Vulnerabilites related to opensuse - backports
cve-2019-5821
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.135Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/919640",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Integer overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:11",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/919640",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5821",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Integer overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/919640",
                     refsource: "MISC",
                     url: "https://crbug.com/919640",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5821",
      datePublished: "2019-06-27T16:13:43",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.135Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6445
Vulnerability from cvelistv5
Published
2020-04-13 17:30
Modified
2024-08-04 09:02
Severity ?
Summary
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 81.0.4044.92
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.621Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/933171",
               },
               {
                  name: "openSUSE-SU-2020:0519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
               },
               {
                  name: "openSUSE-SU-2020:0540",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
               },
               {
                  name: "FEDORA-2020-b82a634e27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
               },
               {
                  name: "FEDORA-2020-0e7f1b663b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
               },
               {
                  name: "FEDORA-2020-da49fbb17c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "81.0.4044.92",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:40",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/933171",
            },
            {
               name: "openSUSE-SU-2020:0519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
            },
            {
               name: "openSUSE-SU-2020:0540",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
            },
            {
               name: "FEDORA-2020-b82a634e27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
            },
            {
               name: "FEDORA-2020-0e7f1b663b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
            },
            {
               name: "FEDORA-2020-da49fbb17c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6445",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "81.0.4044.92",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                  },
                  {
                     name: "https://crbug.com/933171",
                     refsource: "MISC",
                     url: "https://crbug.com/933171",
                  },
                  {
                     name: "openSUSE-SU-2020:0519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0540",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
                  },
                  {
                     name: "FEDORA-2020-b82a634e27",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
                  },
                  {
                     name: "FEDORA-2020-0e7f1b663b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
                  },
                  {
                     name: "FEDORA-2020-da49fbb17c",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6445",
      datePublished: "2020-04-13T17:30:59",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.621Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-13707
Vulnerability from cvelistv5
Published
2019-11-25 14:22
Modified
2024-08-05 00:05
Severity ?
Summary
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 78.0.3904.70
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:05:42.213Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/859349",
               },
               {
                  name: "openSUSE-SU-2020:0010",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "78.0.3904.70",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient validation of untrusted input",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-13T12:06:14",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/859349",
            },
            {
               name: "openSUSE-SU-2020:0010",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-13707",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "78.0.3904.70",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient validation of untrusted input",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
                  },
                  {
                     name: "https://crbug.com/859349",
                     refsource: "MISC",
                     url: "https://crbug.com/859349",
                  },
                  {
                     name: "openSUSE-SU-2020:0010",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-13707",
      datePublished: "2019-11-25T14:22:55",
      dateReserved: "2019-07-18T00:00:00",
      dateUpdated: "2024-08-05T00:05:42.213Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5818
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.582Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/929962",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Uninitialized Use",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:13",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/929962",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5818",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Uninitialized Use",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/929962",
                     refsource: "MISC",
                     url: "https://crbug.com/929962",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5818",
      datePublished: "2019-06-27T16:13:43",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.582Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5805
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:22.990Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/913320",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Use after free",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:10",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/913320",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5805",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Use after free",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://crbug.com/913320",
                     refsource: "MISC",
                     url: "https://crbug.com/913320",
                  },
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5805",
      datePublished: "2019-06-27T16:13:43",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:22.990Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6443
Vulnerability from cvelistv5
Published
2020-04-13 17:30
Modified
2024-08-04 09:02
Severity ?
Summary
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 81.0.4044.92
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.476Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/1040080",
               },
               {
                  name: "openSUSE-SU-2020:0519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
               },
               {
                  name: "openSUSE-SU-2020:0540",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
               },
               {
                  name: "FEDORA-2020-b82a634e27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
               },
               {
                  name: "FEDORA-2020-0e7f1b663b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
               },
               {
                  name: "FEDORA-2020-da49fbb17c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "81.0.4044.92",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient data validation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:47",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/1040080",
            },
            {
               name: "openSUSE-SU-2020:0519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
            },
            {
               name: "openSUSE-SU-2020:0540",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
            },
            {
               name: "FEDORA-2020-b82a634e27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
            },
            {
               name: "FEDORA-2020-0e7f1b663b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
            },
            {
               name: "FEDORA-2020-da49fbb17c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6443",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "81.0.4044.92",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient data validation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                  },
                  {
                     name: "https://crbug.com/1040080",
                     refsource: "MISC",
                     url: "https://crbug.com/1040080",
                  },
                  {
                     name: "openSUSE-SU-2020:0519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0540",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
                  },
                  {
                     name: "FEDORA-2020-b82a634e27",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
                  },
                  {
                     name: "FEDORA-2020-0e7f1b663b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
                  },
                  {
                     name: "FEDORA-2020-da49fbb17c",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6443",
      datePublished: "2020-04-13T17:30:58",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.476Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5819
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.506Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/919356",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Inappropriate implementation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:11",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/919356",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5819",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Inappropriate implementation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/919356",
                     refsource: "MISC",
                     url: "https://crbug.com/919356",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5819",
      datePublished: "2019-06-27T16:13:43",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.506Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5829
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 75.0.3770.80
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.650Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/958533",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
               {
                  name: "FEDORA-2019-e5ff5d0ffd",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "75.0.3770.80",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Integer overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-10-14T18:06:11",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/958533",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
            {
               name: "FEDORA-2019-e5ff5d0ffd",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5829",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "75.0.3770.80",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Integer overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "https://crbug.com/958533",
                     refsource: "MISC",
                     url: "https://crbug.com/958533",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
                  {
                     name: "FEDORA-2019-e5ff5d0ffd",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5829",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.650Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-20177
Vulnerability from cvelistv5
Published
2019-03-15 18:00
Modified
2024-08-05 11:58
Severity ?
Summary
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:58:18.260Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "106938",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/106938",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
               },
               {
                  name: "GLSA-201903-06",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201903-06",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
               },
               {
                  name: "DSA-4394",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4394",
               },
               {
                  name: "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html",
               },
               {
                  name: "openSUSE-SU-2019:2135",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-01-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-09-14T23:06:13",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "106938",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/106938",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
            },
            {
               name: "GLSA-201903-06",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201903-06",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
            },
            {
               name: "DSA-4394",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4394",
            },
            {
               name: "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html",
            },
            {
               name: "openSUSE-SU-2019:2135",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-20177",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "106938",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/106938",
                  },
                  {
                     name: "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
                     refsource: "MISC",
                     url: "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
                  },
                  {
                     name: "GLSA-201903-06",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201903-06",
                  },
                  {
                     name: "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
                     refsource: "CONFIRM",
                     url: "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
                  },
                  {
                     name: "DSA-4394",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4394",
                  },
                  {
                     name: "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html",
                  },
                  {
                     name: "openSUSE-SU-2019:2135",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-20177",
      datePublished: "2019-03-15T18:00:00",
      dateReserved: "2018-12-17T00:00:00",
      dateUpdated: "2024-08-05T11:58:18.260Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5836
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 75.0.3770.80
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.559Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/947342",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "75.0.3770.80",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Heap buffer overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:13",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/947342",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5836",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "75.0.3770.80",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Heap buffer overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "https://crbug.com/947342",
                     refsource: "MISC",
                     url: "https://crbug.com/947342",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5836",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.559Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6495
Vulnerability from cvelistv5
Published
2020-06-03 22:50
Modified
2024-08-04 09:02
Severity ?
Summary
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 83.0.4103.97
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.718Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/1072116",
               },
               {
                  name: "GLSA-202006-02",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202006-02",
               },
               {
                  name: "openSUSE-SU-2020:0823",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html",
               },
               {
                  name: "openSUSE-SU-2020:0832",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "83.0.4103.97",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:14",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/1072116",
            },
            {
               name: "GLSA-202006-02",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202006-02",
            },
            {
               name: "openSUSE-SU-2020:0823",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html",
            },
            {
               name: "openSUSE-SU-2020:0832",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6495",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "83.0.4103.97",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "https://crbug.com/1072116",
                     refsource: "MISC",
                     url: "https://crbug.com/1072116",
                  },
                  {
                     name: "GLSA-202006-02",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202006-02",
                  },
                  {
                     name: "openSUSE-SU-2020:0823",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0832",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6495",
      datePublished: "2020-06-03T22:50:37",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.718Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5831
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 75.0.3770.80
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.381Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/950328",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0791",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
               {
                  name: "FEDORA-2019-e5ff5d0ffd",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "75.0.3770.80",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Inappropriate implementation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-10-14T18:06:15",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/950328",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0791",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
            {
               name: "FEDORA-2019-e5ff5d0ffd",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5831",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "75.0.3770.80",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Inappropriate implementation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "https://crbug.com/950328",
                     refsource: "MISC",
                     url: "https://crbug.com/950328",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0791",
                     refsource: "MISC",
                     url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0791",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
                  {
                     name: "FEDORA-2019-e5ff5d0ffd",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5831",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.381Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6433
Vulnerability from cvelistv5
Published
2020-04-13 17:30
Modified
2024-08-04 09:02
Severity ?
Summary
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 81.0.4044.92
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.624Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/1043965",
               },
               {
                  name: "openSUSE-SU-2020:0519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
               },
               {
                  name: "openSUSE-SU-2020:0540",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
               },
               {
                  name: "FEDORA-2020-b82a634e27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
               },
               {
                  name: "FEDORA-2020-0e7f1b663b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
               },
               {
                  name: "FEDORA-2020-da49fbb17c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "81.0.4044.92",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:28",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/1043965",
            },
            {
               name: "openSUSE-SU-2020:0519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
            },
            {
               name: "openSUSE-SU-2020:0540",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
            },
            {
               name: "FEDORA-2020-b82a634e27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
            },
            {
               name: "FEDORA-2020-0e7f1b663b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
            },
            {
               name: "FEDORA-2020-da49fbb17c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6433",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "81.0.4044.92",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                  },
                  {
                     name: "https://crbug.com/1043965",
                     refsource: "MISC",
                     url: "https://crbug.com/1043965",
                  },
                  {
                     name: "openSUSE-SU-2020:0519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0540",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
                  },
                  {
                     name: "FEDORA-2020-b82a634e27",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
                  },
                  {
                     name: "FEDORA-2020-0e7f1b663b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
                  },
                  {
                     name: "FEDORA-2020-da49fbb17c",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6433",
      datePublished: "2020-04-13T17:30:53",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.624Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5830
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 75.0.3770.80
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.515Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/665766",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "75.0.3770.80",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Inappropriate implementation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:12",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/665766",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5830",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "75.0.3770.80",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Inappropriate implementation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "https://crbug.com/665766",
                     refsource: "MISC",
                     url: "https://crbug.com/665766",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5830",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.515Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-10938
Vulnerability from cvelistv5
Published
2020-03-24 15:28
Modified
2024-08-04 11:21
Severity ?
Summary
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:21:12.992Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://sourceforge.net/p/graphicsmagick/code/ci/5b4dd7c6674140a115ec9424c8d19c6a458fac3e/",
               },
               {
                  name: "openSUSE-SU-2020:0416",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html",
               },
               {
                  name: "openSUSE-SU-2020:0429",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html",
               },
               {
                  name: "[debian-lts-announce] 20200415 [SECURITY] [DLA 2173-1] graphicsmagick security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00007.html",
               },
               {
                  name: "DSA-4675",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4675",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-05-06T12:06:20",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://sourceforge.net/p/graphicsmagick/code/ci/5b4dd7c6674140a115ec9424c8d19c6a458fac3e/",
            },
            {
               name: "openSUSE-SU-2020:0416",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html",
            },
            {
               name: "openSUSE-SU-2020:0429",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html",
            },
            {
               name: "[debian-lts-announce] 20200415 [SECURITY] [DLA 2173-1] graphicsmagick security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00007.html",
            },
            {
               name: "DSA-4675",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4675",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-10938",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://sourceforge.net/p/graphicsmagick/code/ci/5b4dd7c6674140a115ec9424c8d19c6a458fac3e/",
                     refsource: "MISC",
                     url: "https://sourceforge.net/p/graphicsmagick/code/ci/5b4dd7c6674140a115ec9424c8d19c6a458fac3e/",
                  },
                  {
                     name: "openSUSE-SU-2020:0416",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0429",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html",
                  },
                  {
                     name: "[debian-lts-announce] 20200415 [SECURITY] [DLA 2173-1] graphicsmagick security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00007.html",
                  },
                  {
                     name: "DSA-4675",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4675",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-10938",
      datePublished: "2020-03-24T15:28:05",
      dateReserved: "2020-03-24T00:00:00",
      dateUpdated: "2024-08-04T11:21:12.992Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5838
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 75.0.3770.80
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.473Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/893087",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "75.0.3770.80",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:12",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/893087",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5838",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "75.0.3770.80",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "https://crbug.com/893087",
                     refsource: "MISC",
                     url: "https://crbug.com/893087",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5838",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.473Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5811
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:22.997Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/771815",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Inappropriate implementation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:11",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/771815",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5811",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Inappropriate implementation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/771815",
                     refsource: "MISC",
                     url: "https://crbug.com/771815",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5811",
      datePublished: "2019-06-27T16:13:43",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:22.997Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5839
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 75.0.3770.80
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.612Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/925614",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
               {
                  name: "FEDORA-2019-e5ff5d0ffd",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "75.0.3770.80",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient data validation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-10-14T18:06:12",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/925614",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
            {
               name: "FEDORA-2019-e5ff5d0ffd",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5839",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "75.0.3770.80",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient data validation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "https://crbug.com/925614",
                     refsource: "MISC",
                     url: "https://crbug.com/925614",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
                  {
                     name: "FEDORA-2019-e5ff5d0ffd",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5839",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.612Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5823
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.836Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/930154",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:11",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/930154",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5823",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/930154",
                     refsource: "MISC",
                     url: "https://crbug.com/930154",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5823",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.836Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5791
Vulnerability from cvelistv5
Published
2019-05-23 19:13
Modified
2024-08-04 20:01
Severity ?
Summary
Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: prior to 73.0.3683.75
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:01:52.348Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/926651",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 73.0.3683.75",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Out of bounds memory access",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-28T17:06:06",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/926651",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5791",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 73.0.3683.75",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Out of bounds memory access",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                  },
                  {
                     name: "https://crbug.com/926651",
                     refsource: "MISC",
                     url: "https://crbug.com/926651",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5791",
      datePublished: "2019-05-23T19:13:12",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:01:52.348Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6493
Vulnerability from cvelistv5
Published
2020-06-03 22:50
Modified
2024-08-04 09:02
Severity ?
Summary
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 83.0.4103.97
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.696Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/1082105",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html",
               },
               {
                  name: "GLSA-202006-02",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202006-02",
               },
               {
                  name: "openSUSE-SU-2020:0823",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html",
               },
               {
                  name: "openSUSE-SU-2020:0832",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "83.0.4103.97",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Use after free",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:31",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/1082105",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html",
            },
            {
               name: "GLSA-202006-02",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202006-02",
            },
            {
               name: "openSUSE-SU-2020:0823",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html",
            },
            {
               name: "openSUSE-SU-2020:0832",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6493",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "83.0.4103.97",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Use after free",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://crbug.com/1082105",
                     refsource: "MISC",
                     url: "https://crbug.com/1082105",
                  },
                  {
                     name: "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "GLSA-202006-02",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202006-02",
                  },
                  {
                     name: "openSUSE-SU-2020:0823",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0832",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6493",
      datePublished: "2020-06-03T22:50:36",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.696Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-7443
Vulnerability from cvelistv5
Published
2019-05-07 18:41
Modified
2024-08-04 20:46
Severity ?
Summary
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:46:46.316Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.suse.com/show_bug.cgi?id=1124863",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-05-07T18:41:37",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.suse.com/show_bug.cgi?id=1124863",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-7443",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html",
                     refsource: "MISC",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html",
                  },
                  {
                     name: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html",
                     refsource: "MISC",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html",
                  },
                  {
                     name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/",
                     refsource: "MISC",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/",
                  },
                  {
                     name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/",
                     refsource: "MISC",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/",
                  },
                  {
                     name: "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a",
                     refsource: "MISC",
                     url: "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a",
                  },
                  {
                     name: "https://bugzilla.suse.com/show_bug.cgi?id=1124863",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.suse.com/show_bug.cgi?id=1124863",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-7443",
      datePublished: "2019-05-07T18:41:37",
      dateReserved: "2019-02-05T00:00:00",
      dateUpdated: "2024-08-04T20:46:46.316Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5840
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 75.0.3770.80
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.680Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/951782",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "75.0.3770.80",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Incorrect security UI",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:12",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/951782",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5840",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "75.0.3770.80",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Incorrect security UI",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "https://crbug.com/951782",
                     refsource: "MISC",
                     url: "https://crbug.com/951782",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5840",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.680Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5800
Vulnerability from cvelistv5
Published
2019-05-23 19:18
Modified
2024-08-04 20:09
Severity ?
Summary
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: prior to 73.0.3683.75
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:22.978Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/894228",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 73.0.3683.75",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Inappropriate implementation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-28T17:06:07",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/894228",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5800",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 73.0.3683.75",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Inappropriate implementation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                  },
                  {
                     name: "https://crbug.com/894228",
                     refsource: "MISC",
                     url: "https://crbug.com/894228",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5800",
      datePublished: "2019-05-23T19:18:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:22.978Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-14983
Vulnerability from cvelistv5
Published
2020-06-22 19:13
Modified
2024-08-04 13:00
Severity ?
Summary
The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T13:00:52.077Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/chocolate-doom/chocolate-doom/issues/1293",
               },
               {
                  name: "openSUSE-SU-2020:0928",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00002.html",
               },
               {
                  name: "openSUSE-SU-2020:0939",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00007.html",
               },
               {
                  name: "openSUSE-SU-2020:0947",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00012.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-08T20:06:14",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/chocolate-doom/chocolate-doom/issues/1293",
            },
            {
               name: "openSUSE-SU-2020:0928",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00002.html",
            },
            {
               name: "openSUSE-SU-2020:0939",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00007.html",
            },
            {
               name: "openSUSE-SU-2020:0947",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00012.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-14983",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/chocolate-doom/chocolate-doom/issues/1293",
                     refsource: "MISC",
                     url: "https://github.com/chocolate-doom/chocolate-doom/issues/1293",
                  },
                  {
                     name: "openSUSE-SU-2020:0928",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00002.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0939",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00007.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0947",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00012.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-14983",
      datePublished: "2020-06-22T19:13:34",
      dateReserved: "2020-06-22T00:00:00",
      dateUpdated: "2024-08-04T13:00:52.077Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5790
Vulnerability from cvelistv5
Published
2019-05-23 19:12
Modified
2024-08-04 20:01
Severity ?
Summary
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: prior to 73.0.3683.75
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:01:52.195Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/914736",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 73.0.3683.75",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Heap buffer overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-28T17:06:06",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/914736",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5790",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 73.0.3683.75",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Heap buffer overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                  },
                  {
                     name: "https://crbug.com/914736",
                     refsource: "MISC",
                     url: "https://crbug.com/914736",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5790",
      datePublished: "2019-05-23T19:12:38",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:01:52.195Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5835
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 75.0.3770.80
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.594Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/939239",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "75.0.3770.80",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Object lifecycle issue",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:11",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/939239",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5835",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "75.0.3770.80",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Object lifecycle issue",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "https://crbug.com/939239",
                     refsource: "MISC",
                     url: "https://crbug.com/939239",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5835",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.594Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5801
Vulnerability from cvelistv5
Published
2019-05-23 19:19
Modified
2024-08-04 20:09
Severity ?
