Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-4362

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-15 Aug, 2023 | 17:07
Updated At-13 Feb, 2025 | 17:13
Rejected At-
Credits

Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:15 Aug, 2023 | 17:07
Updated At:13 Feb, 2025 | 17:13
Rejected At:
▼CVE Numbering Authority (CNA)

Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Affected Products
Vendor
Google LLCGoogle
Product
Chrome
Versions
Affected
  • From 116.0.5845.96 before 116.0.5845.96 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AHeap buffer overflow
Type: N/A
CWE ID: N/A
Description: Heap buffer overflow
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
N/A
https://crbug.com/1316379
N/A
https://www.debian.org/security/2023/dsa-5479
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/
N/A
https://security.gentoo.org/glsa/202401-34
N/A
Hyperlink: https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
Resource: N/A
Hyperlink: https://crbug.com/1316379
Resource: N/A
Hyperlink: https://www.debian.org/security/2023/dsa-5479
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202401-34
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
x_transferred
https://crbug.com/1316379
x_transferred
https://www.debian.org/security/2023/dsa-5479
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/
x_transferred
https://security.gentoo.org/glsa/202401-34
x_transferred
Hyperlink: https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
Resource:
x_transferred
Hyperlink: https://crbug.com/1316379
Resource:
x_transferred
Hyperlink: https://www.debian.org/security/2023/dsa-5479
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/
Resource:
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202401-34
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:15 Aug, 2023 | 18:15
Updated At:31 Jan, 2024 | 17:15

Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Google LLC
google
>>chrome>>Versions before 116.0.5845.96(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>12.0
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.htmlchrome-cve-admin@google.com
Release Notes
Vendor Advisory
https://crbug.com/1316379chrome-cve-admin@google.com
Permissions Required
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/chrome-cve-admin@google.com
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/chrome-cve-admin@google.com
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202401-34chrome-cve-admin@google.com
N/A
https://www.debian.org/security/2023/dsa-5479chrome-cve-admin@google.com
Third Party Advisory
Hyperlink: https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
Source: chrome-cve-admin@google.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://crbug.com/1316379
Source: chrome-cve-admin@google.com
Resource:
Permissions Required
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/
Source: chrome-cve-admin@google.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/202401-34
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://www.debian.org/security/2023/dsa-5479
Source: chrome-cve-admin@google.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

4401Records found
CVE-2019-2141
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112705155

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2206
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-1.24% / 78.39%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 17:37
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139188579

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2072
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116117112

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2070
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117883804

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2086
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114735603

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2085
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117496180

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2073
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac there is a possible out of bounds write to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117100484

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2063
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116019594

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2084
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117494734

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2066
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117100617

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0517
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-66.01% / 98.45%
||
7 Day CHG-0.47%
Published-16 Jan, 2024 | 21:14
Updated-22 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLCFedora Project
Product-fedorachromeChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0223
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-9.62% / 92.57%
||
7 Day CHG~0.00%
Published-04 Jan, 2024 | 01:56
Updated-18 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2087
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118149009

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2078
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114749542

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2074
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116617847

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2083
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117495362

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2081
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116473261

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2071
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117216549

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6858
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.39% / 59.33%
||
7 Day CHG+0.06%
Published-19 Dec, 2023 | 13:38
Updated-07 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefox_esrdebian_linuxfirefoxthunderbirdFirefoxFirefox ESRThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2069
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117832864

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6873
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.93%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 13:38
Updated-13 Feb, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxdebian_linuxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6212
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.40%
||
7 Day CHG+0.07%
Published-21 Nov, 2023 | 14:28
Updated-13 Feb, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrFirefox ESRFirefoxThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2075
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115908308

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2064
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116469592

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2076
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115907334

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2080
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118619159

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2059
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118386824

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2061
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112610994

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2062
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117660045

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2065
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118143575

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2082
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117495103

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2068
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117099943

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2067
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116114402

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2077
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114745929

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2055
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113164693

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6856
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-8.52% / 92.01%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 13:38
Updated-13 Feb, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrFirefox ESRThunderbirdFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-5474
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.66% / 70.25%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 22:28
Updated-01 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6387
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.44% / 79.90%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 14:42
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17540
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.25%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 01:09
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-5217
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.00% / 76.05%
||
7 Day CHG-0.03%
Published-28 Sep, 2023 | 15:23
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-23||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-webmprojectMozilla CorporationFedora ProjectMicrosoft CorporationApple Inc.Red Hat, Inc.Google LLCDebian GNU/Linux
Product-ipadosthunderbirdfirefoxlibvpxedgechromeenterprise_linuxfedoraedge_chromiumiphone_osdebian_linuxlibvpxChromeChromium libvpx
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17024
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.78% / 81.93%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 21:31
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Canonical Ltd.openSUSEMozilla Corporation
Product-enterprise_linux_serverubuntu_linuxdebian_linuxfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapFirefoxFirefox ESR
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13729
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-3.55% / 87.22%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverenterprise_linux_for_scientific_computingdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13730
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.91% / 82.54%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Debian GNU/LinuxNovellRed Hat, Inc.Fedora ProjectGoogle LLCopenSUSE
Product-enterprise_linux_serverenterprise_linux_for_scientific_computingdebian_linuxchromeenterprise_linux_workstationfedorasuse_package_hub_for_suse_linux_enterprisebackportsenterprise_linux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-5493
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.14%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 23:02
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLCCanonical Ltd.
Product-chromeubuntu_linuxfedoraChromechrome
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13721
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.91%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13747
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.36% / 84.29%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverenterprise_linux_for_scientific_computingdebian_linuxchromeandroidenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2019-13728
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-3.15% / 86.37%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverenterprise_linux_for_scientific_computingdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13724
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.88%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-12527
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-18.92% / 95.07%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 18:10
Updated-04 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.

Action-Not Available
Vendor-n/aSquid CacheCanonical Ltd.Debian GNU/LinuxFedora ProjectRed Hat, Inc.
Product-ubuntu_linuxdebian_linuxsquidenterprise_linux_server_ausfedoraenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-11505
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.95% / 75.36%
||
7 Day CHG~0.00%
Published-24 Apr, 2019 | 20:31
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GraphicsMagickopenSUSE
Product-ubuntu_linuxdebian_linuxgraphicsmagickbackports_sleleapn/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 88
  • 89
  • Next
Details not found