CVEs (1,898)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
2Google Opensuse3Backports ChromeLeapNov 21, 2024 May 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
2Google Opensuse3Backports Sle ChromeLeapNov 21, 2024 May 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
2Google Opensuse3Backports ChromeLeapNov 21, 2024 May 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
2Google Opensuse3Backports ChromeLeapNov 21, 2024 May 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
2Google Opensuse3Backports ChromeLeapNov 21, 2024 May 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
6Canonical DebianGoogle+3 more7Backports ChromeDebian Linux+4 moreNov 21, 2024 May 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
2Google Opensuse3Backports Sle ChromeLeapNov 21, 2024 May 23, 2019 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
2Google Opensuse3Backports ChromeLeapNov 21, 2024 May 23, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. |
2Google Opensuse3Backports Sle ChromeLeapNov 21, 2024 May 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
2Google Opensuse3Backports ChromeLeapNov 21, 2024 May 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. |
2Google Opensuse3Backports ChromeLeapNov 21, 2024 May 23, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. |
2Google Opensuse3Backports ChromeLeapNov 21, 2024 May 23, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
2Google Opensuse3Backports ChromeLeapNov 21, 2024 May 23, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
2Google Opensuse3Backports ChromeLeapNov 21, 2024 May 23, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted H...Show more |
2Google Opensuse3Backports ChromeLeapNov 21, 2024 May 23, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a craft...Show more |
2Google Opensuse3Backports ChromeLeapNov 21, 2024 May 23, 2019 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
5Canonical DebianFedoraproject+2 more7Backports Sle Debian LinuxFedora+4 moreNov 21, 2024 May 20, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. |
6Artifex CanonicalDebian+3 more6Debian Linux Enterprise LinuxFedora+3 moreNov 21, 2024 May 16, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have acces...Show more |
4Debian FedoraprojectHeimdal Project+1 more5Backports Sle Debian LinuxFedora+2 moreApr 15, 2026 May 15, 2019 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. |
5Fedoraproject HpeNetapp+2 more6Clustered Data Ontap Data OntapFedora+3 moreNov 21, 2024 May 15, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 NTP through 4.2.8p12 has a NULL Pointer Dereference. |