| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-18460 | Hig | 0.49 | 7.5 | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control. | ||
| CVE-2018-17860 | Hig | 0.47 | 7.2 | 0.01 | Nov 26, 2019 | Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. | ||
| CVE-2016-5724 | Hig | 0.49 | 7.5 | 0.01 | Nov 26, 2019 | Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles. | ||
| CVE-2016-4572 | Hig | 0.57 | 8.8 | 0.01 | Nov 26, 2019 | In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. | ||
| CVE-2015-7831 | Hig | 0.57 | 8.8 | 0.01 | Nov 26, 2019 | In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used. | ||
| CVE-2015-6495 | Hig | 0.49 | 7.5 | 0.01 | Nov 26, 2019 | There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles. | ||
| CVE-2019-14853 | — | Hig | 0.49 | 7.5 | 0.03 | Nov 26, 2019 | An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service. | |
| CVE-2019-14890 | Hig | 0.55 | 8.4 | 0.00 | Nov 26, 2019 | A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license. | ||
| CVE-2011-4082 | Hig | 0.49 | 7.5 | 0.02 | Nov 26, 2019 | A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request. | ||
| CVE-2019-19272 | Hig | 0.42 | 7.5 | 0.01 | Nov 26, 2019 | An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. | ||
| CVE-2019-19271 | Hig | 0.42 | 7.5 | 0.01 | Nov 26, 2019 | An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates… | ||
| CVE-2019-19270 | Hig | 0.49 | 7.5 | 0.01 | Nov 26, 2019 | An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow… | ||
| CVE-2019-15972 | Hig | 0.57 | 8.8 | 0.02 | Nov 26, 2019 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly… | ||
| CVE-2011-3632 | Hig | 0.46 | 7.1 | 0.00 | Nov 26, 2019 | Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | ||
| CVE-2011-3631 | Hig | 0.57 | 8.8 | 0.03 | Nov 26, 2019 | Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and… | ||
| CVE-2011-3630 | Hig | 0.57 | 8.8 | 0.03 | Nov 26, 2019 | Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it,… | ||
| CVE-2019-15956 | Hig | 0.57 | 8.8 | 0.01 | Nov 26, 2019 | A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization… | ||
| CVE-2019-15288 | Hig | 0.57 | 8.8 | 0.02 | Nov 26, 2019 | A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due… | ||
| CVE-2019-15286 | Hig | 0.51 | 7.8 | 0.01 | Nov 26, 2019 | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain… | ||
| CVE-2019-15284 | Hig | 0.51 | 7.8 | 0.01 | Nov 26, 2019 | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain… | ||
| CVE-2019-15271 | Hig | 0.70 | 8.8 | 0.06 | KEV | Nov 26, 2019 | A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token.… | |
| CVE-2011-3600 | Hig | 0.50 | 7.5 | 0.16 | Nov 26, 2019 | The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open… | ||
| CVE-2019-18251 | Hig | 0.57 | 8.8 | 0.02 | Nov 26, 2019 | In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit. | ||
| CVE-2019-15595 | Hig | 0.57 | 8.8 | 0.02 | Nov 26, 2019 | A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands. | ||
| CVE-2019-11290 | Hig | 0.49 | 7.5 | 0.01 | Nov 26, 2019 | Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well. | ||
| CVE-2011-3596 | Hig | 0.53 | 7.5 | 0.11 | Nov 26, 2019 | Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request. | ||
| CVE-2011-3355 | Hig | 0.48 | 7.3 | 0.01 | Nov 25, 2019 | evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim. | ||
| CVE-2011-3351 | Hig | 0.46 | 7.1 | 0.00 | Nov 25, 2019 | openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system. | ||
| CVE-2019-15629 | Hig | 0.49 | 7.5 | 0.03 | Nov 25, 2019 | Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device. | ||
| CVE-2019-19244 | Hig | 0.42 | 7.5 | 0.03 | Nov 25, 2019 | sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. | ||
| CVE-2019-19252 | Hig | 0.00 | 7.8 | 0.00 | Nov 25, 2019 | vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. | ||
| CVE-2019-16765 | Hig | 0.41 | 7.4 | 0.05 | Nov 25, 2019 | If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users… | ||
| CVE-2012-6639 | Hig | 0.57 | 8.8 | 0.02 | Nov 25, 2019 | An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. | ||
| CVE-2019-19246 | Hig | 0.42 | 7.5 | 0.03 | Nov 25, 2019 | Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. | ||
| CVE-2015-1396 | Hig | 0.49 | 7.5 | 0.03 | Nov 25, 2019 | A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. | ||
