Total
12528 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5824 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 8.8 High |
| Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-5819 | 6 Apple, Debian, Fedoraproject and 3 more | 7 Macos, Debian Linux, Fedora and 4 more | 2024-11-21 | 7.8 High |
| Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. | ||||
| CVE-2019-5803 | 3 Google, Opensuse, Redhat | 4 Chrome, Backports, Leap and 1 more | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| CVE-2019-5801 | 3 Apple, Google, Opensuse | 4 Iphone Os, Chrome, Backports and 1 more | 2024-11-21 | 6.5 Medium |
| Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||||
| CVE-2019-5800 | 3 Google, Opensuse, Redhat | 4 Chrome, Backports, Leap and 1 more | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| CVE-2019-5799 | 3 Google, Opensuse, Redhat | 4 Chrome, Backports, Leap and 1 more | 2024-11-21 | 6.5 Medium |
| Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| CVE-2019-5793 | 3 Google, Opensuse, Redhat | 4 Chrome, Backports, Leap and 1 more | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. | ||||
| CVE-2019-5783 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | N/A |
| Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page. | ||||
| CVE-2019-5780 | 5 Apple, Debian, Fedoraproject and 2 more | 8 Macos, Debian Linux, Fedora and 5 more | 2024-11-21 | N/A |
| Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. | ||||
| CVE-2019-5769 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-5717 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. | ||||
| CVE-2019-5716 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. | ||||
| CVE-2019-5700 | 2 Google, Nvidia | 2 Android, Shield Experience | 2024-11-21 | 7.8 High |
| NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. | ||||
| CVE-2019-5680 | 1 Nvidia | 2 Jetson Tx1, Jetson Tx1 Firmware | 2024-11-21 | N/A |
| In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges. | ||||
| CVE-2019-5678 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-11-21 | N/A |
| NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure. | ||||
| CVE-2019-5614 | 2 Freebsd, Netapp | 2 Freebsd, Clustered Data Ontap | 2024-11-21 | 9.8 Critical |
| In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in accessing out-of-bounds memory leading to a kernel panic or other unpredictable results. | ||||
| CVE-2019-5611 | 2 Freebsd, Netapp | 2 Freebsd, Clustered Data Ontap | 2024-11-21 | 7.5 High |
| In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service. | ||||
| CVE-2019-5597 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
| In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter. | ||||
| CVE-2019-5464 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.8 Critical |
| A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. | ||||
| CVE-2019-5461 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | ||||