| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-20070 |
1 Google |
1 Chrome |
2019-01-16 |
4.3 |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |
| CVE-2018-20721 |
|
|
2019-01-16 |
N/A |
| URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address. |
| CVE-2018-20068 |
1 Google |
1 Chrome |
2019-01-16 |
4.3 |
| Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. |
| CVE-2018-16065 |
3 Google, Debian, Redhat |
5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more |
2019-01-16 |
6.8 |
| A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
| CVE-2018-20679 |
1 Busybox |
1 Busybox |
2019-01-16 |
5.0 |
| An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message.... |
| CVE-2016-9651 |
2 Google, Redhat |
4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more |
2019-01-16 |
6.8 |
| A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
| CVE-2018-20703 |
1 Cubecart |
1 Cubecart |
2019-01-16 |
3.5 |
| CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. |
| CVE-2019-0583 |
1 Microsoft |
8 Windows 10, Windows 7, Windows 8.1 and 5 more |
2019-01-16 |
9.3 |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1,... |
| CVE-2019-6267 |
|
|
2019-01-16 |
N/A |
| The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI. |
| CVE-2019-6131 |
|
|
2019-01-16 |
N/A |
| svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool. |
| CVE-2019-6130 |
|
|
2019-01-16 |
N/A |
| Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. |
| CVE-2019-0014 |
|
|
2019-01-16 |
N/A |
| On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly... |
| CVE-2019-0013 |
|
|
2019-01-16 |
N/A |
| The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a crash, repeated crashes can result in an extended Denial of Service (DoS) condition. This issue... |
| CVE-2019-0012 |
|
|
2019-01-16 |
N/A |
| A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts... |
| CVE-2019-0011 |
|
|
2019-01-16 |
N/A |
| The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly... |
| CVE-2019-0010 |
|
|
2019-01-16 |
N/A |
| An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each... |
| CVE-2019-0009 |
|
|
2019-01-16 |
N/A |
| On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE). In a virtual chassis (VC) deployment, this issue disrupts communication between the VC... |
| CVE-2019-0007 |
|
|
2019-01-16 |
N/A |
| The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base... |
| CVE-2019-0003 |
|
|
2019-01-16 |
N/A |
| When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd)... |
| CVE-2019-0001 |
|
|
2019-01-16 |
N/A |
| Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd... |