| CVE-2019-5881 | Hig | 0.53 | 8.1 | 0.01 | Nov 25, 2019 | Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2019-5880 | Hig | 0.48 | 7.4 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2019-5878 | Hig | 0.57 | 8.8 | 0.01 | Nov 25, 2019 | Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5877 | Hig | 0.57 | 8.8 | 0.01 | Nov 25, 2019 | Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5876 | Hig | 0.57 | 8.8 | 0.01 | Nov 25, 2019 | Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5874 | Hig | 0.57 | 8.8 | 0.01 | Nov 25, 2019 | Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2019-5871 | Hig | 0.57 | 8.8 | 0.01 | Nov 25, 2019 | Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5859 | Hig | 0.57 | 8.8 | 0.01 | Nov 25, 2019 | Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2019-5858 | Hig | 0.57 | 8.8 | 0.01 | Nov 25, 2019 | Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page. | ||
| CVE-2019-5856 | Hig | 0.57 | 8.8 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | ||
| CVE-2019-5854 | Hig | 0.57 | 8.8 | 0.01 | Nov 25, 2019 | Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||
| CVE-2019-5853 | Hig | 0.57 | 8.8 | 0.01 | Nov 25, 2019 | Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5851 | Hig | 0.57 | 8.8 | 0.01 | Nov 25, 2019 | Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5849 | Hig | 0.53 | 8.1 | 0.01 | Nov 25, 2019 | Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2019-17403 | Hig | 0.57 | 8.8 | 0.03 | Nov 25, 2019 | Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. |
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.
- risk 0.47cvss 7.2epss 0.01
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
- risk 0.49cvss 7.5epss 0.01
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
- risk 0.57cvss 8.8epss 0.01
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
- risk 0.57cvss 8.8epss 0.01
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.
- risk 0.49cvss 7.5epss 0.01
There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.
- risk 0.49cvss 7.5epss 0.03
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.
- risk 0.55cvss 8.4epss 0.00
A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.
- risk 0.49cvss 7.5epss 0.02
A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.
- risk 0.42cvss 7.5epss 0.01
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
- risk 0.42cvss 7.5epss 0.01
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly…
- risk 0.46cvss 7.1epss 0.00
Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.
- risk 0.57cvss 8.8epss 0.03
Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and…
- risk 0.57cvss 8.8epss 0.03
Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it,…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due…
- risk 0.51cvss 7.8epss 0.01
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain…
- risk 0.51cvss 7.8epss 0.01
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain…
- risk 0.70cvss 8.8epss 0.06
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token.…
- risk 0.50cvss 7.5epss 0.16
The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open…
- risk 0.57cvss 8.8epss 0.02
In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit.
- risk 0.57cvss 8.8epss 0.02
A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands.
- risk 0.49cvss 7.5epss 0.01
Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
- risk 0.53cvss 7.5epss 0.11
Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.
- risk 0.48cvss 7.3epss 0.01
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.
- risk 0.46cvss 7.1epss 0.00
openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system.
- risk 0.49cvss 7.5epss 0.03
Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device.
- risk 0.42cvss 7.5epss 0.03
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
- risk 0.00cvss 7.8epss 0.00
vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a.
- risk 0.41cvss 7.4epss 0.05
If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users…
- risk 0.57cvss 8.8epss 0.02
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.
- risk 0.42cvss 7.5epss 0.03
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
- risk 0.49cvss 7.5epss 0.03
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
- risk 0.53cvss 8.1epss 0.01
Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- risk 0.48cvss 7.4epss 0.01
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- risk 0.57cvss 8.8epss 0.01
Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.53cvss 8.1epss 0.01
Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.03
Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution.