Total
10666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5858 | 2 Apple, Google | 2 Macos, Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2019-5856 | 1 Google | 1 Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2019-5852 | 1 Google | 1 Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-5839 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2023-11-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. | |||||
| CVE-2019-5819 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Macos, Debian Linux, Fedora and 3 more | 2023-11-07 | 4.4 MEDIUM | 7.8 HIGH |
| Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. | |||||
| CVE-2019-5803 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-5801 | 3 Apple, Google, Opensuse | 4 Iphone Os, Chrome, Backports and 1 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-5800 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-5799 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-5793 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. | |||||
| CVE-2019-5783 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page. | |||||
| CVE-2019-5780 | 5 Apple, Debian, Fedoraproject and 2 more | 7 Macos, Debian Linux, Fedora and 4 more | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. | |||||
| CVE-2019-5769 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5717 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. | |||||
| CVE-2019-5716 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. | |||||
| CVE-2019-3871 | 2 Fedoraproject, Powerdns | 2 Fedora, Authoritative Server | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response | |||||
| CVE-2019-3581 | 1 Mcafee | 1 Mcafee Web Gateway | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter. | |||||
| CVE-2019-3571 | 1 Whatsapp | 1 Whatsapp | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension. | |||||
| CVE-2019-3460 | 4 Canonical, Debian, Linux and 1 more | 16 Ubuntu Linux, Debian Linux, Linux Kernel and 13 more | 2023-11-07 | 3.3 LOW | 6.5 MEDIUM |
| A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. | |||||
| CVE-2019-20485 | 3 Debian, Fedoraproject, Redhat | 3 Debian Linux, Fedora, Libvirt | 2023-11-07 | 2.7 LOW | 5.7 MEDIUM |
| qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). | |||||