📦 Backports

This is a use-after-free vulnerability in Chrome's WebAuthentication API that allows a remote attacker who has already compromised the renderer process to potentially escape the browser sandbox. It af...

This vulnerability in GraphicsMagick allows attackers to trigger an integer overflow and heap-based buffer overflow when processing specially crafted image files. This can lead to remote code executio...

CVE-2019-19950 is a use-after-free vulnerability in GraphicsMagick's error handling functions that allows attackers to execute arbitrary code or cause denial of service. This affects systems running v...

CVE-2018-20177 is a critical integer overflow vulnerability in rdesktop RDP client that leads to heap-based buffer overflow and remote code execution. Attackers can exploit this by sending specially c...

This vulnerability allows a remote attacker to exploit heap corruption via an out-of-bounds read in WebSQL in Google Chrome. Attackers can craft malicious HTML pages to potentially execute arbitrary c...

This vulnerability in Google Chrome allows attackers to bypass security user interface (UI) warnings and prompts by exploiting insufficient policy enforcement during navigations. Attackers can craft m...

This vulnerability in Google Chrome's developer tools allows remote attackers to execute arbitrary code on a user's system by tricking them into using devtools on a malicious HTML page. It affects Chr...

This vulnerability is a heap buffer overflow in Chrome's media component that allows remote attackers to potentially execute arbitrary code or cause denial of service via a crafted HTML page. All user...

This vulnerability in Intel SGX SDK allows authenticated local users to potentially escalate privileges due to improper initialization. It affects systems running Intel SGX SDK versions before 2.6.100...

This vulnerability in Nextcloud Server allows attackers to bypass file type restrictions by manipulating file extensions. Attackers could upload malicious files disguised as allowed types, potentially...

This is a type confusion vulnerability in Chrome's JavaScript engine that could allow a remote attacker to execute arbitrary code or cause heap corruption. It affects users running Google Chrome versi...

This vulnerability allows remote attackers to cause a denial-of-service in Shadowsocks-libev by sending arbitrary UDP packets when using Stream Cipher with local_address configuration. The service wil...

This is a use-after-free vulnerability in Chrome's WebBluetooth implementation that allows a remote attacker who has already compromised the renderer process to potentially exploit heap corruption. At...