Vendor CVEs
All CVEs
11,415 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-13722 | Med | 0.42 | 6.5 | 0.01 | Jan 14, 2020 | Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5846 | Med | 0.42 | 6.5 | 0.01 | Jan 3, 2020 | Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5845 | Med | 0.42 | 6.5 | 0.01 | Jan 3, 2020 | Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5844 | Med | 0.42 | 6.5 | 0.01 | Jan 3, 2020 | Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-13766 | Med | 0.42 | 6.5 | 0.01 | Jan 3, 2020 | Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-13765 | Med | 0.42 | 6.5 | 0.01 | Jan 3, 2020 | Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-13753 | Med | 0.42 | 6.5 | 0.02 | Dec 10, 2019 | Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2019-13752 | Med | 0.42 | 6.5 | 0.02 | Dec 10, 2019 | Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2019-13751 | Med | 0.42 | 6.5 | 0.02 | Dec 10, 2019 | Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2019-13750 | Med | 0.42 | 6.5 | 0.02 | Dec 10, 2019 | Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. | ||
| CVE-2019-13749 | Med | 0.42 | 6.5 | 0.02 | Dec 10, 2019 | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2019-13748 | Med | 0.42 | 6.5 | 0.01 | Dec 10, 2019 | Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2019-13746 | Med | 0.42 | 6.5 | 0.01 | Dec 10, 2019 | Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2019-13745 | Med | 0.42 | 6.5 | 0.02 | Dec 10, 2019 | Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2019-13744 | Med | 0.42 | 6.5 | 0.01 | Dec 10, 2019 | Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2019-13743 | Med | 0.42 | 6.5 | 0.01 | Dec 10, 2019 | Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page. | ||
| CVE-2019-13742 | Med | 0.42 | 6.5 | 0.01 | Dec 10, 2019 | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||
| CVE-2019-13740 | Med | 0.42 | 6.5 | 0.01 | Dec 10, 2019 | Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||
| CVE-2019-13739 | Med | 0.42 | 6.5 | 0.01 | Dec 10, 2019 | Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||
| CVE-2019-13738 | Med | 0.42 | 6.5 | 0.01 | Dec 10, 2019 | Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page. | ||
| CVE-2019-13737 | Med | 0.42 | 6.5 | 0.01 | Dec 10, 2019 | Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2019-13672 | Med | 0.42 | 6.5 | 0.01 | Dec 10, 2019 | Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS. | ||
| CVE-2019-2227 | Med | 0.42 | 6.5 | 0.00 | Dec 6, 2019 | In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2019-5826 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5879 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. | ||
| CVE-2019-5872 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5869 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5867 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5865 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | ||
| CVE-2019-5862 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | ||
| CVE-2019-5857 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | ||
| CVE-2019-5855 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||
| CVE-2019-5852 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2019-5848 | Med | 0.42 | 6.5 | 0.00 | Nov 25, 2019 | Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2019-5847 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5842 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-13713 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2019-13709 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. | ||
| CVE-2019-13697 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2019-13683 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2019-13678 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||
| CVE-2019-13677 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. | ||
| CVE-2019-13670 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-13665 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page. | ||
| CVE-2019-13664 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2019-13662 | Med | 0.42 | 6.5 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2011-1803 | Med | 0.42 | 6.5 | 0.00 | Nov 12, 2019 | An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element. | ||
| CVE-2011-1802 | Med | 0.42 | 6.5 | 0.01 | Nov 12, 2019 | WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption). | ||
| CVE-2011-2334 | Med | 0.42 | 6.5 | 0.00 | Nov 12, 2019 | Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections. | ||
| CVE-2011-2336 | Med | 0.42 | 6.5 | 0.01 | Nov 7, 2019 | An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts. |
- risk 0.42cvss 6.5epss 0.01
Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- risk 0.42cvss 6.5epss 0.01
Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS.
- risk 0.42cvss 6.5epss 0.00
In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.42cvss 6.5epss 0.01
Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
- risk 0.42cvss 6.5epss 0.01
Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- risk 0.42cvss 6.5epss 0.01
Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.00
Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.00
An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element.
- risk 0.42cvss 6.5epss 0.01
WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption).
- risk 0.42cvss 6.5epss 0.00
Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections.
- risk 0.42cvss 6.5epss 0.01
An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts.
Page 130 of 229