Show filters

Showing topic results for "":

(11-20 of 25533)

Sort by:
Attacker Value
Unknown

CVE-2020-16009

Disclosure Date: November 03, 2020 (last updated November 13, 2020)
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Attacker Value
Moderate

CVE-2020-8091

Disclosure Date: January 27, 2020 (last updated June 05, 2020)
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
Attacker Value
Unknown

CVE-2019-0676

Disclosure Date: March 05, 2019 (last updated July 24, 2020)
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.
Attacker Value
Unknown

CVE-2018-8653

Disclosure Date: December 20, 2018 (last updated July 24, 2020)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.
Attacker Value
Unknown

CVE-2017-8291

Disclosure Date: April 27, 2017 (last updated July 30, 2020)
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
Attacker Value
Unknown

CVE-2016-3351

Disclosure Date: September 14, 2016 (last updated June 05, 2020)
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
Attacker Value
Moderate

CVE-2020-13699

Disclosure Date: July 29, 2020 (last updated August 28, 2020)
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
Attacker Value
Unknown

CVE-2019-1367

Disclosure Date: September 23, 2019 (last updated July 24, 2020)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.
Attacker Value
Unknown

CVE-2017-0149

Disclosure Date: March 17, 2017 (last updated July 23, 2020)
Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037.
Attacker Value
Unknown

CVE-2016-4655

Disclosure Date: August 25, 2016 (last updated July 30, 2020)
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.