Summary
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: prior to 73.0.3683.75
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.051Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/921390",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 73.0.3683.75",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Incorrect security UI",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-28T17:06:08",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/921390",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5801",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 73.0.3683.75",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Incorrect security UI",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                  },
                  {
                     name: "https://crbug.com/921390",
                     refsource: "MISC",
                     url: "https://crbug.com/921390",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5801",
      datePublished: "2019-05-23T19:19:27",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.051Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-15803
Vulnerability from cvelistv5
Published
2020-07-17 00:00
Modified
2024-08-04 13:30
Severity ?
Summary
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T13:30:22.339Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.zabbix.com/browse/ZBX-18057",
               },
               {
                  name: "FEDORA-2020-519516feec",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/",
               },
               {
                  name: "FEDORA-2020-02cf7850ca",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/",
               },
               {
                  name: "[debian-lts-announce] 20200803 [SECURITY] [DLA 2311-1] zabbix security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html",
               },
               {
                  name: "openSUSE-SU-2020:1604",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html",
               },
               {
                  name: "[debian-lts-announce] 20210421 [SECURITY] [DLA 2631-1] zabbix security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html",
               },
               {
                  name: "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-12T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://support.zabbix.com/browse/ZBX-18057",
            },
            {
               name: "FEDORA-2020-519516feec",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/",
            },
            {
               name: "FEDORA-2020-02cf7850ca",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/",
            },
            {
               name: "[debian-lts-announce] 20200803 [SECURITY] [DLA 2311-1] zabbix security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html",
            },
            {
               name: "openSUSE-SU-2020:1604",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html",
            },
            {
               name: "[debian-lts-announce] 20210421 [SECURITY] [DLA 2631-1] zabbix security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html",
            },
            {
               name: "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-15803",
      datePublished: "2020-07-17T00:00:00",
      dateReserved: "2020-07-17T00:00:00",
      dateUpdated: "2024-08-04T13:30:22.339Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6455
Vulnerability from cvelistv5
Published
2020-04-13 17:31
Modified
2024-08-04 09:02
Severity ?
Summary
Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 81.0.4044.92
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.703Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/1059669",
               },
               {
                  name: "openSUSE-SU-2020:0519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
               },
               {
                  name: "openSUSE-SU-2020:0540",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
               },
               {
                  name: "FEDORA-2020-b82a634e27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
               },
               {
                  name: "FEDORA-2020-0e7f1b663b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
               },
               {
                  name: "FEDORA-2020-da49fbb17c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "81.0.4044.92",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Out of bounds read",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:48",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/1059669",
            },
            {
               name: "openSUSE-SU-2020:0519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
            },
            {
               name: "openSUSE-SU-2020:0540",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
            },
            {
               name: "FEDORA-2020-b82a634e27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
            },
            {
               name: "FEDORA-2020-0e7f1b663b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
            },
            {
               name: "FEDORA-2020-da49fbb17c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6455",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "81.0.4044.92",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Out of bounds read",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                  },
                  {
                     name: "https://crbug.com/1059669",
                     refsource: "MISC",
                     url: "https://crbug.com/1059669",
                  },
                  {
                     name: "openSUSE-SU-2020:0519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0540",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
                  },
                  {
                     name: "FEDORA-2020-b82a634e27",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
                  },
                  {
                     name: "FEDORA-2020-0e7f1b663b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
                  },
                  {
                     name: "FEDORA-2020-da49fbb17c",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6455",
      datePublished: "2020-04-13T17:31:03",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.703Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6456
Vulnerability from cvelistv5
Published
2020-04-13 17:31
Modified
2024-08-04 09:02
Severity ?
Summary
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 81.0.4044.92
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.786Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/1040755",
               },
               {
                  name: "openSUSE-SU-2020:0519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
               },
               {
                  name: "openSUSE-SU-2020:0540",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
               },
               {
                  name: "FEDORA-2020-b82a634e27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
               },
               {
                  name: "FEDORA-2020-0e7f1b663b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
               },
               {
                  name: "FEDORA-2020-da49fbb17c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "81.0.4044.92",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient validation of untrusted input",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:24",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/1040755",
            },
            {
               name: "openSUSE-SU-2020:0519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
            },
            {
               name: "openSUSE-SU-2020:0540",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
            },
            {
               name: "FEDORA-2020-b82a634e27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
            },
            {
               name: "FEDORA-2020-0e7f1b663b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
            },
            {
               name: "FEDORA-2020-da49fbb17c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6456",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "81.0.4044.92",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient validation of untrusted input",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                  },
                  {
                     name: "https://crbug.com/1040755",
                     refsource: "MISC",
                     url: "https://crbug.com/1040755",
                  },
                  {
                     name: "openSUSE-SU-2020:0519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0540",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
                  },
                  {
                     name: "FEDORA-2020-b82a634e27",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
                  },
                  {
                     name: "FEDORA-2020-0e7f1b663b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
                  },
                  {
                     name: "FEDORA-2020-da49fbb17c",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6456",
      datePublished: "2020-04-13T17:31:03",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.786Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-18899
Vulnerability from cvelistv5
Published
2020-01-23 15:00
Modified
2024-09-17 01:25
Summary
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.
Impacted products
Vendor Product Version
openSUSE Leap 15.1 Version: apt-cacher-ng   < 3.1-lp151.3.3.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:02:39.815Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "openSUSE-SU-2020:0124",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html",
               },
               {
                  name: "openSUSE-SU-2020:0146",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.suse.com/show_bug.cgi?id=1157703",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Leap 15.1",
               vendor: "openSUSE",
               versions: [
                  {
                     lessThan: "3.1-lp151.3.3.1",
                     status: "affected",
                     version: "apt-cacher-ng",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Matthias Gerstner of SUSE",
            },
         ],
         datePublic: "2020-01-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 6.2,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-269",
                     description: "CWE-269: Improper Privilege Management",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-13T00:00:00",
            orgId: "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            shortName: "suse",
         },
         references: [
            {
               name: "openSUSE-SU-2020:0124",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html",
            },
            {
               name: "openSUSE-SU-2020:0146",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html",
            },
            {
               url: "https://bugzilla.suse.com/show_bug.cgi?id=1157703",
            },
         ],
         source: {
            advisory: "https://bugzilla.suse.com/show_bug.cgi?id=1157703",
            defect: [
               "1157703",
            ],
            discovery: "INTERNAL",
         },
         title: "apt-cacher-ng insecure use of /run/apt-cacher-ng",
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
      assignerShortName: "suse",
      cveId: "CVE-2019-18899",
      datePublished: "2020-01-23T15:00:20.234353Z",
      dateReserved: "2019-11-12T00:00:00",
      dateUpdated: "2024-09-17T01:25:34.093Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5792
Vulnerability from cvelistv5
Published
2019-05-23 19:13
Modified
2024-08-04 20:09
Severity ?
Summary
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.
Impacted products
Vendor Product Version
Google Chrome Version: prior to 73.0.3683.75
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:22.449Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/914983",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 73.0.3683.75",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Integer overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-28T17:06:05",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/914983",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5792",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 73.0.3683.75",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Integer overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                  },
                  {
                     name: "https://crbug.com/914983",
                     refsource: "MISC",
                     url: "https://crbug.com/914983",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5792",
      datePublished: "2019-05-23T19:13:46",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:22.449Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-13723
Vulnerability from cvelistv5
Published
2019-11-25 14:22
Modified
2024-08-05 00:05
Severity ?
Summary
Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 78.0.3904.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:05:43.648Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/1024121",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html",
               },
               {
                  name: "RHSA-2019:3955",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:3955",
               },
               {
                  name: "FEDORA-2019-3e46b182ff",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54XWRJ5LDFL27QXBPIBX3EHO4TPMKN4R/",
               },
               {
                  name: "FEDORA-2019-00d5e55259",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/USW7PGIHNPE6W3LGY6ZDFLELQGSL52CH/",
               },
               {
                  name: "openSUSE-SU-2019:2693",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00035.html",
               },
               {
                  name: "GLSA-202003-08",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202003-08",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "78.0.3904.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Use after free",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-13T04:06:23",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/1024121",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html",
            },
            {
               name: "RHSA-2019:3955",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:3955",
            },
            {
               name: "FEDORA-2019-3e46b182ff",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54XWRJ5LDFL27QXBPIBX3EHO4TPMKN4R/",
            },
            {
               name: "FEDORA-2019-00d5e55259",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/USW7PGIHNPE6W3LGY6ZDFLELQGSL52CH/",
            },
            {
               name: "openSUSE-SU-2019:2693",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00035.html",
            },
            {
               name: "GLSA-202003-08",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202003-08",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2019-13723",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "78.0.3904.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Use after free",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://crbug.com/1024121",
                     refsource: "MISC",
                     url: "https://crbug.com/1024121",
                  },
                  {
                     name: "https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html",
                  },
                  {
                     name: "RHSA-2019:3955",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:3955",
                  },
                  {
                     name: "FEDORA-2019-3e46b182ff",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54XWRJ5LDFL27QXBPIBX3EHO4TPMKN4R/",
                  },
                  {
                     name: "FEDORA-2019-00d5e55259",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USW7PGIHNPE6W3LGY6ZDFLELQGSL52CH/",
                  },
                  {
                     name: "openSUSE-SU-2019:2693",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00035.html",
                  },
                  {
                     name: "GLSA-202003-08",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202003-08",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-13723",
      datePublished: "2019-11-25T14:22:55",
      dateReserved: "2019-07-18T00:00:00",
      dateUpdated: "2024-08-05T00:05:43.648Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6441
Vulnerability from cvelistv5
Published
2020-04-13 17:30
Modified
2024-08-04 09:02
Severity ?
Summary
Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 81.0.4044.92
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.680Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/959571",
               },
               {
                  name: "openSUSE-SU-2020:0519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
               },
               {
                  name: "openSUSE-SU-2020:0540",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
               },
               {
                  name: "FEDORA-2020-b82a634e27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
               },
               {
                  name: "FEDORA-2020-0e7f1b663b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
               },
               {
                  name: "FEDORA-2020-da49fbb17c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "81.0.4044.92",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:09",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/959571",
            },
            {
               name: "openSUSE-SU-2020:0519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
            },
            {
               name: "openSUSE-SU-2020:0540",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
            },
            {
               name: "FEDORA-2020-b82a634e27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
            },
            {
               name: "FEDORA-2020-0e7f1b663b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
            },
            {
               name: "FEDORA-2020-da49fbb17c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6441",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "81.0.4044.92",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                  },
                  {
                     name: "https://crbug.com/959571",
                     refsource: "MISC",
                     url: "https://crbug.com/959571",
                  },
                  {
                     name: "openSUSE-SU-2020:0519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0540",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
                  },
                  {
                     name: "FEDORA-2020-b82a634e27",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
                  },
                  {
                     name: "FEDORA-2020-0e7f1b663b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
                  },
                  {
                     name: "FEDORA-2020-da49fbb17c",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6441",
      datePublished: "2020-04-13T17:30:57",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.680Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5833
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 75.0.3770.80
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.392Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/945067",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "75.0.3770.80",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Incorrect security UI",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:12",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/945067",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5833",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "75.0.3770.80",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Incorrect security UI",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "https://crbug.com/945067",
                     refsource: "MISC",
                     url: "https://crbug.com/945067",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5833",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.392Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5803
Vulnerability from cvelistv5
Published
2019-05-23 19:20
Modified
2024-08-04 20:09
Severity ?
Summary
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: prior to 73.0.3683.75
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.011Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/909865",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 73.0.3683.75",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-28T17:06:05",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/909865",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5803",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 73.0.3683.75",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                  },
                  {
                     name: "https://crbug.com/909865",
                     refsource: "MISC",
                     url: "https://crbug.com/909865",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5803",
      datePublished: "2019-05-23T19:20:26",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.011Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-0561
Vulnerability from cvelistv5
Published
2020-02-13 18:21
Modified
2024-08-04 06:02
Severity ?
Summary
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
Impacted products
Vendor Product Version
n/a Intel(R) SGX SDK Version: before v2.6.100.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T06:02:52.206Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html",
               },
               {
                  name: "openSUSE-SU-2020:0604",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00009.html",
               },
               {
                  name: "openSUSE-SU-2020:0615",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00014.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Intel(R) SGX SDK",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "before v2.6.100.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Escalation of Privilege",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-05-06T14:06:03",
            orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            shortName: "intel",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html",
            },
            {
               name: "openSUSE-SU-2020:0604",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00009.html",
            },
            {
               name: "openSUSE-SU-2020:0615",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00014.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@intel.com",
               ID: "CVE-2020-0561",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Intel(R) SGX SDK",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "before v2.6.100.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Escalation of Privilege",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html",
                     refsource: "MISC",
                     url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0604",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00009.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0615",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00014.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
      assignerShortName: "intel",
      cveId: "CVE-2020-0561",
      datePublished: "2020-02-13T18:21:11",
      dateReserved: "2019-10-28T00:00:00",
      dateUpdated: "2024-08-04T06:02:52.206Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5834
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 75.0.3770.80
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.621Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/962368",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "75.0.3770.80",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient data validation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:12",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/962368",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5834",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "75.0.3770.80",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient data validation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "https://crbug.com/962368",
                     refsource: "MISC",
                     url: "https://crbug.com/962368",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5834",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.621Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6435
Vulnerability from cvelistv5
Published
2020-04-13 17:30
Modified
2024-08-04 09:02
Severity ?
Summary
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 81.0.4044.92
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.387Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/1032158",
               },
               {
                  name: "openSUSE-SU-2020:0519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
               },
               {
                  name: "openSUSE-SU-2020:0540",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
               },
               {
                  name: "FEDORA-2020-b82a634e27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
               },
               {
                  name: "FEDORA-2020-0e7f1b663b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
               },
               {
                  name: "FEDORA-2020-da49fbb17c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "81.0.4044.92",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:43",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/1032158",
            },
            {
               name: "openSUSE-SU-2020:0519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
            },
            {
               name: "openSUSE-SU-2020:0540",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
            },
            {
               name: "FEDORA-2020-b82a634e27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
            },
            {
               name: "FEDORA-2020-0e7f1b663b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
            },
            {
               name: "FEDORA-2020-da49fbb17c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6435",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "81.0.4044.92",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                  },
                  {
                     name: "https://crbug.com/1032158",
                     refsource: "MISC",
                     url: "https://crbug.com/1032158",
                  },
                  {
                     name: "openSUSE-SU-2020:0519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0540",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
                  },
                  {
                     name: "FEDORA-2020-b82a634e27",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
                  },
                  {
                     name: "FEDORA-2020-0e7f1b663b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
                  },
                  {
                     name: "FEDORA-2020-da49fbb17c",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6435",
      datePublished: "2020-04-13T17:30:54",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.387Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5804
Vulnerability from cvelistv5
Published
2019-05-23 19:21
Modified
2024-08-04 20:09
Severity ?
Summary
Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.
Impacted products
Vendor Product Version
Google Chrome Version: prior to 73.0.3683.75
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.107Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/933004",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 73.0.3683.75",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient data validation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-28T17:06:07",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/933004",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5804",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 73.0.3683.75",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient data validation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                  },
                  {
                     name: "https://crbug.com/933004",
                     refsource: "MISC",
                     url: "https://crbug.com/933004",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5804",
      datePublished: "2019-05-23T19:21:29",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.107Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-19951
Vulnerability from cvelistv5
Published
2019-12-24 00:07
Modified
2024-08-05 02:32
Severity ?
Summary
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:32:09.987Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://sourceforge.net/p/graphicsmagick/bugs/608/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d",
               },
               {
                  name: "openSUSE-SU-2020:0055",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html",
               },
               {
                  name: "openSUSE-SU-2020:0145",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html",
               },
               {
                  name: "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html",
               },
               {
                  name: "DSA-4640",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4640",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-16T09:06:04",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://sourceforge.net/p/graphicsmagick/bugs/608/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d",
            },
            {
               name: "openSUSE-SU-2020:0055",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html",
            },
            {
               name: "openSUSE-SU-2020:0145",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html",
            },
            {
               name: "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html",
            },
            {
               name: "DSA-4640",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4640",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-19951",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://sourceforge.net/p/graphicsmagick/bugs/608/",
                     refsource: "MISC",
                     url: "https://sourceforge.net/p/graphicsmagick/bugs/608/",
                  },
                  {
                     name: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d",
                     refsource: "MISC",
                     url: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d",
                  },
                  {
                     name: "openSUSE-SU-2020:0055",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0145",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html",
                  },
                  {
                     name: "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html",
                  },
                  {
                     name: "DSA-4640",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4640",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-19951",
      datePublished: "2019-12-24T00:07:02",
      dateReserved: "2019-12-24T00:00:00",
      dateUpdated: "2024-08-05T02:32:09.987Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5827
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.131
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.945Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/952406",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "USN-4205-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4205-1/",
               },
               {
                  name: "GLSA-202003-16",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202003-16",
               },
               {
                  name: "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.131",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Integer overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-08-23T00:06:25",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/952406",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "USN-4205-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4205-1/",
            },
            {
               name: "GLSA-202003-16",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202003-16",
            },
            {
               name: "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2019-5827",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.131",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Integer overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html",
                  },
                  {
                     name: "https://crbug.com/952406",
                     refsource: "MISC",
                     url: "https://crbug.com/952406",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "USN-4205-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4205-1/",
                  },
                  {
                     name: "GLSA-202003-16",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202003-16",
                  },
                  {
                     name: "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5827",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.945Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5824
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.131
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.729Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/948564",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.131",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Parameter passing error",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-13T22:06:12",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/948564",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5824",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.131",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Parameter passing error",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://crbug.com/948564",
                     refsource: "MISC",
                     url: "https://crbug.com/948564",
                  },
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5824",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.729Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-14524
Vulnerability from cvelistv5
Published
2019-08-02 11:18
Modified
2024-08-05 00:19
Severity ?
Summary
An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:19:41.098Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/schismtracker/schismtracker/issues/201",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/schismtracker/schismtracker/releases/tag/20190805",
               },
               {
                  name: "openSUSE-SU-2019:1994",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00072.html",
               },
               {
                  name: "openSUSE-SU-2019:2019",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00083.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-29T05:06:08",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/schismtracker/schismtracker/issues/201",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/schismtracker/schismtracker/releases/tag/20190805",
            },
            {
               name: "openSUSE-SU-2019:1994",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00072.html",
            },
            {
               name: "openSUSE-SU-2019:2019",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00083.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-14524",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/schismtracker/schismtracker/issues/201",
                     refsource: "MISC",
                     url: "https://github.com/schismtracker/schismtracker/issues/201",
                  },
                  {
                     name: "https://github.com/schismtracker/schismtracker/releases/tag/20190805",
                     refsource: "MISC",
                     url: "https://github.com/schismtracker/schismtracker/releases/tag/20190805",
                  },
                  {
                     name: "openSUSE-SU-2019:1994",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00072.html",
                  },
                  {
                     name: "openSUSE-SU-2019:2019",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00083.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-14524",
      datePublished: "2019-08-02T11:18:12",
      dateReserved: "2019-08-02T00:00:00",
      dateUpdated: "2024-08-05T00:19:41.098Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5810
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.472Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/916838",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Side-channel information leakage",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:11",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/916838",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5810",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Side-channel information leakage",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/916838",
                     refsource: "MISC",
                     url: "https://crbug.com/916838",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5810",
      datePublished: "2019-06-27T16:13:43",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.472Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5820
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.589Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/919635",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Integer overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:13",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/919635",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5820",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Integer overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/919635",
                     refsource: "MISC",
                     url: "https://crbug.com/919635",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5820",
      datePublished: "2019-06-27T16:13:43",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.589Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-20053
Vulnerability from cvelistv5
Published
2019-12-27 21:59
Modified
2024-08-05 02:32
Severity ?
Summary
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:32:10.521Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/upx/upx/issues/314",
               },
               {
                  name: "openSUSE-SU-2020:0163",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.html",
               },
               {
                  name: "openSUSE-SU-2020:0180",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00007.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-06T22:06:03",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/upx/upx/issues/314",
            },
            {
               name: "openSUSE-SU-2020:0163",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.html",
            },
            {
               name: "openSUSE-SU-2020:0180",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00007.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-20053",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/upx/upx/issues/314",
                     refsource: "MISC",
                     url: "https://github.com/upx/upx/issues/314",
                  },
                  {
                     name: "openSUSE-SU-2020:0163",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0180",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00007.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-20053",
      datePublished: "2019-12-27T21:59:11",
      dateReserved: "2019-12-27T00:00:00",
      dateUpdated: "2024-08-05T02:32:10.521Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-13713
Vulnerability from cvelistv5
Published
2019-11-25 14:22
Modified
2024-08-05 00:05
Severity ?
Summary
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 78.0.3904.70
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:05:43.710Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/993288",
               },
               {
                  name: "openSUSE-SU-2020:0010",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "78.0.3904.70",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-13T12:06:07",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/993288",
            },
            {
               name: "openSUSE-SU-2020:0010",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-13713",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "78.0.3904.70",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
                  },
                  {
                     name: "https://crbug.com/993288",
                     refsource: "MISC",
                     url: "https://crbug.com/993288",
                  },
                  {
                     name: "openSUSE-SU-2020:0010",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-13713",
      datePublished: "2019-11-25T14:22:55",
      dateReserved: "2019-07-18T00:00:00",
      dateUpdated: "2024-08-05T00:05:43.710Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5814
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.638Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/930057",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:12",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/930057",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5814",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/930057",
                     refsource: "MISC",
                     url: "https://crbug.com/930057",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5814",
      datePublished: "2019-06-27T16:13:43",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.638Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5793
Vulnerability from cvelistv5
Published
2019-05-23 19:14
Modified
2024-08-04 20:09
Severity ?
Summary
Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: prior to 73.0.3683.75
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:22.419Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/937487",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 73.0.3683.75",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-28T17:06:04",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/937487",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5793",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 73.0.3683.75",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                  },
                  {
                     name: "https://crbug.com/937487",
                     refsource: "MISC",
                     url: "https://crbug.com/937487",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5793",
      datePublished: "2019-05-23T19:14:20",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:22.419Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5789
Vulnerability from cvelistv5
Published
2019-05-23 19:12
Modified
2024-08-04 20:01
Severity ?
Summary
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: prior to 73.0.3683.75
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:01:52.387Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/921581",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 73.0.3683.75",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Integer overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-28T17:06:08",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/921581",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5789",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 73.0.3683.75",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Integer overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                  },
                  {
                     name: "https://crbug.com/921581",
                     refsource: "MISC",
                     url: "https://crbug.com/921581",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5789",
      datePublished: "2019-05-23T19:12:11",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:01:52.387Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6431
Vulnerability from cvelistv5
Published
2020-04-13 17:30
Modified
2024-08-04 09:02
Severity ?
Summary
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 81.0.4044.92
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.716Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/852645",
               },
               {
                  name: "openSUSE-SU-2020:0519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
               },
               {
                  name: "openSUSE-SU-2020:0540",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
               },
               {
                  name: "FEDORA-2020-b82a634e27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
               },
               {
                  name: "FEDORA-2020-0e7f1b663b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
               },
               {
                  name: "FEDORA-2020-da49fbb17c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "81.0.4044.92",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:16",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/852645",
            },
            {
               name: "openSUSE-SU-2020:0519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
            },
            {
               name: "openSUSE-SU-2020:0540",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
            },
            {
               name: "FEDORA-2020-b82a634e27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
            },
            {
               name: "FEDORA-2020-0e7f1b663b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
            },
            {
               name: "FEDORA-2020-da49fbb17c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6431",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "81.0.4044.92",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                  },
                  {
                     name: "https://crbug.com/852645",
                     refsource: "MISC",
                     url: "https://crbug.com/852645",
                  },
                  {
                     name: "openSUSE-SU-2020:0519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0540",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
                  },
                  {
                     name: "FEDORA-2020-b82a634e27",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
                  },
                  {
                     name: "FEDORA-2020-0e7f1b663b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
                  },
                  {
                     name: "FEDORA-2020-da49fbb17c",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6431",
      datePublished: "2020-04-13T17:30:52",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.716Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-13730
Vulnerability from cvelistv5
Published
2019-12-10 21:01
Modified
2024-08-05 00:05
Severity ?
Summary
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 79.0.3945.79
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:05:43.749Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/1028862",
               },
               {
                  name: "RHSA-2019:4238",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:4238",
               },
               {
                  name: "openSUSE-SU-2019:2692",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html",
               },
               {
                  name: "FEDORA-2019-1a10c04281",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/",
               },
               {
                  name: "openSUSE-SU-2019:2694",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html",
               },
               {
                  name: "FEDORA-2020-4355ea258e",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/",
               },
               {
                  name: "20200120 [SECURITY] [DSA 4606-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2020/Jan/27",
               },
               {
                  name: "DSA-4606",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4606",
               },
               {
                  name: "GLSA-202003-08",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202003-08",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "79.0.3945.79",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Type Confusion",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-13T04:06:10",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/1028862",
            },
            {
               name: "RHSA-2019:4238",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:4238",
            },
            {
               name: "openSUSE-SU-2019:2692",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html",
            },
            {
               name: "FEDORA-2019-1a10c04281",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/",
            },
            {
               name: "openSUSE-SU-2019:2694",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html",
            },
            {
               name: "FEDORA-2020-4355ea258e",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/",
            },
            {
               name: "20200120 [SECURITY] [DSA 4606-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2020/Jan/27",
            },
            {
               name: "DSA-4606",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4606",
            },
            {
               name: "GLSA-202003-08",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202003-08",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2019-13730",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "79.0.3945.79",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Type Confusion",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "https://crbug.com/1028862",
                     refsource: "MISC",
                     url: "https://crbug.com/1028862",
                  },
                  {
                     name: "RHSA-2019:4238",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:4238",
                  },
                  {
                     name: "openSUSE-SU-2019:2692",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html",
                  },
                  {
                     name: "FEDORA-2019-1a10c04281",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/",
                  },
                  {
                     name: "openSUSE-SU-2019:2694",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html",
                  },
                  {
                     name: "FEDORA-2020-4355ea258e",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/",
                  },
                  {
                     name: "20200120 [SECURITY] [DSA 4606-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2020/Jan/27",
                  },
                  {
                     name: "DSA-4606",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4606",
                  },
                  {
                     name: "GLSA-202003-08",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202003-08",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-13730",
      datePublished: "2019-12-10T21:01:44",
      dateReserved: "2019-07-18T00:00:00",
      dateUpdated: "2024-08-05T00:05:43.749Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5832
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 75.0.3770.80
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.618Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/959390",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
               {
                  name: "FEDORA-2019-e5ff5d0ffd",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "75.0.3770.80",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-10-14T18:06:16",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/959390",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
            {
               name: "FEDORA-2019-e5ff5d0ffd",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5832",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "75.0.3770.80",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "https://crbug.com/959390",
                     refsource: "MISC",
                     url: "https://crbug.com/959390",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
                  {
                     name: "FEDORA-2019-e5ff5d0ffd",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5832",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.618Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5816
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.362Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/940245",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Inappropriate implementation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:12",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/940245",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5816",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Inappropriate implementation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/940245",
                     refsource: "MISC",
                     url: "https://crbug.com/940245",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5816",
      datePublished: "2019-06-27T16:13:43",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.362Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5807
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:22.993Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/945644",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Object lifecycle issue",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:13",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/945644",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5807",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Object lifecycle issue",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/945644",
                     refsource: "MISC",
                     url: "https://crbug.com/945644",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5807",
      datePublished: "2019-06-27T16:13:43",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:22.993Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6439
Vulnerability from cvelistv5
Published
2020-04-13 17:30
Modified
2024-08-04 09:02
Severity ?
Summary
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 81.0.4044.92
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.420Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/868145",
               },
               {
                  name: "openSUSE-SU-2020:0519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
               },
               {
                  name: "openSUSE-SU-2020:0540",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
               },
               {
                  name: "FEDORA-2020-b82a634e27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
               },
               {
                  name: "FEDORA-2020-0e7f1b663b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
               },
               {
                  name: "FEDORA-2020-da49fbb17c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "81.0.4044.92",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:50",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/868145",
            },
            {
               name: "openSUSE-SU-2020:0519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
            },
            {
               name: "openSUSE-SU-2020:0540",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
            },
            {
               name: "FEDORA-2020-b82a634e27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
            },
            {
               name: "FEDORA-2020-0e7f1b663b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
            },
            {
               name: "FEDORA-2020-da49fbb17c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6439",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "81.0.4044.92",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                  },
                  {
                     name: "https://crbug.com/868145",
                     refsource: "MISC",
                     url: "https://crbug.com/868145",
                  },
                  {
                     name: "openSUSE-SU-2020:0519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0540",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
                  },
                  {
                     name: "FEDORA-2020-b82a634e27",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
                  },
                  {
                     name: "FEDORA-2020-0e7f1b663b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
                  },
                  {
                     name: "FEDORA-2020-da49fbb17c",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6439",
      datePublished: "2020-04-13T17:30:56",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.420Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5460
Vulnerability from cvelistv5
Published
2019-07-30 20:38
Modified
2024-08-04 19:54
Severity ?
Summary
Double Free in VLC versions <= 3.0.6 leads to a crash.
Impacted products
Vendor Product Version
n/a VLC Media Player Version: Fixed in 3.0.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T19:54:53.471Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://hackerone.com/reports/503208",
               },
               {
                  name: "openSUSE-SU-2019:1840",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html",
               },
               {
                  name: "openSUSE-SU-2019:1909",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html",
               },
               {
                  name: "openSUSE-SU-2019:1897",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html",
               },
               {
                  name: "openSUSE-SU-2019:2015",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "VLC Media Player",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in 3.0.7",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Double Free in VLC versions <= 3.0.6 leads to a crash.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-415",
                     description: "Double Free (CWE-415)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-26T20:06:12",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://hackerone.com/reports/503208",
            },
            {
               name: "openSUSE-SU-2019:1840",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html",
            },
            {
               name: "openSUSE-SU-2019:1909",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html",
            },
            {
               name: "openSUSE-SU-2019:1897",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html",
            },
            {
               name: "openSUSE-SU-2019:2015",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2019-5460",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "VLC Media Player",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Fixed in 3.0.7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Double Free in VLC versions <= 3.0.6 leads to a crash.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Double Free (CWE-415)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://hackerone.com/reports/503208",
                     refsource: "MISC",
                     url: "https://hackerone.com/reports/503208",
                  },
                  {
                     name: "openSUSE-SU-2019:1840",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1909",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1897",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html",
                  },
                  {
                     name: "openSUSE-SU-2019:2015",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2019-5460",
      datePublished: "2019-07-30T20:38:22",
      dateReserved: "2019-01-04T00:00:00",
      dateUpdated: "2024-08-04T19:54:53.471Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-19953
Vulnerability from cvelistv5
Published
2019-12-24 00:06
Modified
2024-08-05 02:32
Severity ?
Summary
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:32:10.039Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://sourceforge.net/p/graphicsmagick/bugs/617/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf",
               },
               {
                  name: "openSUSE-SU-2020:0055",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html",
               },
               {
                  name: "openSUSE-SU-2020:0145",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html",
               },
               {
                  name: "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html",
               },
               {
                  name: "DSA-4640",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4640",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-16T09:06:10",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://sourceforge.net/p/graphicsmagick/bugs/617/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf",
            },
            {
               name: "openSUSE-SU-2020:0055",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html",
            },
            {
               name: "openSUSE-SU-2020:0145",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html",
            },
            {
               name: "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html",
            },
            {
               name: "DSA-4640",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4640",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-19953",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://sourceforge.net/p/graphicsmagick/bugs/617/",
                     refsource: "MISC",
                     url: "https://sourceforge.net/p/graphicsmagick/bugs/617/",
                  },
                  {
                     name: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf",
                     refsource: "MISC",
                     url: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf",
                  },
                  {
                     name: "openSUSE-SU-2020:0055",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0145",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html",
                  },
                  {
                     name: "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html",
                  },
                  {
                     name: "DSA-4640",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4640",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-19953",
      datePublished: "2019-12-24T00:06:51",
      dateReserved: "2019-12-24T00:00:00",
      dateUpdated: "2024-08-05T02:32:10.039Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-45082
Vulnerability from cvelistv5
Published
2022-02-18 23:23
Modified
2024-08-04 04:32
Severity ?
Summary
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T04:32:13.626Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/cobbler/cobbler/releases",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.suse.com/show_bug.cgi?id=1193678",
               },
               {
                  name: "FEDORA-2022-0c6402a6a3",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/",
               },
               {
                  name: "FEDORA-2022-0649006be6",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/",
               },
               {
                  name: "FEDORA-2022-f1510aa454",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the \"#from MODULE import\" substring. (Only lines beginning with #import are blocked.)",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-03-26T17:06:38",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/cobbler/cobbler/releases",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.suse.com/show_bug.cgi?id=1193678",
            },
            {
               name: "FEDORA-2022-0c6402a6a3",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/",
            },
            {
               name: "FEDORA-2022-0649006be6",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/",
            },
            {
               name: "FEDORA-2022-f1510aa454",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-45082",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the \"#from MODULE import\" substring. (Only lines beginning with #import are blocked.)",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/cobbler/cobbler/releases",
                     refsource: "MISC",
                     url: "https://github.com/cobbler/cobbler/releases",
                  },
                  {
                     name: "https://bugzilla.suse.com/show_bug.cgi?id=1193678",
                     refsource: "MISC",
                     url: "https://bugzilla.suse.com/show_bug.cgi?id=1193678",
                  },
                  {
                     name: "FEDORA-2022-0c6402a6a3",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/",
                  },
                  {
                     name: "FEDORA-2022-0649006be6",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/",
                  },
                  {
                     name: "FEDORA-2022-f1510aa454",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-45082",
      datePublished: "2022-02-18T23:23:30",
      dateReserved: "2021-12-16T00:00:00",
      dateUpdated: "2024-08-04T04:32:13.626Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5163
Vulnerability from cvelistv5
Published
2019-12-03 21:55
Modified
2024-08-04 19:47
Summary
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.
Impacted products
Vendor Product Version
n/a Shadowsocks Version: Shadowsocks-libev 3.3.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T19:47:56.616Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "openSUSE-SU-2019:2667",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html",
               },
               {
                  name: "openSUSE-SU-2020:0142",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00061.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Shadowsocks",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Shadowsocks-libev 3.3.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-306",
                     description: "CWE-306: Missing Authentication for Critical Function",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-04-19T17:35:02",
            orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            shortName: "talos",
         },
         references: [
            {
               name: "openSUSE-SU-2019:2667",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html",
            },
            {
               name: "openSUSE-SU-2020:0142",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00061.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "talos-cna@cisco.com",
               ID: "CVE-2019-5163",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Shadowsocks",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Shadowsocks-libev 3.3.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: 5.9,
                  baseSeverity: "Medium",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-306: Missing Authentication for Critical Function",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "openSUSE-SU-2019:2667",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0142",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00061.html",
                  },
                  {
                     name: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956",
                     refsource: "MISC",
                     url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
      assignerShortName: "talos",
      cveId: "CVE-2019-5163",
      datePublished: "2019-12-03T21:55:47",
      dateReserved: "2019-01-04T00:00:00",
      dateUpdated: "2024-08-04T19:47:56.616Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5828
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 75.0.3770.80
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.235Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/956597",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "75.0.3770.80",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Use after free",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:11",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/956597",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5828",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "75.0.3770.80",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Use after free",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://crbug.com/956597",
                     refsource: "MISC",
                     url: "https://crbug.com/956597",
                  },
                  {
                     name: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5828",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.235Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-46141
Vulnerability from cvelistv5
Published
2022-01-06 03:48
Modified
2024-08-04 05:02
Severity ?
Summary
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T05:02:10.366Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/uriparser/uriparser/issues/121",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/uriparser/uriparser/pull/124",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/",
               },
               {
                  name: "FEDORA-2022-00a529a8bf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/",
               },
               {
                  name: "FEDORA-2022-cfd0048127",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/",
               },
               {
                  name: "[debian-lts-announce] 20220126 [SECURITY] [DLA 2883-2] uriparser security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00029.html",
               },
               {
                  name: "DSA-5063",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5063",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-01-27T02:06:13",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/uriparser/uriparser/issues/121",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/uriparser/uriparser/pull/124",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/",
            },
            {
               name: "FEDORA-2022-00a529a8bf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/",
            },
            {
               name: "FEDORA-2022-cfd0048127",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/",
            },
            {
               name: "[debian-lts-announce] 20220126 [SECURITY] [DLA 2883-2] uriparser security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00029.html",
            },
            {
               name: "DSA-5063",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5063",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-46141",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/uriparser/uriparser/issues/121",
                     refsource: "MISC",
                     url: "https://github.com/uriparser/uriparser/issues/121",
                  },
                  {
                     name: "https://github.com/uriparser/uriparser/pull/124",
                     refsource: "MISC",
                     url: "https://github.com/uriparser/uriparser/pull/124",
                  },
                  {
                     name: "https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/",
                     refsource: "CONFIRM",
                     url: "https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/",
                  },
                  {
                     name: "FEDORA-2022-00a529a8bf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/",
                  },
                  {
                     name: "FEDORA-2022-cfd0048127",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/",
                  },
                  {
                     name: "[debian-lts-announce] 20220126 [SECURITY] [DLA 2883-2] uriparser security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00029.html",
                  },
                  {
                     name: "DSA-5063",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5063",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-46141",
      datePublished: "2022-01-06T03:48:45",
      dateReserved: "2022-01-06T00:00:00",
      dateUpdated: "2024-08-04T05:02:10.366Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-13711
Vulnerability from cvelistv5
Published
2019-11-25 14:22
Modified
2024-08-05 00:05
Severity ?
Summary
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 78.0.3904.70
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:05:43.919Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/986063",
               },
               {
                  name: "openSUSE-SU-2020:0010",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "78.0.3904.70",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-13T12:06:19",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/986063",
            },
            {
               name: "openSUSE-SU-2020:0010",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-13711",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "78.0.3904.70",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
                  },
                  {
                     name: "https://crbug.com/986063",
                     refsource: "MISC",
                     url: "https://crbug.com/986063",
                  },
                  {
                     name: "openSUSE-SU-2020:0010",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-13711",
      datePublished: "2019-11-25T14:22:55",
      dateReserved: "2019-07-18T00:00:00",
      dateUpdated: "2024-08-05T00:05:43.919Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6440
Vulnerability from cvelistv5
Published
2020-04-13 17:30
Modified
2024-08-04 09:02
Severity ?
Summary
Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 81.0.4044.92
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.463Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/894477",
               },
               {
                  name: "openSUSE-SU-2020:0519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
               },
               {
                  name: "openSUSE-SU-2020:0540",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
               },
               {
                  name: "FEDORA-2020-b82a634e27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
               },
               {
                  name: "FEDORA-2020-0e7f1b663b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
               },
               {
                  name: "FEDORA-2020-da49fbb17c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "81.0.4044.92",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Inappropriate implementation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:53",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/894477",
            },
            {
               name: "openSUSE-SU-2020:0519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
            },
            {
               name: "openSUSE-SU-2020:0540",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
            },
            {
               name: "FEDORA-2020-b82a634e27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
            },
            {
               name: "FEDORA-2020-0e7f1b663b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
            },
            {
               name: "FEDORA-2020-da49fbb17c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6440",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "81.0.4044.92",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Inappropriate implementation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                  },
                  {
                     name: "https://crbug.com/894477",
                     refsource: "MISC",
                     url: "https://crbug.com/894477",
                  },
                  {
                     name: "openSUSE-SU-2020:0519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0540",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
                  },
                  {
                     name: "FEDORA-2020-b82a634e27",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
                  },
                  {
                     name: "FEDORA-2020-0e7f1b663b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
                  },
                  {
                     name: "FEDORA-2020-da49fbb17c",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6440",
      datePublished: "2020-04-13T17:30:56",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.463Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5798
Vulnerability from cvelistv5
Published
2019-05-23 19:17
Modified
2024-08-04 20:09
Severity ?
Summary
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: prior to 73.0.3683.75
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:22.434Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/883596",
               },
               {
                  name: "DSA-4451",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4451",
               },
               {
                  name: "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/May/67",
               },
               {
                  name: "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html",
               },
               {
                  name: "USN-3997-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3997-1/",
               },
               {
                  name: "openSUSE-SU-2019:1484",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html",
               },
               {
                  name: "RHSA-2019:1310",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:1310",
               },
               {
                  name: "RHSA-2019:1308",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:1308",
               },
               {
                  name: "RHSA-2019:1309",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:1309",
               },
               {
                  name: "openSUSE-SU-2019:1534",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html",
               },
               {
                  name: "openSUSE-SU-2019:1664",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 73.0.3683.75",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Out of bounds read",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-28T17:06:06",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/883596",
            },
            {
               name: "DSA-4451",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4451",
            },
            {
               name: "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/May/67",
            },
            {
               name: "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html",
            },
            {
               name: "USN-3997-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/3997-1/",
            },
            {
               name: "openSUSE-SU-2019:1484",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html",
            },
            {
               name: "RHSA-2019:1310",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:1310",
            },
            {
               name: "RHSA-2019:1308",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:1308",
            },
            {
               name: "RHSA-2019:1309",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:1309",
            },
            {
               name: "openSUSE-SU-2019:1534",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html",
            },
            {
               name: "openSUSE-SU-2019:1664",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5798",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 73.0.3683.75",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Out of bounds read",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                  },
                  {
                     name: "https://crbug.com/883596",
                     refsource: "MISC",
                     url: "https://crbug.com/883596",
                  },
                  {
                     name: "DSA-4451",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4451",
                  },
                  {
                     name: "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/May/67",
                  },
                  {
                     name: "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html",
                  },
                  {
                     name: "USN-3997-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/3997-1/",
                  },
                  {
                     name: "openSUSE-SU-2019:1484",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html",
                  },
                  {
                     name: "RHSA-2019:1310",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:1310",
                  },
                  {
                     name: "RHSA-2019:1308",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:1308",
                  },
                  {
                     name: "RHSA-2019:1309",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:1309",
                  },
                  {
                     name: "openSUSE-SU-2019:1534",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1664",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5798",
      datePublished: "2019-05-23T19:17:29",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:22.434Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-13705
Vulnerability from cvelistv5
Published
2019-11-25 14:22
Modified
2024-08-05 00:05
Severity ?
Summary
Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 78.0.3904.70
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:05:42.212Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/989078",
               },
               {
                  name: "openSUSE-SU-2020:0010",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "78.0.3904.70",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-13T12:06:22",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/989078",
            },
            {
               name: "openSUSE-SU-2020:0010",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-13705",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "78.0.3904.70",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
                  },
                  {
                     name: "https://crbug.com/989078",
                     refsource: "MISC",
                     url: "https://crbug.com/989078",
                  },
                  {
                     name: "openSUSE-SU-2020:0010",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-13705",
      datePublished: "2019-11-25T14:22:55",
      dateReserved: "2019-07-18T00:00:00",
      dateUpdated: "2024-08-05T00:05:42.212Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6425
Vulnerability from cvelistv5
Published
2020-03-23 12:35
Modified
2024-08-04 09:02
Severity ?
Summary
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 80.0.3987.149
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.618Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/1031670",
               },
               {
                  name: "DSA-4645",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4645",
               },
               {
                  name: "FEDORA-2020-7fd051b378",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/",
               },
               {
                  name: "GLSA-202003-53",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202003-53",
               },
               {
                  name: "FEDORA-2020-17149a4f3d",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/",
               },
               {
                  name: "openSUSE-SU-2020:0389",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html",
               },
               {
                  name: "FEDORA-2020-39e0b8bd14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "80.0.3987.149",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-27T12:06:37",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/1031670",
            },
            {
               name: "DSA-4645",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4645",
            },
            {
               name: "FEDORA-2020-7fd051b378",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/",
            },
            {
               name: "GLSA-202003-53",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202003-53",
            },
            {
               name: "FEDORA-2020-17149a4f3d",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/",
            },
            {
               name: "openSUSE-SU-2020:0389",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html",
            },
            {
               name: "FEDORA-2020-39e0b8bd14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6425",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "80.0.3987.149",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
                  },
                  {
                     name: "https://crbug.com/1031670",
                     refsource: "MISC",
                     url: "https://crbug.com/1031670",
                  },
                  {
                     name: "DSA-4645",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4645",
                  },
                  {
                     name: "FEDORA-2020-7fd051b378",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/",
                  },
                  {
                     name: "GLSA-202003-53",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202003-53",
                  },
                  {
                     name: "FEDORA-2020-17149a4f3d",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/",
                  },
                  {
                     name: "openSUSE-SU-2020:0389",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html",
                  },
                  {
                     name: "FEDORA-2020-39e0b8bd14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6425",
      datePublished: "2020-03-23T12:35:36",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.618Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-10592
Vulnerability from cvelistv5
Published
2020-03-23 12:16
Modified
2024-08-04 11:06
Severity ?
Summary
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:06:10.160Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://trac.torproject.org/projects/tor/ticket/33120",
               },
               {
                  name: "GLSA-202003-50",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202003-50",
               },
               {
                  name: "openSUSE-SU-2020:0406",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00045.html",
               },
               {
                  name: "openSUSE-SU-2020:0428",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00052.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-31T17:05:59",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://trac.torproject.org/projects/tor/ticket/33120",
            },
            {
               name: "GLSA-202003-50",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202003-50",
            },
            {
               name: "openSUSE-SU-2020:0406",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00045.html",
            },
            {
               name: "openSUSE-SU-2020:0428",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00052.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-10592",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://trac.torproject.org/projects/tor/ticket/33120",
                     refsource: "MISC",
                     url: "https://trac.torproject.org/projects/tor/ticket/33120",
                  },
                  {
                     name: "GLSA-202003-50",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202003-50",
                  },
                  {
                     name: "openSUSE-SU-2020:0406",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00045.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0428",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00052.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-10592",
      datePublished: "2020-03-23T12:16:48",
      dateReserved: "2020-03-15T00:00:00",
      dateUpdated: "2024-08-04T11:06:10.160Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5822
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.664Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/926105",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Inappropriate implementation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:13",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/926105",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5822",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Inappropriate implementation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/926105",
                     refsource: "MISC",
                     url: "https://crbug.com/926105",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5822",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.664Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6446
Vulnerability from cvelistv5
Published
2020-04-13 17:30
Modified
2024-08-04 09:02
Severity ?
Summary
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 81.0.4044.92
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.545Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/933172",
               },
               {
                  name: "openSUSE-SU-2020:0519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
               },
               {
                  name: "openSUSE-SU-2020:0540",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
               },
               {
                  name: "FEDORA-2020-b82a634e27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
               },
               {
                  name: "FEDORA-2020-0e7f1b663b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
               },
               {
                  name: "FEDORA-2020-da49fbb17c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "81.0.4044.92",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:25",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/933172",
            },
            {
               name: "openSUSE-SU-2020:0519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
            },
            {
               name: "openSUSE-SU-2020:0540",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
            },
            {
               name: "FEDORA-2020-b82a634e27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
            },
            {
               name: "FEDORA-2020-0e7f1b663b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
            },
            {
               name: "FEDORA-2020-da49fbb17c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6446",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "81.0.4044.92",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                  },
                  {
                     name: "https://crbug.com/933172",
                     refsource: "MISC",
                     url: "https://crbug.com/933172",
                  },
                  {
                     name: "openSUSE-SU-2020:0519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0540",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
                  },
                  {
                     name: "FEDORA-2020-b82a634e27",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
                  },
                  {
                     name: "FEDORA-2020-0e7f1b663b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
                  },
                  {
                     name: "FEDORA-2020-da49fbb17c",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6446",
      datePublished: "2020-04-13T17:30:59",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.545Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-11328
Vulnerability from cvelistv5
Published
2019-05-14 20:24
Modified
2024-08-04 22:48
Severity ?
Summary
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T22:48:09.093Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/sylabs/singularity/releases/tag/v3.2.0",
               },
               {
                  name: "[oss-security] 20190516 Singularity 3.1.0: CVE-2019-11328: namespace privilege escalation and arbitrary file corruption",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/05/16/1",
               },
               {
                  name: "108360",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/108360",
               },
               {
                  name: "FEDORA-2019-da2ed3b0b5",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNU5BUHFOTYUZVHFUSX2VG4S3RCPUEMA/",
               },
               {
                  name: "FEDORA-2019-9f48c6fedc",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3TPL5OOTIZEI4H6IQBCCISBARJ6WL3/",
               },
               {
                  name: "FEDORA-2019-25ecc42592",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIHV7DSEVTB5SUPEZ2UXGS3Q6WMEQSO2/",
               },
               {
                  name: "openSUSE-SU-2019:2288",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00028.html",
               },
               {
                  name: "openSUSE-SU-2020:1037",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-05-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-23T11:06:17",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/sylabs/singularity/releases/tag/v3.2.0",
            },
            {
               name: "[oss-security] 20190516 Singularity 3.1.0: CVE-2019-11328: namespace privilege escalation and arbitrary file corruption",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/05/16/1",
            },
            {
               name: "108360",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/108360",
            },
            {
               name: "FEDORA-2019-da2ed3b0b5",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNU5BUHFOTYUZVHFUSX2VG4S3RCPUEMA/",
            },
            {
               name: "FEDORA-2019-9f48c6fedc",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3TPL5OOTIZEI4H6IQBCCISBARJ6WL3/",
            },
            {
               name: "FEDORA-2019-25ecc42592",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIHV7DSEVTB5SUPEZ2UXGS3Q6WMEQSO2/",
            },
            {
               name: "openSUSE-SU-2019:2288",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00028.html",
            },
            {
               name: "openSUSE-SU-2020:1037",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-11328",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sylabs/singularity/releases/tag/v3.2.0",
                     refsource: "CONFIRM",
                     url: "https://github.com/sylabs/singularity/releases/tag/v3.2.0",
                  },
                  {
                     name: "[oss-security] 20190516 Singularity 3.1.0: CVE-2019-11328: namespace privilege escalation and arbitrary file corruption",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2019/05/16/1",
                  },
                  {
                     name: "108360",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/108360",
                  },
                  {
                     name: "FEDORA-2019-da2ed3b0b5",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNU5BUHFOTYUZVHFUSX2VG4S3RCPUEMA/",
                  },
                  {
                     name: "FEDORA-2019-9f48c6fedc",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5O3TPL5OOTIZEI4H6IQBCCISBARJ6WL3/",
                  },
                  {
                     name: "FEDORA-2019-25ecc42592",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LIHV7DSEVTB5SUPEZ2UXGS3Q6WMEQSO2/",
                  },
                  {
                     name: "openSUSE-SU-2019:2288",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00028.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1037",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-11328",
      datePublished: "2019-05-14T20:24:29",
      dateReserved: "2019-04-18T00:00:00",
      dateUpdated: "2024-08-04T22:48:09.093Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5788
Vulnerability from cvelistv5
Published
2019-05-23 19:11
Modified
2024-08-04 20:01
Severity ?
Summary
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: prior to 73.0.3683.75
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:01:52.261Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/925864",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 73.0.3683.75",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Integer overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-28T17:06:06",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/925864",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5788",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 73.0.3683.75",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Integer overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                  },
                  {
                     name: "https://crbug.com/925864",
                     refsource: "MISC",
                     url: "https://crbug.com/925864",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5788",
      datePublished: "2019-05-23T19:11:39",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:01:52.261Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-16709
Vulnerability from cvelistv5
Published
2019-09-23 11:46
Modified
2024-08-05 01:17
Severity ?
Summary
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T01:17:41.179Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/ImageMagick/ImageMagick/issues/1531",
               },
               {
                  name: "openSUSE-SU-2019:2317",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00045.html",
               },
               {
                  name: "openSUSE-SU-2019:2321",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00046.html",
               },
               {
                  name: "USN-4192-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4192-1/",
               },
               {
                  name: "openSUSE-SU-2019:2515",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html",
               },
               {
                  name: "openSUSE-SU-2019:2519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-17T18:07:05",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/ImageMagick/ImageMagick/issues/1531",
            },
            {
               name: "openSUSE-SU-2019:2317",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00045.html",
            },
            {
               name: "openSUSE-SU-2019:2321",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00046.html",
            },
            {
               name: "USN-4192-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4192-1/",
            },
            {
               name: "openSUSE-SU-2019:2515",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html",
            },
            {
               name: "openSUSE-SU-2019:2519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-16709",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/ImageMagick/ImageMagick/issues/1531",
                     refsource: "MISC",
                     url: "https://github.com/ImageMagick/ImageMagick/issues/1531",
                  },
                  {
                     name: "openSUSE-SU-2019:2317",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00045.html",
                  },
                  {
                     name: "openSUSE-SU-2019:2321",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00046.html",
                  },
                  {
                     name: "USN-4192-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4192-1/",
                  },
                  {
                     name: "openSUSE-SU-2019:2515",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html",
                  },
                  {
                     name: "openSUSE-SU-2019:2519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-16709",
      datePublished: "2019-09-23T11:46:10",
      dateReserved: "2019-09-23T00:00:00",
      dateUpdated: "2024-08-05T01:17:41.179Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5808
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:22.978Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/947029",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Use after free",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:12",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/947029",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5808",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Use after free",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/947029",
                     refsource: "MISC",
                     url: "https://crbug.com/947029",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5808",
      datePublished: "2019-06-27T16:13:43",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:22.978Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-15624
Vulnerability from cvelistv5
Published
2020-02-04 19:08
Modified
2024-08-05 00:56
Severity ?
Summary
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
Impacted products
Vendor Product Version
n/a Nextcloud Server Version: 15.0.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:56:20.901Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://hackerone.com/reports/508493",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015",
               },
               {
                  name: "openSUSE-SU-2020:0220",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html",
               },
               {
                  name: "openSUSE-SU-2020:0229",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Nextcloud Server",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "15.0.7",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Privilege Escalation (CAPEC-233)",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-17T18:06:04",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://hackerone.com/reports/508493",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015",
            },
            {
               name: "openSUSE-SU-2020:0220",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html",
            },
            {
               name: "openSUSE-SU-2020:0229",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2019-15624",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Nextcloud Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "15.0.7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Privilege Escalation (CAPEC-233)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://hackerone.com/reports/508493",
                     refsource: "MISC",
                     url: "https://hackerone.com/reports/508493",
                  },
                  {
                     name: "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015",
                     refsource: "MISC",
                     url: "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015",
                  },
                  {
                     name: "openSUSE-SU-2020:0220",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0229",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2019-15624",
      datePublished: "2020-02-04T19:08:57",
      dateReserved: "2019-08-26T00:00:00",
      dateUpdated: "2024-08-05T00:56:20.901Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5795
Vulnerability from cvelistv5
Published
2019-05-23 19:15
Modified
2024-08-04 20:09
Severity ?
Summary
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.
Impacted products
Vendor Product Version
Google Chrome Version: prior to 73.0.3683.75
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:22.451Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/919643",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 73.0.3683.75",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Integer overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-28T17:06:04",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/919643",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5795",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 73.0.3683.75",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Integer overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                  },
                  {
                     name: "https://crbug.com/919643",
                     refsource: "MISC",
                     url: "https://crbug.com/919643",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5795",
      datePublished: "2019-05-23T19:15:18",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:22.451Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6437
Vulnerability from cvelistv5
Published
2020-04-13 17:30
Modified
2024-08-04 09:02
Severity ?
Summary
Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 81.0.4044.92
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.479Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/639173",
               },
               {
                  name: "openSUSE-SU-2020:0519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
               },
               {
                  name: "openSUSE-SU-2020:0540",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
               },
               {
                  name: "FEDORA-2020-b82a634e27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
               },
               {
                  name: "FEDORA-2020-0e7f1b663b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
               },
               {
                  name: "FEDORA-2020-da49fbb17c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "81.0.4044.92",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Inappropriate implementation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:27",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/639173",
            },
            {
               name: "openSUSE-SU-2020:0519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
            },
            {
               name: "openSUSE-SU-2020:0540",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
            },
            {
               name: "FEDORA-2020-b82a634e27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
            },
            {
               name: "FEDORA-2020-0e7f1b663b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
            },
            {
               name: "FEDORA-2020-da49fbb17c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6437",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "81.0.4044.92",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Inappropriate implementation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                  },
                  {
                     name: "https://crbug.com/639173",
                     refsource: "MISC",
                     url: "https://crbug.com/639173",
                  },
                  {
                     name: "openSUSE-SU-2020:0519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0540",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
                  },
                  {
                     name: "FEDORA-2020-b82a634e27",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
                  },
                  {
                     name: "FEDORA-2020-0e7f1b663b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
                  },
                  {
                     name: "FEDORA-2020-da49fbb17c",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6437",
      datePublished: "2020-04-13T17:30:55",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.479Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6442
Vulnerability from cvelistv5
Published
2020-04-13 17:30
Modified
2024-08-04 09:02
Severity ?
Summary
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 81.0.4044.92
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.455Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/1013906",
               },
               {
                  name: "openSUSE-SU-2020:0519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
               },
               {
                  name: "openSUSE-SU-2020:0540",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
               },
               {
                  name: "FEDORA-2020-b82a634e27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
               },
               {
                  name: "FEDORA-2020-0e7f1b663b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
               },
               {
                  name: "FEDORA-2020-da49fbb17c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "81.0.4044.92",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Inappropriate implementation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:12",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/1013906",
            },
            {
               name: "openSUSE-SU-2020:0519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
            },
            {
               name: "openSUSE-SU-2020:0540",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
            },
            {
               name: "FEDORA-2020-b82a634e27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
            },
            {
               name: "FEDORA-2020-0e7f1b663b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
            },
            {
               name: "FEDORA-2020-da49fbb17c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6442",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "81.0.4044.92",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Inappropriate implementation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                  },
                  {
                     name: "https://crbug.com/1013906",
                     refsource: "MISC",
                     url: "https://crbug.com/1013906",
                  },
                  {
                     name: "openSUSE-SU-2020:0519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0540",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
                  },
                  {
                     name: "FEDORA-2020-b82a634e27",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
                  },
                  {
                     name: "FEDORA-2020-0e7f1b663b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
                  },
                  {
                     name: "FEDORA-2020-da49fbb17c",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6442",
      datePublished: "2020-04-13T17:30:57",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.455Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5837
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 75.0.3770.80
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.212Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/918293",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
               {
                  name: "FEDORA-2019-e5ff5d0ffd",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "75.0.3770.80",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Side-channel information leakage",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-10-14T18:06:13",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/918293",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
            {
               name: "FEDORA-2019-e5ff5d0ffd",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5837",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "75.0.3770.80",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Side-channel information leakage",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
                  },
                  {
                     name: "https://crbug.com/918293",
                     refsource: "MISC",
                     url: "https://crbug.com/918293",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
                  {
                     name: "FEDORA-2019-e5ff5d0ffd",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5837",
      datePublished: "2019-06-27T16:13:44",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.212Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5806
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:22.991Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/943087",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Integer overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:11",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/943087",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5806",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Integer overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/943087",
                     refsource: "MISC",
                     url: "https://crbug.com/943087",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5806",
      datePublished: "2019-06-27T16:13:43",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:22.991Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6610
Vulnerability from cvelistv5
Published
2020-01-08 20:43
Modified
2024-08-04 09:11
Severity ?
Summary
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:11:04.662Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447120",
               },
               {
                  name: "openSUSE-SU-2020:0096",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html",
               },
               {
                  name: "openSUSE-SU-2020:0115",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-28T15:06:09",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447120",
            },
            {
               name: "openSUSE-SU-2020:0096",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html",
            },
            {
               name: "openSUSE-SU-2020:0115",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-6610",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447120",
                     refsource: "MISC",
                     url: "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447120",
                  },
                  {
                     name: "openSUSE-SU-2020:0096",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0115",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-6610",
      datePublished: "2020-01-08T20:43:51",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:11:04.662Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-5202
Vulnerability from cvelistv5
Published
2020-01-21 17:54
Modified
2024-08-04 08:22
Severity ?
Summary
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T08:22:08.913Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/CVE-2020-5202",
               },
               {
                  name: "[oss-security] 20200120 CVE-2020-5202: apt-cacher-ng: a local unprivileged user can impersonate the apt-cacher-ng daemon, possible credentials leak",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2020/01/20/4",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2020/01/20/4",
               },
               {
                  name: "[oss-security] 20200120 CVE-2020-5202: apt-cacher-ng: a local unprivileged user can impersonate the apt-cacher-ng daemon, possible credentials leak",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/oss-sec/2020/q1/21",
               },
               {
                  name: "openSUSE-SU-2020:0124",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html",
               },
               {
                  name: "openSUSE-SU-2020:0146",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-29T22:06:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://security-tracker.debian.org/tracker/CVE-2020-5202",
            },
            {
               name: "[oss-security] 20200120 CVE-2020-5202: apt-cacher-ng: a local unprivileged user can impersonate the apt-cacher-ng daemon, possible credentials leak",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2020/01/20/4",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2020/01/20/4",
            },
            {
               name: "[oss-security] 20200120 CVE-2020-5202: apt-cacher-ng: a local unprivileged user can impersonate the apt-cacher-ng daemon, possible credentials leak",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://seclists.org/oss-sec/2020/q1/21",
            },
            {
               name: "openSUSE-SU-2020:0124",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html",
            },
            {
               name: "openSUSE-SU-2020:0146",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-5202",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://security-tracker.debian.org/tracker/CVE-2020-5202",
                     refsource: "MISC",
                     url: "https://security-tracker.debian.org/tracker/CVE-2020-5202",
                  },
                  {
                     name: "[oss-security] 20200120 CVE-2020-5202: apt-cacher-ng: a local unprivileged user can impersonate the apt-cacher-ng daemon, possible credentials leak",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2020/01/20/4",
                  },
                  {
                     name: "http://www.openwall.com/lists/oss-security/2020/01/20/4",
                     refsource: "MISC",
                     url: "http://www.openwall.com/lists/oss-security/2020/01/20/4",
                  },
                  {
                     name: "[oss-security] 20200120 CVE-2020-5202: apt-cacher-ng: a local unprivileged user can impersonate the apt-cacher-ng daemon, possible credentials leak",
                     refsource: "MLIST",
                     url: "https://seclists.org/oss-sec/2020/q1/21",
                  },
                  {
                     name: "openSUSE-SU-2020:0124",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0146",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-5202",
      datePublished: "2020-01-21T17:54:04",
      dateReserved: "2020-01-02T00:00:00",
      dateUpdated: "2024-08-04T08:22:08.913Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5799
Vulnerability from cvelistv5
Published
2019-05-23 19:18
Modified
2024-08-04 20:09
Severity ?
Summary
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: prior to 73.0.3683.75
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:22.977Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/905301",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 73.0.3683.75",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-28T17:06:08",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/905301",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5799",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 73.0.3683.75",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                  },
                  {
                     name: "https://crbug.com/905301",
                     refsource: "MISC",
                     url: "https://crbug.com/905301",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5799",
      datePublished: "2019-05-23T19:18:02",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:22.977Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5813
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.313Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/942699",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Use after free",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:12",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/942699",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5813",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Use after free",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/942699",
                     refsource: "MISC",
                     url: "https://crbug.com/942699",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5813",
      datePublished: "2019-06-27T16:13:43",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.313Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5459
Vulnerability from cvelistv5
Published
2019-07-30 20:24
Modified
2024-08-04 19:54
Severity ?
Summary
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
Impacted products
Vendor Product Version
n/a VLC Version: Fixed in 3.0.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T19:54:53.560Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://hackerone.com/reports/502816",
               },
               {
                  name: "openSUSE-SU-2019:1840",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html",
               },
               {
                  name: "openSUSE-SU-2019:1909",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html",
               },
               {
                  name: "openSUSE-SU-2019:1897",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html",
               },
               {
                  name: "openSUSE-SU-2019:2015",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "VLC",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in 3.0.7",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-191",
                     description: "Integer Underflow (CWE-191)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-26T20:06:12",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://hackerone.com/reports/502816",
            },
            {
               name: "openSUSE-SU-2019:1840",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html",
            },
            {
               name: "openSUSE-SU-2019:1909",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html",
            },
            {
               name: "openSUSE-SU-2019:1897",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html",
            },
            {
               name: "openSUSE-SU-2019:2015",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2019-5459",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "VLC",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Fixed in 3.0.7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Integer Underflow (CWE-191)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://hackerone.com/reports/502816",
                     refsource: "MISC",
                     url: "https://hackerone.com/reports/502816",
                  },
                  {
                     name: "openSUSE-SU-2019:1840",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1909",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1897",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html",
                  },
                  {
                     name: "openSUSE-SU-2019:2015",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2019-5459",
      datePublished: "2019-07-30T20:24:06",
      dateReserved: "2019-01-04T00:00:00",
      dateUpdated: "2024-08-04T19:54:53.560Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6432
Vulnerability from cvelistv5
Published
2020-04-13 17:30
Modified
2024-08-04 09:02
Severity ?
Summary
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 81.0.4044.92
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.538Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/965611",
               },
               {
                  name: "openSUSE-SU-2020:0519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
               },
               {
                  name: "openSUSE-SU-2020:0540",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
               },
               {
                  name: "FEDORA-2020-b82a634e27",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
               },
               {
                  name: "FEDORA-2020-0e7f1b663b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
               },
               {
                  name: "FEDORA-2020-da49fbb17c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
               },
               {
                  name: "DSA-4714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "81.0.4044.92",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insufficient policy enforcement",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-02T11:06:35",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/965611",
            },
            {
               name: "openSUSE-SU-2020:0519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
            },
            {
               name: "openSUSE-SU-2020:0540",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
            },
            {
               name: "FEDORA-2020-b82a634e27",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
            },
            {
               name: "FEDORA-2020-0e7f1b663b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
            },
            {
               name: "FEDORA-2020-da49fbb17c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
            },
            {
               name: "DSA-4714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4714",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6432",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "81.0.4044.92",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Insufficient policy enforcement",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
                  },
                  {
                     name: "https://crbug.com/965611",
                     refsource: "MISC",
                     url: "https://crbug.com/965611",
                  },
                  {
                     name: "openSUSE-SU-2020:0519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0540",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
                  },
                  {
                     name: "FEDORA-2020-b82a634e27",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
                  },
                  {
                     name: "FEDORA-2020-0e7f1b663b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
                  },
                  {
                     name: "FEDORA-2020-da49fbb17c",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
                  },
                  {
                     name: "DSA-4714",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4714",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6432",
      datePublished: "2020-04-13T17:30:52",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.538Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-19950
Vulnerability from cvelistv5
Published
2019-12-24 00:07
Modified
2024-08-05 02:32
Severity ?
Summary
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:32:10.403Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://sourceforge.net/p/graphicsmagick/bugs/603/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4",
               },
               {
                  name: "openSUSE-SU-2020:0055",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html",
               },
               {
                  name: "openSUSE-SU-2020:0145",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html",
               },
               {
                  name: "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html",
               },
               {
                  name: "DSA-4640",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4640",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-16T09:06:16",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://sourceforge.net/p/graphicsmagick/bugs/603/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4",
            },
            {
               name: "openSUSE-SU-2020:0055",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html",
            },
            {
               name: "openSUSE-SU-2020:0145",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html",
            },
            {
               name: "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html",
            },
            {
               name: "DSA-4640",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4640",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-19950",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://sourceforge.net/p/graphicsmagick/bugs/603/",
                     refsource: "MISC",
                     url: "https://sourceforge.net/p/graphicsmagick/bugs/603/",
                  },
                  {
                     name: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4",
                     refsource: "MISC",
                     url: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4",
                  },
                  {
                     name: "openSUSE-SU-2020:0055",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0145",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html",
                  },
                  {
                     name: "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html",
                  },
                  {
                     name: "DSA-4640",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4640",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-19950",
      datePublished: "2019-12-24T00:07:10",
      dateReserved: "2019-12-24T00:00:00",
      dateUpdated: "2024-08-05T02:32:10.403Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6452
Vulnerability from cvelistv5
Published
2020-04-13 17:31
Modified
2024-08-04 09:02
Severity ?
Summary
Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 80.0.3987.162
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:02:40.718Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/1059764",
               },
               {
                  name: "openSUSE-SU-2020:0519",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
               },
               {
                  name: "FEDORA-2020-b2df49bb01",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQTV7EFWQKF6VJBCVH4PUQJLGO7ISLTN/",
               },
               {
                  name: "FEDORA-2020-161c87cbc7",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMXT4OKBMCJSNSX7TZDBJNY6ORKFZRFO/",
               },
               {
                  name: "openSUSE-SU-2020:0540",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "80.0.3987.162",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Heap buffer overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-19T02:06:12",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/1059764",
            },
            {
               name: "openSUSE-SU-2020:0519",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
            },
            {
               name: "FEDORA-2020-b2df49bb01",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQTV7EFWQKF6VJBCVH4PUQJLGO7ISLTN/",
            },
            {
               name: "FEDORA-2020-161c87cbc7",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMXT4OKBMCJSNSX7TZDBJNY6ORKFZRFO/",
            },
            {
               name: "openSUSE-SU-2020:0540",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "chrome-cve-admin@google.com",
               ID: "CVE-2020-6452",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "80.0.3987.162",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Heap buffer overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html",
                  },
                  {
                     name: "https://crbug.com/1059764",
                     refsource: "MISC",
                     url: "https://crbug.com/1059764",
                  },
                  {
                     name: "openSUSE-SU-2020:0519",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
                  },
                  {
                     name: "FEDORA-2020-b2df49bb01",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQTV7EFWQKF6VJBCVH4PUQJLGO7ISLTN/",
                  },
                  {
                     name: "FEDORA-2020-161c87cbc7",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMXT4OKBMCJSNSX7TZDBJNY6ORKFZRFO/",
                  },
                  {
                     name: "openSUSE-SU-2020:0540",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2020-6452",
      datePublished: "2020-04-13T17:31:02",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T09:02:40.718Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5787
Vulnerability from cvelistv5
Published
2019-05-23 19:10
Modified
2024-08-04 20:01
Severity ?
Summary
Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: prior to 73.0.3683.75
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:01:52.386Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/913964",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     status: "affected",
                     version: "prior to 73.0.3683.75",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Use after free",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-28T17:06:06",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/913964",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5787",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "prior to 73.0.3683.75",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Use after free",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://crbug.com/913964",
                     refsource: "MISC",
                     url: "https://crbug.com/913964",
                  },
                  {
                     name: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5787",
      datePublished: "2019-05-23T19:10:37",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:01:52.386Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-46142
Vulnerability from cvelistv5
Published
2022-01-06 03:48
Modified
2024-08-04 05:02
Severity ?
Summary
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T05:02:10.368Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/uriparser/uriparser/pull/124",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/uriparser/uriparser/issues/122",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/",
               },
               {
                  name: "FEDORA-2022-00a529a8bf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/",
               },
               {
                  name: "FEDORA-2022-cfd0048127",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/",
               },
               {
                  name: "DSA-5063",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5063",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-01-27T02:06:11",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/uriparser/uriparser/pull/124",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/uriparser/uriparser/issues/122",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/",
            },
            {
               name: "FEDORA-2022-00a529a8bf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/",
            },
            {
               name: "FEDORA-2022-cfd0048127",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/",
            },
            {
               name: "DSA-5063",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5063",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-46142",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/uriparser/uriparser/pull/124",
                     refsource: "MISC",
                     url: "https://github.com/uriparser/uriparser/pull/124",
                  },
                  {
                     name: "https://github.com/uriparser/uriparser/issues/122",
                     refsource: "MISC",
                     url: "https://github.com/uriparser/uriparser/issues/122",
                  },
                  {
                     name: "https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/",
                     refsource: "CONFIRM",
                     url: "https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/",
                  },
                  {
                     name: "FEDORA-2022-00a529a8bf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/",
                  },
                  {
                     name: "FEDORA-2022-cfd0048127",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/",
                  },
                  {
                     name: "DSA-5063",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5063",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-46142",
      datePublished: "2022-01-06T03:48:36",
      dateReserved: "2022-01-06T00:00:00",
      dateUpdated: "2024-08-04T05:02:10.368Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5809
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:22.976Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/941008",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-8fb8240d14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "DSA-4500",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4500",
               },
               {
                  name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Aug/19",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Use after free",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:12",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/941008",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-8fb8240d14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "DSA-4500",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4500",
            },
            {
               name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Aug/19",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5809",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Use after free",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/941008",
                     refsource: "MISC",
                     url: "https://crbug.com/941008",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-8fb8240d14",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "DSA-4500",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4500",
                  },
                  {
                     name: "20190813 [SECURITY] [DSA 4500-1] chromium security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Aug/19",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5809",
      datePublished: "2019-06-27T16:13:43",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:22.976Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-10163
Vulnerability from cvelistv5
Published
2019-07-30 22:16
Modified
2024-08-04 22:10
Summary
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.
Impacted products
Vendor Product Version
PowerDNS pdns Version: fixed in 4.1.9
Version: fixed in 4.0.8
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T22:10:10.003Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "openSUSE-SU-2019:1904",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html",
               },
               {
                  name: "openSUSE-SU-2019:1921",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "pdns",
               vendor: "PowerDNS",
               versions: [
                  {
                     status: "affected",
                     version: "fixed in 4.1.9",
                  },
                  {
                     status: "affected",
                     version: "fixed in 4.0.8",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 3.5,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-770",
                     description: "CWE-770",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-12-04T18:00:58",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "openSUSE-SU-2019:1904",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html",
            },
            {
               name: "openSUSE-SU-2019:1921",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2019-10163",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "pdns",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "fixed in 4.1.9",
                                       },
                                       {
                                          version_value: "fixed in 4.0.8",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "PowerDNS",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.",
                  },
               ],
            },
            impact: {
               cvss: [
                  [
                     {
                        vectorString: "3.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
                        version: "3.0",
                     },
                  ],
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-770",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "openSUSE-SU-2019:1904",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1921",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html",
                  },
                  {
                     name: "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/",
                     refsource: "CONFIRM",
                     url: "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163",
                  },
                  {
                     name: "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html",
                     refsource: "MISC",
                     url: "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2019-10163",
      datePublished: "2019-07-30T22:16:59",
      dateReserved: "2019-03-27T00:00:00",
      dateUpdated: "2024-08-04T22:10:10.003Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-15613
Vulnerability from cvelistv5
Published
2020-02-04 19:08
Modified
2024-08-05 00:56
Severity ?
Summary
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.
Impacted products
Vendor Product Version
n/a Nextcloud Server Version: 17.0.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:56:20.890Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://hackerone.com/reports/697959",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://nextcloud.com/security/advisory/?id=NC-SA-2020-002",
               },
               {
                  name: "openSUSE-SU-2020:0220",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html",
               },
               {
                  name: "openSUSE-SU-2020:0229",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Nextcloud Server",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "17.0.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "Improper Input Validation (CWE-20)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-17T18:06:04",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://hackerone.com/reports/697959",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://nextcloud.com/security/advisory/?id=NC-SA-2020-002",
            },
            {
               name: "openSUSE-SU-2020:0220",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html",
            },
            {
               name: "openSUSE-SU-2020:0229",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2019-15613",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Nextcloud Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "17.0.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Improper Input Validation (CWE-20)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://hackerone.com/reports/697959",
                     refsource: "MISC",
                     url: "https://hackerone.com/reports/697959",
                  },
                  {
                     name: "https://nextcloud.com/security/advisory/?id=NC-SA-2020-002",
                     refsource: "MISC",
                     url: "https://nextcloud.com/security/advisory/?id=NC-SA-2020-002",
                  },
                  {
                     name: "openSUSE-SU-2020:0220",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0229",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2019-15613",
      datePublished: "2020-02-04T19:08:57",
      dateReserved: "2019-08-26T00:00:00",
      dateUpdated: "2024-08-05T00:56:20.890Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5817
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
Summary
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impacted products
Vendor Product Version
Google Chrome Version: unspecified   < 74.0.3729.108
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:09:23.587Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://crbug.com/943709",
               },
               {
                  name: "openSUSE-SU-2019:1666",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
               },
               {
                  name: "FEDORA-2019-a1af621faf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
               },
               {
                  name: "GLSA-201908-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201908-18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Chrome",
               vendor: "Google",
               versions: [
                  {
                     lessThan: "74.0.3729.108",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Heap buffer overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-15T17:06:13",
            orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            shortName: "Chrome",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://crbug.com/943709",
            },
            {
               name: "openSUSE-SU-2019:1666",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
            },
            {
               name: "FEDORA-2019-a1af621faf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
            },
            {
               name: "GLSA-201908-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201908-18",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2019-5817",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Chrome",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "74.0.3729.108",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Heap buffer overflow",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                     refsource: "MISC",
                     url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
                  },
                  {
                     name: "https://crbug.com/943709",
                     refsource: "MISC",
                     url: "https://crbug.com/943709",
                  },
                  {
                     name: "openSUSE-SU-2019:1666",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
                  },
                  {
                     name: "FEDORA-2019-a1af621faf",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
                  },
                  {
                     name: "GLSA-201908-18",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201908-18",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
      assignerShortName: "Chrome",
      cveId: "CVE-2019-5817",
      datePublished: "2019-06-27T16:13:43",
      dateReserved: "2019-01-09T00:00:00",
      dateUpdated: "2024-08-04T20:09:23.587Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
chrome-cve-admin@google.comhttps://crbug.com/919356
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/919356
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.",
      },
      {
         lang: "es",
         value: "La validación de datos insuficiente en las herramientas de desarrollador en Google Chrome en OS X antes de 74.0.3729.108 permitió que un atacante local ejecutara código arbitrario a través de una cadena hecha a mano copiada al portapapeles.",
      },
   ],
   id: "CVE-2019-5819",
   lastModified: "2024-11-21T04:45:34.353",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.583",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/919356",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/919356",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 18:15
Modified
2024-11-21 05:35
Summary
Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/959571Permissions Required, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/959571Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4714Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DF3F6F7-2305-4BA7-8401-8A7F55C29CB5",
                     versionEndExcluding: "81.0.4044.92",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Una aplicación insuficiente de la política en omnibox en Google Chrome versiones anteriores a  81.0.4044.92, permitió a un atacante remoto omitir la Interfaz de Usuario de seguridad por medio de una página HTML diseñada.",
      },
   ],
   id: "CVE-2020-6441",
   lastModified: "2024-11-21T05:35:44.067",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T18:15:12.327",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/959571",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/959571",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-276",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-24 16:15
Modified
2024-11-21 04:56
Severity ?
Summary
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FEEFFEE6-98B6-41A8-93F1-EB2510D04EFE",
                     versionEndExcluding: "1.3.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.",
      },
      {
         lang: "es",
         value: "GraphicsMagick versiones anteriores a la versión 1.3.35, tiene un desbordamiento de enteros y un desbordamiento del búfer en la región heap de la memoria en  la función HuffmanDecodeImage en el archivo magick/compress.c.",
      },
   ],
   id: "CVE-2020-10938",
   lastModified: "2024-11-21T04:56:24.750",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-03-24T16:15:12.750",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00007.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://sourceforge.net/p/graphicsmagick/code/ci/5b4dd7c6674140a115ec9424c8d19c6a458fac3e/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4675",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00007.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://sourceforge.net/p/graphicsmagick/code/ci/5b4dd7c6674140a115ec9424c8d19c6a458fac3e/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4675",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-23 20:29
Modified
2024-11-21 04:45
Summary
Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impacted products
Vendor Product Version
google chrome *
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
                     versionEndExcluding: "73.0.3683.75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "El uso de memoria después del proceso Garbage-Collection en Blink en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto explotar potencialmente la corrupción de pila por medio de una página HTML creada.",
      },
   ],
   id: "CVE-2019-5787",
   lastModified: "2024-11-21T04:45:29.550",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-23T20:29:00.560",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/913964",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/913964",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 18:15
Modified
2024-11-21 05:35
Summary
Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlPermissions Required, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/639173Exploit, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlPermissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/639173Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4714Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DF3F6F7-2305-4BA7-8401-8A7F55C29CB5",
                     versionEndExcluding: "81.0.4044.92",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.",
      },
      {
         lang: "es",
         value: "Una implementación inapropiada en WebView en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto falsificar la Interfaz de Usuario de seguridad por medio de una aplicación diseñada.",
      },
   ],
   id: "CVE-2020-6437",
   lastModified: "2024-11-21T05:35:43.613",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T18:15:12.107",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/639173",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/639173",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-08-02 12:15
Modified
2024-11-21 04:26
Summary
An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.
Impacted products
Vendor Product Version
schismtracker schism_tracker *
opensuse backports sle-15
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:schismtracker:schism_tracker:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DD466FF-0AC5-4680-B956-AD071BFB707A",
                     versionEndIncluding: "20190722",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.",
      },
      {
         lang: "es",
         value: "Se descubrió un problema en Schism Tracker a través de 20190722. Hay un desbordamiento de búfer basado en el montón a través de una gran cantidad de patrones de canciones en fmt_mtm_load_song en fmt / mtm.c, una vulnerabilidad diferente a CVE-2019-14465.",
      },
   ],
   id: "CVE-2019-14524",
   lastModified: "2024-11-21T04:26:53.857",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-08-02T12:15:12.317",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00072.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00083.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/schismtracker/schismtracker/issues/201",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/schismtracker/schismtracker/releases/tag/20190805",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00072.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00083.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/schismtracker/schismtracker/issues/201",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/schismtracker/schismtracker/releases/tag/20190805",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
chrome-cve-admin@google.comhttps://crbug.com/951782
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/951782
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1629DCDC-F45C-4F3E-A8EF-43E40E2FD504",
                     versionEndExcluding: "75.0.3770.80",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La IU de seguridad incorrecta en el bloqueador de ventanas emergentes en Google Chrome en iOS antes de 75.0.3770.80 permitió que un atacante remoto omitiera las restricciones de navegación a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5840",
   lastModified: "2024-11-21T04:45:37.243",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:15.710",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/951782",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/951782",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-362",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-23 20:29
Modified
2024-11-21 04:45
Summary
Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.
Impacted products
Vendor Product Version
google chrome *
microsoft windows -
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
                     versionEndExcluding: "73.0.3683.75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.",
      },
      {
         lang: "es",
         value: "Un procesamiento incorrecto de línea de comandos en Chrome en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante local ejecutara una falsificación de dominio mediante un nombre de dominio creado.",
      },
   ],
   id: "CVE-2019-5804",
   lastModified: "2024-11-21T04:45:31.687",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-23T20:29:01.357",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/933004",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/933004",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-88",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 18:15
Modified
2024-11-21 05:35
Summary
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/1040080Permissions Required, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/1040080Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4714Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DF3F6F7-2305-4BA7-8401-8A7F55C29CB5",
                     versionEndExcluding: "81.0.4044.92",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Una comprobación insuficiente de datos en developer tools en Google Chrome versiones anteriores a  81.0.4044.92, permitió a un atacante remoto que había convencido al usuario de utilizar devtools ejecutar código arbitrario por medio de una página HTML diseñada.",
      },
   ],
   id: "CVE-2020-6443",
   lastModified: "2024-11-21T05:35:44.293",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T18:15:12.420",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/1040080",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/1040080",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-345",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.htmlMailing List, Patch, Third Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.htmlVendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/952406Exploit, Issue Tracking, Patch, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.debian.org/debian-lts-announce/2020/08/msg00037.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19Issue Tracking, Mailing List, Third Party Advisory
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/202003-16Third Party Advisory
chrome-cve-admin@google.comhttps://usn.ubuntu.com/4205-1/Third Party Advisory
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.htmlMailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/952406Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00037.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202003-16Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4205-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E86A7A78-CFB0-4CF5-AFE2-E1C88ED6E19D",
                     versionEndExcluding: "74.0.3729.131",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "1F3EFED2-F6BC-46D9-AB22-D5ED87EF4549",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "El desbordamiento de enteros en SQLite a través de WebSQL en Google Chrome antes de 74.0.3729.131 permitió que un atacante remoto pudiera explotar la corrupción del heap a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5827",
   lastModified: "2024-11-21T04:45:35.437",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.913",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/952406",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-16",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4205-1/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/952406",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-16",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4205-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
chrome-cve-admin@google.comhttps://crbug.com/893087
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/893087
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1629DCDC-F45C-4F3E-A8EF-43E40E2FD504",
                     versionEndExcluding: "75.0.3770.80",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.",
      },
      {
         lang: "es",
         value: "La aplicación de políticas insuficientes en la API de extensiones en Google Chrome antes de 75.0.3770.80 permitió a un atacante que convenció a un usuario de instalar una extensión maliciosa para evitar las restricciones en los URI de archivos a través de una extensión de Chrome diseñada.",
      },
   ],
   id: "CVE-2019-5838",
   lastModified: "2024-11-21T04:45:36.937",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:15.600",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/893087",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/893087",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-863",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 18:15
Modified
2024-11-21 05:35
Summary
Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/1059669Permissions Required, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/1059669Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4714Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DF3F6F7-2305-4BA7-8401-8A7F55C29CB5",
                     versionEndExcluding: "81.0.4044.92",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Una lectura fuera de límites en WebSQL en Google Chrome versiones anteriores a  81.0.4044.92, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada.",
      },
   ],
   id: "CVE-2020-6455",
   lastModified: "2024-11-21T05:35:45.753",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T18:15:13.000",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/1059669",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/1059669",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-01-08 21:15
Modified
2024-11-21 05:36
Summary
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
Impacted products
Vendor Product Version
gnu libredwg 0.9.3.2564
opensuse backports sle-15
opensuse leap 15.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:libredwg:0.9.3.2564:*:*:*:*:*:*:*",
                     matchCriteriaId: "6292F71C-4D80-4570-A07D-C790FEEE9B2B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.",
      },
      {
         lang: "es",
         value: "GNU LibreDWG versión 0.9.3.2564, tiene un intento de asignación excesiva de memoria en la función read_sections_map en el archivo decode_r2007.c.",
      },
   ],
   id: "CVE-2020-6610",
   lastModified: "2024-11-21T05:36:01.557",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-01-08T21:15:11.287",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447120",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447120",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-770",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
chrome-cve-admin@google.comhttps://crbug.com/925614
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/925614
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1629DCDC-F45C-4F3E-A8EF-43E40E2FD504",
                     versionEndExcluding: "75.0.3770.80",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.",
      },
      {
         lang: "es",
         value: "La validación excesiva de datos en el analizador de URL en Google Chrome anterior a la versión 75.0.3770.80 permitió que un atacante remoto convenciera a un usuario de introducir una URL para omitir la validación de URL del sitio web a través de una URL diseñada.",
      },
   ],
   id: "CVE-2019-5839",
   lastModified: "2024-11-21T04:45:37.067",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:15.647",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/925614",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/925614",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 18:15
Modified
2024-11-21 05:35
Summary
Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/894477Permissions Required, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/894477Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4714Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DF3F6F7-2305-4BA7-8401-8A7F55C29CB5",
                     versionEndExcluding: "81.0.4044.92",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.",
      },
      {
         lang: "es",
         value: "Una implementación inapropiada en extensions en Google Chrome versiones anteriores a  81.0.4044.92, permitió a un atacante que convenció a un usuario a instalar una extensión maliciosa para obtener información potencialmente confidencial por medio de una Extensión de Chrome diseñada.",
      },
   ],
   id: "CVE-2020-6440",
   lastModified: "2024-11-21T05:35:43.953",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T18:15:12.267",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/894477",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/894477",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-10 22:15
Modified
2024-11-21 04:25
Summary
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttps://access.redhat.com/errata/RHSA-2019:4238Patch, Third Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/1028862Permissions Required
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2020/Jan/27Mailing List, Third Party Advisory
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/202003-08Third Party Advisory
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4606Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:4238Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/1028862Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2020/Jan/27Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202003-08Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4606Mailing List, Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3900404-81EC-4968-BD74-1630F385643D",
                     versionEndExcluding: "79.0.3945.79",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5BEF8F1-A70F-455C-BFDD-09E0A658F702",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "634C23AC-AC9C-43F4-BED8-1C720816D5E3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Una confusión de tipo en JavaScript en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente  diseñada.",
      },
   ],
   id: "CVE-2019-13730",
   lastModified: "2024-11-21T04:25:35.880",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-12-10T22:15:13.120",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:4238",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
         ],
         url: "https://crbug.com/1028862",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2020/Jan/27",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-08",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4606",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:4238",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
         ],
         url: "https://crbug.com/1028862",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2020/Jan/27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-08",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4606",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
            {
               lang: "en",
               value: "CWE-843",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-09-23 12:15
Modified
2024-11-21 04:31
Summary
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:imagemagick:imagemagick:7.0.8-35:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D3D09FA-AD5C-4BE2-BDF5-746DD70AA733",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.",
      },
      {
         lang: "es",
         value: "ImageMagick versión 7.0.8-35, presenta una pérdida de memoria en el archivo coders/dps.c, como es demostrado mediante la función XCreateImage.",
      },
   ],
   id: "CVE-2019-16709",
   lastModified: "2024-11-21T04:31:01.757",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-09-23T12:15:10.487",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00045.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00046.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/ImageMagick/ImageMagick/issues/1531",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4192-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00045.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00046.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/ImageMagick/ImageMagick/issues/1531",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4192-1/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-401",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-24 01:15
Modified
2024-11-21 04:35
Severity ?
Summary
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:graphicsmagick:graphicsmagick:1.4:2019-04-23:*:*:*:*:*:*",
                     matchCriteriaId: "9CEB360F-07B5-4199-86E5-AC910D419648",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.",
      },
      {
         lang: "es",
         value: "En GraphicsMagick versión 1.4 snapshot-20190423 Q8, se presenta un desbordamiento de búfer en la región heap de la memoria en la función ImportRLEPixels del archivo coders/miff.c.",
      },
   ],
   id: "CVE-2019-19951",
   lastModified: "2024-11-21T04:35:43.817",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-12-24T01:15:11.450",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://sourceforge.net/p/graphicsmagick/bugs/608/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4640",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://sourceforge.net/p/graphicsmagick/bugs/608/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4640",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
chrome-cve-admin@google.comhttps://crbug.com/958533
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/958533
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1629DCDC-F45C-4F3E-A8EF-43E40E2FD504",
                     versionEndExcluding: "75.0.3770.80",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "El desbordamiento de enteros en el administrador de descargas en Google Chrome antes de la versión 75.0.3770.80 permitió que un atacante remoto pudiera realizar un acceso a la memoria fuera de límites a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5829",
   lastModified: "2024-11-21T04:45:35.723",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:15.053",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/958533",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/958533",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-23 20:29
Modified
2024-11-21 04:45
Summary
Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Impacted products
Vendor Product Version
google chrome *
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
                     versionEndExcluding: "73.0.3683.75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La optimización inadecuada en V8 en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto ejecutar una lectura de memoria fuera de límites por medio de una página HTML creada.",
      },
   ],
   id: "CVE-2019-5791",
   lastModified: "2024-11-21T04:45:30.043",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-23T20:29:00.747",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/926651",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/926651",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
            {
               lang: "en",
               value: "CWE-843",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-24 01:15
Modified
2024-11-21 04:35
Severity ?
