Uncategorized CVEs — 2019 (Page 21/22)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2019-01-16

Medium

CVE-2019-2448

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vuln…

CVSS: 5.5CWE: N/A

High

CVE-2019-2447

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Detail). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12…

CVSS: 8.2CWE: N/A

Medium

CVE-2019-2446

CVSS: 5.5CWE: N/A

High

CVE-2019-2445

Vulnerability in the Oracle Content Manager component of Oracle E-Business Suite (subcomponent: Cover Letter). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5,…

CVSS: 8.2CWE: N/A

High

CVE-2019-2444

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having…

CVSS: 8.2CWE: N/A

High

CVE-2019-2443

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily expl…

CVSS: 7.2CWE: N/A

Medium

CVE-2019-2442

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploit…

CVSS: 6.1CWE: N/A

Medium

CVE-2019-2441

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container - JavaEE). The supported version that is affected is 12.2.1.3. Easily exploitabl…

CVSS: 5.3CWE: N/A

High

CVE-2019-2440

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.…

CVSS: 8.2CWE: N/A

Medium

CVE-2019-2439

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable…

CVSS: 6.1CWE: N/A

Medium

CVE-2019-2438

Vulnerability in the Oracle Web Cache component of Oracle Fusion Middleware (subcomponent: ESI/Partial Page Caching). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulner…

CVSS: 6.9CWE: N/A

High

CVE-2019-2437

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauth…

CVSS: 7.5CWE: N/A

Medium

CVE-2019-2436

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows hig…

CVSS: 5.5CWE: N/A

High

CVE-2019-2435

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vul…

CVSS: 8.1CWE: N/A

Medium

CVE-2019-2434

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerab…

CVSS: 6.5CWE: N/A

High

CVE-2019-2433

CVSS: 7.2CWE: N/A

Medium

CVE-2019-2432

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Login). Supported versions that are affected are 8.1 and 8.2. Difficult to exploit vulnerabili…

CVSS: 4.9CWE: N/A

Medium

CVE-2019-2431

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Console). Supported versions that are affected are 8.1 and 8.2. Difficult to exploit vulnerabi…

CVSS: 6.1CWE: N/A

Medium

CVE-2019-2430

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Console). Supported versions that are affected are 8.1 and 8.2. Easily exploitable vulnerabili…

CVSS: 6.5CWE: N/A

High

CVE-2019-2429

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitabl…

CVSS: 7.1CWE: N/A

Medium

CVE-2019-2427

Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Ea…

CVSS: 5.3CWE: N/A

Low

CVE-2019-2426

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to e…

CVSS: 3.7CWE: N/A

Medium

CVE-2019-2425

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability a…

CVSS: 6.5CWE: N/A

Medium

CVE-2019-2423

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploit…

CVSS: 6.1CWE: N/A

Low

CVE-2019-2422

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to ex…

CVSS: 3.1CWE: N/A

Medium

CVE-2019-2421

Vulnerability in the PeopleSoft Enterprise HCM eProfile Manager Desktop component of Oracle PeopleSoft Products (subcomponent: Guided Self Service). The supported version that is affected is 9.2. Eas…

CVSS: 6.1CWE: N/A

Medium

CVE-2019-2420

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulne…

CVSS: 4.9CWE: N/A

Medium

CVE-2019-2419

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects component of Oracle PeopleSoft Products (subcomponent: Form and Approval Builder). The supported version that is affected is 9…

CVSS: 5.4CWE: N/A

Medium

CVE-2019-2418

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Diffic…

CVSS: 6.5CWE: N/A

Medium

CVE-2019-2417

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.55, 8.56 and 8.57. Easil…

CVSS: 6.5CWE: N/A

High

CVE-2019-2416

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily…

CVSS: 8.8CWE: N/A

Medium

CVE-2019-2415

Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows hi…

CVSS: 4.3CWE: N/A

High

CVE-2019-2414

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows…

CVSS: 7.8CWE: N/A

Medium

CVE-2019-2412

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Object Store). The supported version that is affected is prior to 8.8.2. Difficul…

CVSS: 6.4CWE: N/A

High

CVE-2019-2411

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is…

CVSS: 7.6CWE: N/A

Medium

CVE-2019-2410

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: DGS RES Online, FMS Sender, FMS Receiver, OHC WPF Secur…

