Show filters
700 Total Results
Displaying 11-20 of 700
Sort by:
Attacker Value
Low
CVE-2020-0543 CROSSTALK
Disclosure Date: June 15, 2020 (last updated November 28, 2024)
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
1
Attacker Value
High
CVE-2014-0160 (AKA: Heartbleed)
Disclosure Date: April 07, 2014 (last updated July 03, 2024)
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
0
Attacker Value
Unknown
CVE-2023-6345
Disclosure Date: November 29, 2023 (last updated December 16, 2023)
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
1
Attacker Value
Unknown
CVE-2023-44487
Disclosure Date: October 10, 2023 (last updated June 28, 2024)
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
1
Attacker Value
Unknown
CVE-2023-4863
Disclosure Date: September 12, 2023 (last updated December 21, 2024)
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
1
Attacker Value
Unknown
CVE-2023-4762
Disclosure Date: September 05, 2023 (last updated June 11, 2024)
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
1
Attacker Value
Unknown
CVE-2023-2283
Disclosure Date: May 26, 2023 (last updated October 08, 2023)
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.
1
Attacker Value
Unknown
CVE-2022-3602
Disclosure Date: November 01, 2022 (last updated December 22, 2024)
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to u…
1
Attacker Value
Unknown
CVE-2022-41742
Disclosure Date: October 19, 2022 (last updated November 08, 2023)
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.
1
Attacker Value
Unknown
CVE-2022-3201
Disclosure Date: September 26, 2022 (last updated November 25, 2023)
Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)
1