Vulnerabilities (CVE)

Vendor filter

Debian Subscribe

Filter

2522 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-5778 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-02-21 4.3
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for...
CVE-2019-8308 2 Debian, Redhat 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2019-02-21 4.4
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
CVE-2016-3159 4 Xen, Fedoraproject, Oracle and 1 more 4 Vm Server, Xen, Fedora and 1 more 2019-02-21 1.7
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another...
CVE-2016-3615 5 Mariadb, Ibm, Oracle and 2 more 6 Linux, Mariadb, Mysql and 3 more 2019-02-21 4.3
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via...
CVE-2016-3521 5 Mariadb, Ibm, Oracle and 2 more 6 Linux, Mariadb, Mysql and 3 more 2019-02-21 6.8
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via...
CVE-2016-3477 5 Mariadb, Ibm, Oracle and 2 more 6 Linux, Mariadb, Mysql and 3 more 2019-02-21 4.1
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and...
CVE-2019-3464 2 Pizzashack, Debian 2 Rssh, Debian Linux 2019-02-21 7.5
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
CVE-2016-2105 8 Openssl, Apple, Oracle and 5 more 16 Leap, Openssl, Enterprise Linux Desktop and 13 more 2019-02-21 5.0
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2016-2047 7 Mariadb, Oracle, Novell and 4 more 8 Leap, Mariadb, Enterprise Linux and 5 more 2019-02-21 4.3
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly...
CVE-2019-6338 2 Drupal, Debian 2 Drupal, Debian Linux 2019-02-20 6.0
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to...
CVE-2019-5769 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-02-20 6.8
Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-3462 3 Debian, Netapp, Canonical 5 Apt, Active Iq, Element Software and 2 more 2019-02-20 9.3
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
CVE-2018-4056 1 Debian 1 Debian Linux 2019-02-20 7.5
An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which...
CVE-2016-0705 5 Google, Openssl, Oracle and 2 more 5 Mysql, Android, Openssl and 2 more 2019-02-20 10.0
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other...
CVE-2019-5780 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-02-20 4.6
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
CVE-2019-5763 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-02-20 6.8
Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5767 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-02-20 4.3
Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.
CVE-2019-5768 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-02-20 4.3
DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
CVE-2019-5762 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-02-20 6.8
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
CVE-2019-5766 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-02-20 4.3
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.