CVSS: 5.1CWE: N/A

Medium

CVE-2019-2409

CVSS: 6.7CWE: N/A

Medium

CVE-2019-2408

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Feeds). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable…

CVSS: 4.3CWE: N/A

Medium

CVE-2019-2407

CVSS: 6.1CWE: N/A

High

CVE-2019-2406

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attac…

CVSS: 7.2CWE: N/A

High

CVE-2019-2405

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to exp…

CVSS: 7.5CWE: N/A

Medium

CVE-2019-2404

CVSS: 5.3CWE: N/A

Medium

CVE-2019-2403

Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 2.10. Easily exploitable vulnerability allows unauthenti…

CVSS: 6.5CWE: N/A

High

CVE-2019-2402

Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 2.10. Difficult to exploit vulnerability allows unauthen…

CVSS: 7.7CWE: N/A

High

CVE-2019-2401

CVSS: 8.1CWE: N/A

High

CVE-2019-2400

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Registration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.…

CVSS: 8.2CWE: N/A

Medium

CVE-2019-2399

Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is prior to…

CVSS: 6.5CWE: N/A

Medium

CVE-2019-2398

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Deployment). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily ex…

CVSS: 4.3CWE: N/A

Medium

CVE-2019-2397

CVSS: 4.4CWE: N/A

Medium

CVE-2019-2396

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12…

CVSS: 4.7CWE: N/A

Medium

CVE-2019-2395

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerabil…

CVSS: 5.4CWE: N/A

High

CVE-2018-3311

Vulnerability in the Oracle Retail Xstore Payment component of Oracle Retail Applications (subcomponent: Security). The supported version that is affected is 3.3. Easily exploitable vulnerability all…

CVSS: 8.6CWE: N/A

High

CVE-2018-3309

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is prior to 5.2.22. Easily exploitable vulnerability allows h…

CVSS: 8.2CWE: N/A

Medium

CVE-2018-3305

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.…

CVSS: 6.3CWE: N/A

Medium

CVE-2018-3304

CVSS: 6.5CWE: N/A

Medium

CVE-2018-3303

Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: EM Console). Supported versions that are affected are 13.2 and 13.3. Easily…

CVSS: 6.5CWE: N/A

Medium

CVE-2018-3125

Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications (subcomponent: Security (SQL Logger)). The supported version that is affected is 14.1. Easily exploitab…

CVSS: 6.5CWE: N/A

Critical

CVE-2015-9278

MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.

CVSS: 9.8CWE: CWE-255

Critical

CVE-2019-6440

Zemana AntiMalware before 3.0.658 Beta mishandles update logic.

CVSS: 9.8CWE: CWE-19

2019-01-15

Medium

CVE-2019-0016

A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete…

CVSS: 6.5CWE: N/A

High

CVE-2019-0014

On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the of…

CVSS: 7.5CWE: CWE-19

Medium

CVE-2019-0013

The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a crash, repeated crashes can result in an extended…

CVSS: 6.5CWE: CWE-19

High

CVE-2019-0012

A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) proce…

CVSS: 7.5CWE: N/A

Medium

CVE-2019-0011

The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending th…

CVSS: 6.5CWE: N/A

Medium

CVE-2019-0009

On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE). In a virtual chassis (VC) deployment, this…

CVSS: 5.5CWE: N/A

Critical

CVE-2017-6925

In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entit…

CVSS: 9.8CWE: N/A

2019-01-14

High

CVE-2019-6251

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a…

CVSS: 8.1CWE: N/A

2019-01-11

Critical

CVE-2018-4298

In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through impro…

CVSS: 9.8CWE: N/A

Medium

CVE-2018-4278

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. Th…

CVSS: 4.3CWE: N/A

High

CVE-2018-4212

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This is…

CVSS: 8.8CWE: N/A

High

CVE-2018-4183

In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions.

CVSS: 8.2CWE: N/A

High

CVE-2018-4182

In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS.

CVSS: 8.2CWE: N/A

Medium

CVE-2018-4181

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.

CVSS: 5.5CWE: N/A

High

CVE-2018-4180

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.

CVSS: 7.8CWE: N/A

Medium

CVE-2017-2411

In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates.