Summary
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:graphicsmagick:graphicsmagick:1.4:2019-12-08:*:*:*:*:*:*",
                     matchCriteriaId: "261F17D8-6018-4EE3-8F94-910942F6F552",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.",
      },
      {
         lang: "es",
         value: "En GraphicsMagick versión 1.4 snapshot-20191208 Q8,  se presenta una lectura excesiva de búfer en la región heap de la memoria en la función EncodeImage del archivo coders/pict.c.",
      },
   ],
   id: "CVE-2019-19953",
   lastModified: "2024-11-21T04:35:44.110",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.1,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-12-24T01:15:11.590",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://sourceforge.net/p/graphicsmagick/bugs/617/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4640",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://sourceforge.net/p/graphicsmagick/bugs/617/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4640",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-02-13 19:15
Modified
2024-11-21 04:53
Summary
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:intel:software_guard_extensions_sdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDB8EADB-E24B-444F-9D97-2EF45326233E",
                     versionEndExcluding: "2.6.100.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:intel:software_guard_extensions_sdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "60DE7C7E-F1EF-4F5C-A6D1-4C852E7279B1",
                     versionEndExcluding: "2.8.100.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.",
      },
      {
         lang: "es",
         value: "Una inicialización inapropiada en el SDK Intel® SGX versiones anteriores a v2.6.100.1, puede habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso local.",
      },
   ],
   id: "CVE-2020-0561",
   lastModified: "2024-11-21T04:53:45.837",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-02-13T19:15:13.880",
   references: [
      {
         source: "secure@intel.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00009.html",
      },
      {
         source: "secure@intel.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00014.html",
      },
      {
         source: "secure@intel.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00009.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00014.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html",
      },
   ],
   sourceIdentifier: "secure@intel.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-665",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1629DCDC-F45C-4F3E-A8EF-43E40E2FD504",
                     versionEndExcluding: "75.0.3770.80",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "El problema del ciclo de vida de los objetos en SwiftShader en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto pudiera realizar un acceso a la memoria fuera de los límites a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5835",
   lastModified: "2024-11-21T04:45:36.553",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:15.380",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/939239",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/939239",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-23 20:29
Modified
2024-11-21 04:45
Summary
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Impacted products
Vendor Product Version
google chrome *
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
                     versionEndExcluding: "73.0.3683.75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La herencia incorrecta de la política en un documento nuevo en Content Security Policy en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto eludir la política de seguridad de contenido por medio de una página HTML creada.",
      },
   ],
   id: "CVE-2019-5799",
   lastModified: "2024-11-21T04:45:31.090",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-23T20:29:01.093",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/905301",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/905301",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-23 20:29
Modified
2024-11-21 04:45
Summary
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://access.redhat.com/errata/RHSA-2019:1308
chrome-cve-admin@google.comhttps://access.redhat.com/errata/RHSA-2019:1309
chrome-cve-admin@google.comhttps://access.redhat.com/errata/RHSA-2019:1310
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
chrome-cve-admin@google.comhttps://crbug.com/883596
chrome-cve-admin@google.comhttps://lists.debian.org/debian-lts-announce/2019/05/msg00038.html
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/May/67
chrome-cve-admin@google.comhttps://usn.ubuntu.com/3997-1/
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4451
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:1308
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:1309
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:1310
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/883596
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/May/67
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3997-1/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4451



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
                     versionEndExcluding: "73.0.3683.75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "284A8DA0-317B-4BBE-AECB-7E91BBF0DD3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La falta de comprobación de límites correcta en Skia en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara una lectura de memoria fuera de límites por medio de una página HTML creada.",
      },
   ],
   id: "CVE-2019-5798",
   lastModified: "2024-11-21T04:45:30.940",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-23T20:29:01.047",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://access.redhat.com/errata/RHSA-2019:1308",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://access.redhat.com/errata/RHSA-2019:1309",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://access.redhat.com/errata/RHSA-2019:1310",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/883596",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/May/67",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://usn.ubuntu.com/3997-1/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4451",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:1308",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:1309",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:1310",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/883596",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/May/67",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/3997-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4451",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La aplicación de políticas insuficientes en los trabajadores del servicio en Google Chrome antes del 74.0.3729.108 permitió a un atacante remoto eludir las restricciones de navegación a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5823",
   lastModified: "2024-11-21T04:45:34.907",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.5,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.803",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/930154",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/930154",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-601",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-07-17 03:15
Modified
2024-11-21 05:06
Summary
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00007.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2021/04/msg00018.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/04/msg00013.html
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
cve@mitre.orghttps://support.zabbix.com/browse/ZBX-18057Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/04/msg00018.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
af854a3a-2127-422b-91ae-364da2661108https://support.zabbix.com/browse/ZBX-18057Patch, Vendor Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "14F030BB-4C18-44AC-8D00-75A7698E8E21",
                     versionEndIncluding: "3.0.31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8E2372F-DA44-49AF-8F3D-46FDA165E67B",
                     versionEndIncluding: "4.0.21",
                     versionStartIncluding: "4.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "55B5B412-AB7D-4ABC-996B-8A8A45FE2C82",
                     versionEndIncluding: "4.4.9",
                     versionStartIncluding: "4.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5B22FF1-0777-43BC-9EC3-C8687203AA24",
                     versionEndIncluding: "5.0.1",
                     versionStartIncluding: "5.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zabbix:zabbix:3.0.32:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "4959BD7B-361C-4FB9-A825-1BC674631898",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zabbix:zabbix:4.0.22:-:*:*:*:*:*:*",
                     matchCriteriaId: "82480E14-CEB4-419F-BF7F-B9CC97B9CDCB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zabbix:zabbix:4.0.22:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "06AA643C-F980-4ACC-8EEB-0B35F498379A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zabbix:zabbix:4.4.10:-:*:*:*:*:*:*",
                     matchCriteriaId: "0CADAAB0-18C6-40B2-9B6C-CDB181BB40E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zabbix:zabbix:4.4.10:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "3C96E39F-9885-4CFC-A218-AD53B23B6392",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zabbix:zabbix:5.0.2:-:*:*:*:*:*:*",
                     matchCriteriaId: "A0A4A0B9-F022-4C6E-B5DD-D311EC2AF995",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zabbix:zabbix:5.0.2:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "EFCB4139-5BF6-4A5E-B333-BF1300F328A2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "2B7A2D58-B706-41B4-AC99-D51E317AA2D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.",
      },
      {
         lang: "es",
         value: "Zabbix versiones anteriores a 3.0.32rc1, versiones 4.x anteriores a 4.0.22rc1, versiones 4.1.x hasta 4.4.x anteriores a 4.4.10rc1 y versiones 5.x anteriores a 5.0.2rc1, permite un ataque de tipo XSS almacenado en el widget URL",
      },
   ],
   id: "CVE-2020-15803",
   lastModified: "2024-11-21T05:06:12.923",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-07-17T03:15:11.437",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://support.zabbix.com/browse/ZBX-18057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://support.zabbix.com/browse/ZBX-18057",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 18:15
Modified
2024-11-21 05:35
Summary
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/1013906Exploit, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/1013906Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4714Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DF3F6F7-2305-4BA7-8401-8A7F55C29CB5",
                     versionEndExcluding: "81.0.4044.92",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Una implementación inapropiada en cache en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada.",
      },
   ],
   id: "CVE-2020-6442",
   lastModified: "2024-11-21T05:35:44.180",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T18:15:12.373",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/1013906",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/1013906",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-668",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-27 22:15
Modified
2024-11-21 04:37
Summary
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
Impacted products
Vendor Product Version
upx_project upx 3.95
opensuse backports sle-15
opensuse leap 15.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:upx_project:upx:3.95:*:*:*:*:*:*:*",
                     matchCriteriaId: "7986910F-E5B0-488F-813B-D6B4367F16F4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.",
      },
      {
         lang: "es",
         value: "Se descubrió una desreferencia de dirección de memoria no válida en la función canUnpack en el archivo p_mach.cpp en UPX versión 3.95 por medio de un archivo Mach-O especialmente diseñado.",
      },
   ],
   id: "CVE-2019-20053",
   lastModified: "2024-11-21T04:37:58.397",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-12-27T22:15:11.923",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00007.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/upx/upx/issues/314",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00007.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/upx/upx/issues/314",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
chrome-cve-admin@google.comhttps://crbug.com/942699
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/942699
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Use-after-free en V8 en Google Chrome antes de 74.0.3729.108 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de una página HTML creada.",
      },
   ],
   id: "CVE-2019-5813",
   lastModified: "2024-11-21T04:45:33.553",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.270",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/942699",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/942699",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-23 20:29
Modified
2024-11-21 04:45
Summary
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Impacted products
Vendor Product Version
google chrome *
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
                     versionEndExcluding: "73.0.3683.75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La  insuficiente aplicación de políticas en Blink en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto eludir la política de seguridad de contenido por medio de una página HTML creada.",
      },
   ],
   id: "CVE-2019-5800",
   lastModified: "2024-11-21T04:45:31.207",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-23T20:29:01.140",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/894228",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/894228",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 18:15
Modified
2024-11-21 05:35
Summary
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/965611Permissions Required, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/965611Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4714Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DF3F6F7-2305-4BA7-8401-8A7F55C29CB5",
                     versionEndExcluding: "81.0.4044.92",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Una aplicación insuficiente de la política en navigations en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto omitir las restricciones de navegación por medio de una página HTML diseñada.",
      },
   ],
   id: "CVE-2020-6432",
   lastModified: "2024-11-21T05:35:43.040",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T18:15:11.780",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/965611",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/965611",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-23 16:15
Modified
2024-11-21 05:35
Summary
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/1031670Patch, Third Party Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/202003-53Third Party Advisory
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4645Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/1031670Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202003-53Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4645Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF0EE2D3-3F5C-4F34-B35A-042F0AC3CBA1",
                     versionEndExcluding: "80.0.3987.149",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.",
      },
      {
         lang: "es",
         value: "Una aplicación de política insuficiente en extensions de Google Chrome versiones anteriores a 80.0.3987.149, permitió a un atacante que convenció a un usuario para instalar una extensión maliciosa omitir el aislamiento del sitio por medio de una Extensión de Chrome diseñada.",
      },
   ],
   id: "CVE-2020-6425",
   lastModified: "2024-11-21T05:35:42.200",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.5,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-03-23T16:15:17.313",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://crbug.com/1031670",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-53",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4645",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://crbug.com/1031670",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-53",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4645",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 18:15
Modified
2024-11-21 05:35
Summary
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/868145Permissions Required, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/868145Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4714Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DF3F6F7-2305-4BA7-8401-8A7F55C29CB5",
                     versionEndExcluding: "81.0.4044.92",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Una aplicación insuficiente de la política en navigations en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto omitir la Interfaz de Usuario de seguridad por medio de una página HTML diseñada.",
      },
   ],
   id: "CVE-2020-6439",
   lastModified: "2024-11-21T05:35:43.843",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T18:15:12.217",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/868145",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/868145",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-276",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-11-25 15:15
Modified
2024-11-21 04:25
Summary
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Impacted products
Vendor Product Version
google chrome *
opensuse backports sle-15



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "672BBC37-A438-4A13-B476-F26333E822AE",
                     versionEndExcluding: "78.0.3904.70",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Una aplicación de política insuficiente en JavaScript en Google Chrome versiones anteriores a 78.0.3904.70, permitió a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-13711",
   lastModified: "2024-11-21T04:25:33.480",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-11-25T15:15:33.307",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/986063",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/986063",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-07-30 21:15
Modified
2024-11-21 04:44
Summary
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
Impacted products
Vendor Product Version
videolan vlc_media_player *
opensuse backports_sle 15.0
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "288A8608-A671-415D-9BEC-C85098C8C51B",
                     versionEndExcluding: "3.0.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "40513095-7E6E-46B3-B604-C926F1BA3568",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.",
      },
      {
         lang: "es",
         value: "Un desbordamiento de enteros de VLC Media Player versiones anteriores a 3.0.7, conlleva a una lectura fuera de banda.",
      },
   ],
   id: "CVE-2019-5459",
   lastModified: "2024-11-21T04:44:58.477",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-07-30T21:15:12.257",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://hackerone.com/reports/502816",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://hackerone.com/reports/502816",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-191",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-191",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
chrome-cve-admin@google.comhttps://crbug.com/929962
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/929962
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.",
      },
      {
         lang: "es",
         value: "Los datos no inicializados en medios en Google Chrome antes del 74.0.3729.108 permitieron a un atacante remoto obtener información potencialmente sensible de la memoria de proceso a través de un archivo de video creado",
      },
   ],
   id: "CVE-2019-5818",
   lastModified: "2024-11-21T04:45:34.213",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.507",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/929962",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/929962",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-908",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-03-15 18:29
Modified
2024-11-21 04:01
Severity ?
Summary
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/106938Broken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttps://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1Patch
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/02/msg00030.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/Exploit, Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201903-06Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4394Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106938Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/02/msg00030.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-06Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4394Third Party Advisory
Impacted products
Vendor Product Version
rdesktop rdesktop *
debian debian_linux 8.0
debian debian_linux 9.0
opensuse backports sle-15
opensuse leap 15.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:rdesktop:rdesktop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "223ED7FC-79EF-4324-82AE-D3794128C7A3",
                     versionEndIncluding: "1.8.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.",
      },
      {
         lang: "es",
         value: "rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene un desbordamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en la función rdp_in_unistr() y resulta en la corrupción de memoria y, posiblemente, incluso la ejecución remota de código.",
      },
   ],
   id: "CVE-2018-20177",
   lastModified: "2024-11-21T04:01:01.310",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-03-15T18:29:00.423",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106938",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201903-06",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4394",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106938",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201903-06",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4394",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-11-25 15:15
Modified
2024-11-21 04:25
Summary
Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
Impacted products
Vendor Product Version
google chrome *
opensuse backports sle-15



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "672BBC37-A438-4A13-B476-F26333E822AE",
                     versionEndExcluding: "78.0.3904.70",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.",
      },
      {
         lang: "es",
         value: "Una aplicación de política insuficiente en extensions en Google Chrome versiones anteriores a 78.0.3904.70, permitió a un atacante, que convenció a un usuario para instalar una extensión maliciosa, filtrar datos de origen cruzado por medio de una Extensión de Chrome diseñada.",
      },
   ],
   id: "CVE-2019-13705",
   lastModified: "2024-11-21T04:25:32.727",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-11-25T15:15:32.917",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/989078",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/989078",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-269",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
chrome-cve-admin@google.comhttps://crbug.com/956597
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/956597
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1629DCDC-F45C-4F3E-A8EF-43E40E2FD504",
                     versionEndExcluding: "75.0.3770.80",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "El problema del ciclo de vida del objeto en ServiceWorker en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto pudiera realizar un acceso a la memoria fuera de límites a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5828",
   lastModified: "2024-11-21T04:45:35.583",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.990",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/956597",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/956597",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-07-30 23:15
Modified
2024-11-21 04:18
Summary
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AC9E085-EAB7-4AF1-AE27-890E01A74EBF",
                     versionEndExcluding: "4.0.8",
                     versionStartIncluding: "4.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18CCB3A5-1428-47B2-AC55-6D8E45842A67",
                     versionEndExcluding: "4.1.9",
                     versionStartIncluding: "4.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:powerdns:authoritative:4.1.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "C77964E1-10B0-4107-A1DF-5A6A23F48A85",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.",
      },
      {
         lang: "es",
         value: "Se ha detectado una vulnerabilidad en Authoritative Server de PowerDNS anterior a versiones 4.1.9, 4.0.8, que permite a un servidor maestro autorizado y remoto causar una alta carga de CPU o incluso impedir actualizaciones adicionales a cualquier zona esclava mediante el envío de una gran cantidad de mensajes de NOTIFICACIÓN. Note que solo los servidores configurados como esclavos están afectados por este problema.",
      },
   ],
   id: "CVE-2019-10163",
   lastModified: "2024-11-21T04:18:33.233",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 3.5,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
               version: "3.0",
            },
            exploitabilityScore: 2.1,
            impactScore: 1.4,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-07-30T23:15:12.263",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-770",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-770",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-23 20:29
Modified
2024-11-21 04:45
Summary
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Impacted products
Vendor Product Version
google chrome *
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
                     versionEndExcluding: "73.0.3683.75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Un desbordamiento de enteros que provoca un uso de memoria previamente liberada (use-after-free) en Blink Storage en Google Chrome sobre Linux antes de la versión 73.0.3683.75, permitió que un atacante remoto que había comprometido el proceso del renderizador ejecutara código arbitrario por medio de una página HTML creada.",
      },
   ],
   id: "CVE-2019-5788",
   lastModified: "2024-11-21T04:45:29.687",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-23T20:29:00.607",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/925864",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/925864",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-01-06 04:15
Modified
2024-11-21 06:33
Summary
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
References
cve@mitre.orghttps://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/Third Party Advisory
cve@mitre.orghttps://github.com/uriparser/uriparser/issues/122Exploit, Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://github.com/uriparser/uriparser/pull/124Exploit, Patch, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/
cve@mitre.orghttps://www.debian.org/security/2022/dsa-5063Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/uriparser/uriparser/issues/122Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/uriparser/uriparser/pull/124Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5063Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:uriparser_project:uriparser:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDD115F5-6128-4317-AC92-F0714B9C8E8A",
                     versionEndExcluding: "0.9.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                     matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E29492E1-43D8-43BF-94E3-26A762A66FAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "090F0D1A-6BF8-4810-8942-3FFE4FBF7FE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en uriparser versiones anteriores a 0.9.6. Lleva a cabo operaciones libres no válidas en uriNormalizeSyntax.",
      },
   ],
   id: "CVE-2021-46142",
   lastModified: "2024-11-21T06:33:40.423",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-01-06T04:15:06.967",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/uriparser/uriparser/issues/122",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/uriparser/uriparser/pull/124",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5063",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/uriparser/uriparser/issues/122",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/uriparser/uriparser/pull/124",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5063",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-02-04 20:15
Modified
2024-11-21 04:29
Summary
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2835B9E-DA99-430E-B4B1-30518D7105DC",
                     versionEndExcluding: "14.0.11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AECD1A2C-871A-4B19-9E2E-DC9DAAED8605",
                     versionEndExcluding: "15.0.8",
                     versionStartIncluding: "15.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:12:-:*:*:*:*:*:*",
                     matchCriteriaId: "144B9E5B-6CF1-4961-8079-B09A8881EEEF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.",
      },
      {
         lang: "es",
         value: "Una Comprobación de Entrada Inapropiada en Nextcloud Server versión 15.0.7, permite a los administradores de grupo crear usuarios con los ID de carpetas del sistema.",
      },
   ],
   id: "CVE-2019-15624",
   lastModified: "2024-11-21T04:29:09.207",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-02-04T20:15:12.747",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://hackerone.com/reports/508493",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://hackerone.com/reports/508493",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
chrome-cve-admin@google.comhttps://crbug.com/947029
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/947029
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Use-after-free en Blink en Google Chrome antes de 74.0.3729.108 permitió que un atacante remoto pudiera explotar la corrupción del heap a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5808",
   lastModified: "2024-11-21T04:45:32.230",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:13.990",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/947029",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/947029",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-23 20:29
Modified
2024-11-21 04:45
Summary
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.
Impacted products
Vendor Product Version
google chrome *
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
                     versionEndExcluding: "73.0.3683.75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.",
      },
      {
         lang: "es",
         value: "El desbordamiento de enteros en PDFium en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara un acceso a la memoria fuera de límites por medio de un archivo PDF creado.",
      },
   ],
   id: "CVE-2019-5795",
   lastModified: "2024-11-21T04:45:30.570",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-23T20:29:00.937",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/919643",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/919643",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-01-06 04:15
Modified
2024-11-21 06:33
Summary
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
References
cve@mitre.orghttps://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/Third Party Advisory
cve@mitre.orghttps://github.com/uriparser/uriparser/issues/121Exploit, Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://github.com/uriparser/uriparser/pull/124Exploit, Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2022/01/msg00029.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/
cve@mitre.orghttps://www.debian.org/security/2022/dsa-5063Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/uriparser/uriparser/issues/121Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/uriparser/uriparser/pull/124Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/01/msg00029.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5063Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:uriparser_project:uriparser:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDD115F5-6128-4317-AC92-F0714B9C8E8A",
                     versionEndExcluding: "0.9.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                     matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E29492E1-43D8-43BF-94E3-26A762A66FAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "090F0D1A-6BF8-4810-8942-3FFE4FBF7FE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en uriparser versiones anteriores a 0.9.6. Lleva a cabo operaciones inválidas en uriFreeUriMembers y uriMakeOwner.",
      },
   ],
   id: "CVE-2021-46141",
   lastModified: "2024-11-21T06:33:40.250",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-01-06T04:15:06.917",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/uriparser/uriparser/issues/121",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/uriparser/uriparser/pull/124",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00029.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5063",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/uriparser/uriparser/issues/121",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/uriparser/uriparser/pull/124",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00029.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5063",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-03 23:15
Modified
2024-11-21 05:35
Severity ?
Summary
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Impacted products
Vendor Product Version
google chrome *
debian debian_linux 9.0
debian debian_linux 10.0
opensuse backports sle-15
opensuse leap 15.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3FA0046-45B4-4D20-AEB4-72D9A04283C3",
                     versionEndExcluding: "83.0.4103.97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Un uso de la memoria previamente liberada en WebAuthentication en Google Chrome versiones anteriores a 83.0.4103.97, permitió a un atacante remoto que había comprometido el proceso del renderizador para potencialmente llevar a cabo un escape del sandbox por medio de una página HTML diseñada",
      },
   ],
   id: "CVE-2020-6493",
   lastModified: "2024-11-21T05:35:50.323",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.6,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-03T23:15:11.760",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
         ],
         url: "https://crbug.com/1082105",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202006-02",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
         ],
         url: "https://crbug.com/1082105",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202006-02",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 18:15
Modified
2024-11-21 05:35
Summary
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/1040755Permissions Required, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/1040755Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4714Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DF3F6F7-2305-4BA7-8401-8A7F55C29CB5",
                     versionEndExcluding: "81.0.4044.92",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.",
      },
      {
         lang: "es",
         value: "Una comprobación entrada insuficiente no confiable en clipboard en Google Chrome versiones anteriores a  81.0.4044.92, permitió a un atacante local omitir el aislamiento del sitio por medio de contenidos del portapapeles diseñados.",
      },
   ],
   id: "CVE-2020-6456",
   lastModified: "2024-11-21T05:35:45.867",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T18:15:13.063",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/1040755",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/1040755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-276",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 18:15
Modified
2024-11-21 05:35
Summary
Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/1059764Permissions Required, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMXT4OKBMCJSNSX7TZDBJNY6ORKFZRFO/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQTV7EFWQKF6VJBCVH4PUQJLGO7ISLTN/
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/1059764Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMXT4OKBMCJSNSX7TZDBJNY6ORKFZRFO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQTV7EFWQKF6VJBCVH4PUQJLGO7ISLTN/
Impacted products
Vendor Product Version
google chrome *
fedoraproject fedora 30
fedoraproject fedora 31
opensuse backports sle-15
opensuse leap 15.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "02AA21FD-4513-45EC-B4C7-1561690D30EA",
                     versionEndExcluding: "80.0.3987.162",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Un desbordamiento de búfer de la pila (heap) en media en Google Chrome versiones anteriores a  80.0.3987.162, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada.",
      },
   ],
   id: "CVE-2020-6452",
   lastModified: "2024-11-21T05:35:45.420",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T18:15:12.890",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/1059764",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMXT4OKBMCJSNSX7TZDBJNY6ORKFZRFO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQTV7EFWQKF6VJBCVH4PUQJLGO7ISLTN/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/1059764",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMXT4OKBMCJSNSX7TZDBJNY6ORKFZRFO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQTV7EFWQKF6VJBCVH4PUQJLGO7ISLTN/",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-22 20:15
Modified
2024-11-21 05:04
Severity ?
Summary
The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.
Impacted products
Vendor Product Version
chocolate-doom chocolate_doom 3.0.0
chocolate-doom crispy_doom 5.8.0
opensuse backports sle-15
opensuse leap 15.1
opensuse leap 15.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:chocolate-doom:chocolate_doom:3.0.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "8A0A032A-7DAA-4ECA-AEA1-6A53174ED24C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:chocolate-doom:crispy_doom:5.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF3CE9D2-DCDF-43E5-864E-EFC6C67F8560",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.",
      },
      {
         lang: "es",
         value: "El servidor en Chocolate Doom versión 3.0.0 y Crispy Doom versión 5.8.0, no comprueba el valor de num_players controlado por el usuario, conllevando a un desbordamiento del búfer. Un usuario malicioso puede sobrescribir la pila del servidor",
      },
   ],
   id: "CVE-2020-14983",
   lastModified: "2024-11-21T05:04:34.750",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-22T20:15:11.380",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00002.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00007.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00012.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/chocolate-doom/chocolate-doom/issues/1293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00007.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00012.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/chocolate-doom/chocolate-doom/issues/1293",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-23 20:29
Modified
2024-11-21 04:45
Summary
Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.
