04-15T20:49:22.320Z

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.

Published: 2019-09-19T13:30:43.000Z
Updated: 2024-08-04T23:03:32.805Z

Pagure before 5.6 allows XSS via the templates/blame.html blame view.

Published: 2020-09-25T05:56:42.000Z
Updated: 2024-08-04T22:55:40.931Z

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

Published: 2019-04-19T00:00:00.000Z
Updated: 2024-11-15T15:11:23.024Z

In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.

Published: 2019-04-07T14:36:23.000Z
Updated: 2024-08-04T22:32:01.425Z

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

Published: 2019-11-22T00:00:00.000Z
Updated: 2024-08-04T22:17:18.927Z

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.

Published: 2018-11-07T05:00:00.000Z
Updated: 2024-08-05T11:30:04.022Z

IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.

Published: 2019-09-08T15:07:10.000Z
Updated: 2024-08-06T03:38:56.816Z