CVSS: 5.9CWE: CWE-254

High

CVE-2017-13887

In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management.

CVSS: 7.5CWE: CWE-320

Medium

CVE-2017-13886

In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configuration. This issue was addressed with additional restrictions.

CVSS: 6.5CWE: N/A

Medium

CVE-2016-4642

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This is…

CVSS: 5.9CWE: CWE-254

High

CVE-2019-6136

An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c.

CVSS: 7.5CWE: N/A

2019-01-10

High

CVE-2019-0088

Insufficient path checking in Intel(R) System Support Utility for Windows before 2.5.0.15 may allow an authenticated user to potentially enable an escalation of privilege via local access.

CVSS: 7.8CWE: N/A

Medium

CVE-2017-3718

Improper setting of device configuration in system firmware for Intel(R) NUC kits may allow a privileged user to potentially enable escalation of privilege via physical access.

CVSS: 6.2CWE: N/A

Medium

CVE-2018-15458

A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to…

CVSS: 5.3CWE: CWE-399

Medium

CVE-2018-0449

A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on a…

CVSS: 4.2CWE: CWE-275

Medium

CVE-2018-0282

A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state cond…

CVSS: 6.8CWE: CWE-371

2019-01-09

Critical

CVE-2018-16203

PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain the administrative privilege of the PostgreSQL database via unspecified vectors.

CVSS: 9.8CWE: N/A

High

CVE-2018-16198

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to per…

CVSS: 8.8CWE: N/A

Medium

CVE-2018-16197

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the informatio…

CVSS: 6.5CWE: N/A

High

CVE-2018-16178

Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function.

CVSS: 7.5CWE: N/A

Medium

CVE-2018-1000419

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credent…

CVSS: 6.5CWE: N/A

Medium

CVE-2018-1000408

A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Over…

CVSS: 6.5CWE: N/A

Medium

CVE-2018-0666

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts…

CVSS: 6.8CWE: N/A

Medium

CVE-2018-0665

CVSS: 6.8CWE: N/A

Medium

CVE-2018-6175

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSS: 6.5CWE: N/A

Medium

CVE-2018-6173

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSS: 6.5CWE: N/A

Medium

CVE-2018-6172

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSS: 6.5CWE: N/A

Medium

CVE-2018-6167

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSS: 6.5CWE: N/A

Medium

CVE-2018-6166

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSS: 6.5CWE: N/A

Medium

CVE-2018-6165

Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 6.5CWE: N/A

Medium

CVE-2018-6163

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSS: 6.5CWE: N/A

Medium

CVE-2018-6135

Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVSS: 6.5CWE: N/A

Medium

CVE-2018-6133

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSS: 6.5CWE: CWE-19

High

CVE-2018-6106

An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.

CVSS: 8.8CWE: CWE-19

Medium

CVE-2018-6100

Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted dom…

CVSS: 6.5CWE: CWE-19

Medium

CVE-2018-6097

Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML p…

CVSS: 6.5CWE: CWE-19

Medium

CVE-2018-6091

Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTM…

CVSS: 6.5CWE: CWE-19

Medium

CVE-2018-20069

Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page…

CVSS: 4.3CWE: N/A

Medium

CVE-2018-20067

A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about…

CVSS: 4.3CWE: N/A

Medium

CVE-2018-17459

Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 6.5CWE: N/A

High

CVE-2018-20674

D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentic…

CVSS: 8.8CWE: N/A

2019-01-08

High

CVE-2019-0585

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word…

CVSS: 8.8CWE: N/A

High

CVE-2019-0584

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Win…

CVSS: 7.8CWE: N/A

High

CVE-2019-0583

CVSS: 7.8CWE: N/A

High

CVE-2019-0582

CVSS: 7.8CWE: N/A

High

CVE-2019-0581

CVSS: 7.8CWE: N/A

High

CVE-2019-0580

CVSS: 7.8CWE: N/A

High

CVE-2019-0579

CVSS: 7.8CWE: N/A

High

CVE-2019-0578

CVSS: 7.8CWE: N/A

High

CVE-2019-0577

CVSS: 7.8CWE: N/A

High

CVE-2019-0576

CVSS: 7.8CWE: N/A

High

CVE-2019-0575

CVSS: 7.8CWE: N/A