Show filters
963 Total Results
Displaying 201-210 of 963
Sort by:
Attacker Value
Unknown

CVE-2018-6108

Disclosure Date: December 04, 2018 (last updated November 08, 2023)
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.
0
0
Attacker Value
Unknown

CVE-2018-6101

Disclosure Date: December 04, 2018 (last updated November 08, 2023)
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.
0
0
Attacker Value
Unknown

CVE-2018-6092

Disclosure Date: December 04, 2018 (last updated November 08, 2023)
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
0
0
Attacker Value
Unknown

CVE-2018-6116

Disclosure Date: December 04, 2018 (last updated November 08, 2023)
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
0
0
Attacker Value
Unknown

CVE-2018-8786

Disclosure Date: November 29, 2018 (last updated November 08, 2023)
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-8787

Disclosure Date: November 29, 2018 (last updated November 27, 2024)
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-12121

Disclosure Date: November 28, 2018 (last updated November 27, 2024)
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-19535

Disclosure Date: November 26, 2018 (last updated November 27, 2024)
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-19477

Disclosure Date: November 23, 2018 (last updated November 08, 2023)
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
0
0
Attacker Value
Unknown

CVE-2018-19475

Disclosure Date: November 23, 2018 (last updated November 08, 2023)
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
0
0
View More Topics  < Previous  Next >