Total
232 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6332 | 1 Facebook | 1 Hhvm | 2024-11-21 | N/A |
| A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests. | ||||
| CVE-2018-6133 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||||
| CVE-2018-6106 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page. | ||||
| CVE-2018-6100 | 4 Apple, Debian, Google and 1 more | 7 Mac Os X, Debian Linux, Chrome and 4 more | 2024-11-21 | N/A |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||||
| CVE-2018-6097 | 4 Apple, Debian, Google and 1 more | 7 Macos, Debian Linux, Chrome and 4 more | 2024-11-21 | N/A |
| Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page. | ||||
| CVE-2018-6091 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2018-5915 | 1 Qualcomm | 42 Mdm9607, Mdm9607 Firmware, Mdm9640 and 39 more | 2024-11-21 | N/A |
| Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130 | ||||
| CVE-2018-4329 | 1 Apple | 2 Iphone Os, Safari | 2024-11-21 | N/A |
| Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12. | ||||
| CVE-2017-6920 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
| Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations. | ||||
| CVE-2016-9650 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | N/A |
| Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page. | ||||
| CVE-2016-9305 | 1 Autodesk | 1 Fbx Software Development Kit | 2024-11-21 | N/A |
| Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers. | ||||
| CVE-2016-9252 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2024-11-21 | N/A |
| The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors. | ||||
| CVE-2016-8226 | 1 Lenovo | 11 Flex System X240 M5 Bios, Flex System X280 M6 Bios, Flex System X480 X6 Bios and 8 more | 2024-11-21 | N/A |
| The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. | ||||
| CVE-2016-7987 | 1 Siemens | 8 Eta2 Firmware, Eta4 Firmware, Sicam Ak and 5 more | 2024-11-21 | N/A |
| An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Specially crafted packets sent to Port 2404/TCP could cause the affected device to go into defect mode. A cold start might be required to recover the system, a Denial-of-Service Vulnerability. | ||||
| CVE-2016-7540 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | N/A |
| coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. | ||||
| CVE-2016-6766 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31318219. | ||||
| CVE-2016-6765 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945. | ||||
| CVE-2016-6287 | 1 Call-cc | 1 Http-client | 2024-11-21 | N/A |
| The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests through a proxy (also known as a "httpoxy" attack). This affects all versions of http-client before 0.10. | ||||
| CVE-2016-6286 | 1 Call-cc | 1 Http-client | 2024-11-21 | N/A |
| The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server (also known as a "httpoxy" attack). This affects all versions of spiffy-cgi-handlers before 0.5. | ||||
| CVE-2016-5225 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | N/A |
| Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page. | ||||