‼ CVE-2019-13776 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: some publications have used this number when they meant to use CVE-2019-13376.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16048 ‼
📖 Read
via "National Vulnerability Database".
Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37983 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-6125 ‼
📖 Read
via "National Vulnerability Database".
Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37984 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37994 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-5123 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37989 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37988 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37987 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37995 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41312 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5955 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38497 ‼
📖 Read
via "National Vulnerability Database".
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20706 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in the WebManager CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote file upload via network.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39237 ‼
📖 Read
via "National Vulnerability Database".
Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20703 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38500 ‼
📖 Read
via "National Vulnerability Database".
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38491 ‼
📖 Read
via "National Vulnerability Database".
Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20707 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to read files upload via network..📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27820 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).📖 Read
via "National Vulnerability Database".