Impacted products
Vendor Product Version
google chrome *
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
                     versionEndExcluding: "73.0.3683.75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La  aplicación de políticas insuficientes en Extensions en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto iniciar la interfaz de usuario de instalación de extensiones por medio de una página HTML creada.",
      },
   ],
   id: "CVE-2019-5793",
   lastModified: "2024-11-21T04:45:30.313",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-23T20:29:00.843",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/937487",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/937487",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-23 20:29
Modified
2024-11-21 04:45
Summary
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.
Impacted products
Vendor Product Version
google chrome *
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
                     versionEndExcluding: "73.0.3683.75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.",
      },
      {
         lang: "es",
         value: "El desbordamiento de enteros en PDFium en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara un acceso a la memoria fuera de límites por medio de un archivo PDF creado.",
      },
   ],
   id: "CVE-2019-5792",
   lastModified: "2024-11-21T04:45:30.187",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-23T20:29:00.797",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/914983",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/914983",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-03 23:15
Modified
2024-11-21 05:35
Summary
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Impacted products
Vendor Product Version
google chrome *
debian debian_linux 9.0
debian debian_linux 10.0
opensuse backports sle-15
opensuse leap 15.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3FA0046-45B4-4D20-AEB4-72D9A04283C3",
                     versionEndExcluding: "83.0.4103.97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.",
      },
      {
         lang: "es",
         value: "Una aplicación insuficiente de la política en developer tools en Google Chrome versiones anteriores a 83.0.4103.97, permitió a un atacante que convenció a un usuario de instalar una extensión maliciosa potencialmente llevar a cabo un escape del sandbox por medio de una Chrome Extension diseñada",
      },
   ],
   id: "CVE-2020-6495",
   lastModified: "2024-11-21T05:35:50.590",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-03T23:15:11.917",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
         ],
         url: "https://crbug.com/1072116",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202006-02",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
         ],
         url: "https://crbug.com/1072116",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202006-02",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-276",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
chrome-cve-admin@google.comhttps://crbug.com/919635
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/919635
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
      },
      {
         lang: "es",
         value: "El desbordamiento de enteros en PDFium en Google Chrome antes de 74.0.3729.108 permitió a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo PDF creado.",
      },
   ],
   id: "CVE-2019-5820",
   lastModified: "2024-11-21T04:45:34.500",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.630",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/919635",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/919635",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "El desbordamiento del búfer del heap en ANGLE en Google Chrome en Windows antes de 74.0.3729.108 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de una página HTML diseñada",
      },
   ],
   id: "CVE-2019-5817",
   lastModified: "2024-11-21T04:45:34.083",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.457",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/943709",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/943709",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-14 21:29
Modified
2024-11-21 04:20
Summary
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00028.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.htmlThird Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/05/16/1Exploit, Mailing List, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/108360Broken Link
cve@mitre.orghttps://github.com/sylabs/singularity/releases/tag/v3.2.0Release Notes
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3TPL5OOTIZEI4H6IQBCCISBARJ6WL3/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIHV7DSEVTB5SUPEZ2UXGS3Q6WMEQSO2/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNU5BUHFOTYUZVHFUSX2VG4S3RCPUEMA/
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00028.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/05/16/1Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/108360Broken Link
af854a3a-2127-422b-91ae-364da2661108https://github.com/sylabs/singularity/releases/tag/v3.2.0Release Notes
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3TPL5OOTIZEI4H6IQBCCISBARJ6WL3/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIHV7DSEVTB5SUPEZ2UXGS3Q6WMEQSO2/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNU5BUHFOTYUZVHFUSX2VG4S3RCPUEMA/



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sylabs:singularity:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A03C5294-152B-4B8C-A3C9-C12F336E3CF8",
                     versionEndExcluding: "3.2.0",
                     versionStartIncluding: "3.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sylabs:singularity:3.2.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "DCF1D191-8AE3-45AB-A8B8-5FE0495AFDF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sylabs:singularity:3.2.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "CD87FF8D-26D4-42AE-9D6B-BC49773D6A4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sylabs:singularity:3.2.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "9893E982-1FA4-474C-9FC0-5B08BEA1937D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.",
      },
      {
         lang: "es",
         value: "Se encontró un problema en Singularity versión 3.1.0 hasta la 3.2.0-rc2, un usuario malicioso con acceso local de red hacia el sistema host (por ejemplo, ssh) podría atacar esta vulnerabilidad debido a permisos no seguros que permiten a un usuario editar archivos dentro de `/run/singularity/instances/sing//`. La manipulación de esos archivos puede cambiar el comportamiento del programa starter-suid cuando las peticiones se unen, lo que conlleva a una posible escalada de privilegios en el host.",
      },
   ],
   id: "CVE-2019-11328",
   lastModified: "2024-11-21T04:20:53.913",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-14T21:29:01.137",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00028.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/05/16/1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://www.securityfocus.com/bid/108360",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/sylabs/singularity/releases/tag/v3.2.0",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3TPL5OOTIZEI4H6IQBCCISBARJ6WL3/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIHV7DSEVTB5SUPEZ2UXGS3Q6WMEQSO2/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNU5BUHFOTYUZVHFUSX2VG4S3RCPUEMA/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00028.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/05/16/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.securityfocus.com/bid/108360",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/sylabs/singularity/releases/tag/v3.2.0",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3TPL5OOTIZEI4H6IQBCCISBARJ6WL3/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIHV7DSEVTB5SUPEZ2UXGS3Q6WMEQSO2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNU5BUHFOTYUZVHFUSX2VG4S3RCPUEMA/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-732",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-11-25 15:15
Modified
2024-11-21 04:25
Summary
Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-12/msg00035.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://access.redhat.com/errata/RHSA-2019:3955Third Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.htmlVendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/1024121Permissions Required
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54XWRJ5LDFL27QXBPIBX3EHO4TPMKN4R/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/USW7PGIHNPE6W3LGY6ZDFLELQGSL52CH/
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/202003-08Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00035.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3955Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/1024121Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54XWRJ5LDFL27QXBPIBX3EHO4TPMKN4R/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/USW7PGIHNPE6W3LGY6ZDFLELQGSL52CH/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202003-08Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB361AD0-A294-43B3-AF86-B157B768EDCF",
                     versionEndExcluding: "78.0.3904.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Un uso de la memoria previamente liberada en WebBluetooth en Google Chrome versiones anteriores a 78.0.3904.108, permitió a un atacante remoto, que había comprometido el proceso del renderizador, explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-13723",
   lastModified: "2024-11-21T04:25:34.800",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-11-25T15:15:34.027",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00035.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:3955",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
         ],
         url: "https://crbug.com/1024121",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54XWRJ5LDFL27QXBPIBX3EHO4TPMKN4R/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/USW7PGIHNPE6W3LGY6ZDFLELQGSL52CH/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-08",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00035.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:3955",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
         ],
         url: "https://crbug.com/1024121",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54XWRJ5LDFL27QXBPIBX3EHO4TPMKN4R/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/USW7PGIHNPE6W3LGY6ZDFLELQGSL52CH/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-08",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
chrome-cve-admin@google.comhttps://crbug.com/930057
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/930057
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La aplicación insuficiente de políticas en Blink en Google Chrome antes de 74.0.3729.108 permitió a un atacante remoto filtrar datos de cross-origin  a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5814",
   lastModified: "2024-11-21T04:45:33.693",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.333",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/930057",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/930057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-352",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
chrome-cve-admin@google.comhttps://crbug.com/941008
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/941008
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Use-after-free en el selector de archivos en Google Chrome antes del 74.0.3729.108 permitió que un atacante remoto que había comprometido el proceso del renderizador realizara una escalada de privilegios a través de una página HTML diseñada",
      },
   ],
   id: "CVE-2019-5809",
   lastModified: "2024-11-21T04:45:32.373",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.037",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/941008",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/941008",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-11-25 15:15
Modified
2024-11-21 04:25
Summary
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Impacted products
Vendor Product Version
google chrome *
opensuse backports sle-15



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "672BBC37-A438-4A13-B476-F26333E822AE",
                     versionEndExcluding: "78.0.3904.70",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Una aplicación de política insuficiente en JavaScript en Google Chrome versiones anteriores a 78.0.3904.70, permitió a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-13713",
   lastModified: "2024-11-21T04:25:33.597",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-11-25T15:15:33.387",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/993288",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/993288",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
chrome-cve-admin@google.comhttps://crbug.com/918293
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/918293
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1629DCDC-F45C-4F3E-A8EF-43E40E2FD504",
                     versionEndExcluding: "75.0.3770.80",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La filtración de información sobre el tamaño de los recursos en Blink en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto filtrara datos de origen cruzado a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5837",
   lastModified: "2024-11-21T04:45:36.803",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:15.510",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/918293",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/918293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-19 00:15
Modified
2024-11-21 06:31
Summary
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cobbler_project:cobbler:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C1BBC09-CD18-4BF4-972E-356DB8A70996",
                     versionEndExcluding: "3.3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E29492E1-43D8-43BF-94E3-26A762A66FAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "4DEE66F8-CE56-49A1-8E3A-876CC67BC096",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp4:*:*:*:*:*:*",
                     matchCriteriaId: "0D668794-E03A-4712-ABE1-A7126658FCCB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "8B072472-B463-4647-885D-E40B0115C810",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
                     matchCriteriaId: "15FC9014-BD85-4382-9D04-C0703E901D7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "5372BB07-73C9-4DB3-95C4-108C1A06683C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "6C2EACE6-C127-4B13-8002-8EEBEE8D549B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                     matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the \"#from MODULE import\" substring. (Only lines beginning with #import are blocked.)",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Cobbler versiones hasta 3.3.0. En el archivo templar.py, la función check_for_invalid_imports puede permitir que el código Cheetah importe módulos de Python por medio de la subcadena \"#from MODULE import\". (Sólo son bloqueadas las líneas que comienzan con #import)",
      },
   ],
   id: "CVE-2021-45082",
   lastModified: "2024-11-21T06:31:54.773",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-19T00:15:17.013",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1193678",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/cobbler/cobbler/releases",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1193678",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/cobbler/cobbler/releases",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-77",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
chrome-cve-admin@google.comhttps://crbug.com/959390
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/959390
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1629DCDC-F45C-4F3E-A8EF-43E40E2FD504",
                     versionEndExcluding: "75.0.3770.80",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La aplicación de políticas insuficientes en XMLHttpRequest en Google Chrome antes de 75.0.3770.80 permitió a un atacante remoto filtrar datos de origen cruzado a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5832",
   lastModified: "2024-11-21T04:45:36.140",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:15.223",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/959390",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/959390",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
chrome-cve-admin@google.comhttps://crbug.com/947342
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/947342
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1629DCDC-F45C-4F3E-A8EF-43E40E2FD504",
                     versionEndExcluding: "75.0.3770.80",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "El desbordamiento del búfer del montón en ANGLE en Google Chrome antes de 75.0.3770.80 permitió a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada",
      },
   ],
   id: "CVE-2019-5836",
   lastModified: "2024-11-21T04:45:36.673",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:15.443",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/947342",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/947342",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-11-25 15:15
Modified
2024-11-21 04:25
Summary
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.
Impacted products
Vendor Product Version
google chrome *
opensuse backports sle-15



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "672BBC37-A438-4A13-B476-F26333E822AE",
                     versionEndExcluding: "78.0.3904.70",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.",
      },
      {
         lang: "es",
         value: "La comprobación insuficiente de una entrada no confiable en intents en Google Chrome en Android versiones anteriores a 78.0.3904.70, permitió a un atacante local filtrar archivos por medio de una aplicación diseñada.",
      },
   ],
   id: "CVE-2019-13707",
   lastModified: "2024-11-21T04:25:32.973",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-11-25T15:15:33.043",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/859349",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/859349",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-01-23 15:15
Modified
2024-11-21 04:33
Summary
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.
Impacted products
Vendor Product Version
apt-cacher-ng_project apt-cacher-ng *
opensuse leap 15.1
opensuse backports sle-15



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD885EB0-ECD0-408C-9BF7-2AB16EEB3FF5",
                     versionEndExcluding: "3.1-lp151.3.3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.",
      },
      {
         lang: "es",
         value: "El paquete apt-cacher-ng de openSUSE Leap versión 15.1, ejecuta operaciones en el directorio /run/apt-cacher-ng propiedad del usuario con privilegios de root. Esto puede permitir a atacantes locales influir en el resultado de estas operaciones. Este problema afecta a: apt-cacher-ng versiones anteriores a 3.1-lp151.3.3.1 de openSUSE Leap versión 15.1.",
      },
   ],
   id: "CVE-2019-18899",
   lastModified: "2024-11-21T04:33:48.320",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 6.2,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.5,
            impactScore: 3.6,
            source: "meissner@suse.de",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-01-23T15:15:13.600",
   references: [
      {
         source: "meissner@suse.de",
         tags: [
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html",
      },
      {
         source: "meissner@suse.de",
         tags: [
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html",
      },
      {
         source: "meissner@suse.de",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1157703",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1157703",
      },
   ],
   sourceIdentifier: "meissner@suse.de",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-269",
            },
         ],
         source: "meissner@suse.de",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-269",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-23 13:15
Modified
2024-11-21 04:55
Summary
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
Impacted products
Vendor Product Version
torproject tor *
torproject tor *
torproject tor *
opensuse backports sle-15
opensuse leap 15.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A0F32196-820B-417F-A8BA-C2F1EAC01717",
                     versionEndExcluding: "0.3.5.10",
                     versionStartIncluding: "0.3.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8DEF7C0-0B37-4339-8B96-63A5B817AA7C",
                     versionEndExcluding: "0.4.1.9",
                     versionStartExcluding: "0.4.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "990A6710-D662-4B46-8B1D-963F682CB234",
                     versionEndIncluding: "0.4.2.7",
                     versionStartExcluding: "0.4.2.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.",
      },
      {
         lang: "es",
         value: "Tor versiones anteriores a 0.3.5.10, versiones 0.4.x anteriores a 0.4.1.9 y versiones 0.4.2.x anteriores a 0.4.2.7, permite a atacantes remotos causar una Denegación de Servicio (consumo de CPU), también se conoce como TROVE-2020-002.",
      },
   ],
   id: "CVE-2020-10592",
   lastModified: "2024-11-21T04:55:39.500",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.8,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-03-23T13:15:12.957",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00045.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00052.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-50",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://trac.torproject.org/projects/tor/ticket/33120",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00045.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00052.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-50",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://trac.torproject.org/projects/tor/ticket/33120",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
chrome-cve-admin@google.comhttps://crbug.com/945644
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/945644
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "El problema de la vida útil del objeto en V8 en Google Chrome antes de 74.0.3729.108 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5807",
   lastModified: "2024-11-21T04:45:32.100",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:13.927",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/945644",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/945644",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-24 01:15
Modified
2024-11-21 04:35
Severity ?
Summary
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:graphicsmagick:graphicsmagick:1.4:2019-04-03:*:*:*:*:*:*",
                     matchCriteriaId: "8F746D69-B658-432B-8EB5-2F89E8D06161",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.",
      },
      {
         lang: "es",
         value: "En GraphicsMagick versión 1.4 snapshot-20190403 Q8, se presenta un uso de la memoria previamente liberada de las funciones ThrowException y ThrowLoggedException del archivo magick/error.c.",
      },
   ],
   id: "CVE-2019-19950",
   lastModified: "2024-11-21T04:35:43.653",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-12-24T01:15:11.387",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://sourceforge.net/p/graphicsmagick/bugs/603/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4640",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://sourceforge.net/p/graphicsmagick/bugs/603/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4640",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html
chrome-cve-admin@google.comhttps://crbug.com/948564
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/948564
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E86A7A78-CFB0-4CF5-AFE2-E1C88ED6E19D",
                     versionEndExcluding: "74.0.3729.131",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "El error en el paso de parámetros en los medios en Google Chrome antes de 74.0.3729.131 permitió a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5824",
   lastModified: "2024-11-21T04:45:35.037",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.867",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/948564",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/948564",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-03 22:15
Modified
2024-11-21 04:44
Summary
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.
Impacted products
Vendor Product Version
shadowsocks shadowsocks-libev 3.3.2
opensuse backports sle-15
opensuse leap 15.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:shadowsocks:shadowsocks-libev:3.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C7487D4-D438-4F80-985D-61BEF8854421",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.",
      },
      {
         lang: "es",
         value: "Hay una vulnerabilidad de denegación de servicio explotable en la funcionalidad UDPRelay de Shadowsocks-libev versión 3.3.2. Cuando se utiliza un Cifrado de Flujo y un local_address, unos paquetes UDP arbitrarios pueden causar una ruta de código de error FATAL y salir. Un atacante puede enviar paquetes UDP arbitrarios para activar esta vulnerabilidad.",
      },
   ],
   id: "CVE-2019-5163",
   lastModified: "2024-11-21T04:44:28.237",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "talos-cna@cisco.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-12-03T22:15:15.370",
   references: [
      {
         source: "talos-cna@cisco.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html",
      },
      {
         source: "talos-cna@cisco.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00061.html",
      },
      {
         source: "talos-cna@cisco.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00061.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956",
      },
   ],
   sourceIdentifier: "talos-cna@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-306",
            },
         ],
         source: "talos-cna@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-306",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 18:15
Modified
2024-11-21 05:35
Summary
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/1043965Permissions Required, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/1043965Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4714Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DF3F6F7-2305-4BA7-8401-8A7F55C29CB5",
                     versionEndExcluding: "81.0.4044.92",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Una aplicación insuficiente de la política en extensions de Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto omitir las restricciones de navegación por medio de una página HTML diseñada.",
      },
   ],
   id: "CVE-2020-6433",
   lastModified: "2024-11-21T05:35:43.153",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T18:15:11.827",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/1043965",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/1043965",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-02-04 20:15
Modified
2024-11-21 04:29
Summary
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "69BE13A7-612F-4C06-B9DD-D5CADE0E89BB",
                     versionEndExcluding: "15.0.14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "69BAB965-AE57-4674-BF4E-484F779DE1E1",
                     versionEndExcluding: "16.0.7",
                     versionStartIncluding: "16.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DA73A56-619E-44C9-858A-23DD0EC7730C",
                     versionEndExcluding: "17.0.2",
                     versionStartIncluding: "17.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.",
      },
      {
         lang: "es",
         value: "Un error en Nextcloud Server versión 17.0.1, causa que las reglas de flujo de trabajo dependan de su comportamiento sobre la extensión del archivo cuando se comprueban los mimetypes de archivos.",
      },
   ],
   id: "CVE-2019-15613",
   lastModified: "2024-11-21T04:29:07.930",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-02-04T20:15:11.870",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://hackerone.com/reports/697959",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Broken Link",
            "Vendor Advisory",
         ],
         url: "https://nextcloud.com/security/advisory/?id=NC-SA-2020-002",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://hackerone.com/reports/697959",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Vendor Advisory",
         ],
         url: "https://nextcloud.com/security/advisory/?id=NC-SA-2020-002",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-345",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.
Impacted products
Vendor Product Version
google chrome *
google android -
fedoraproject fedora 29
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "El problema de la duración del proceso en Chrome en Google Chrome en Android antes de 74.0.3729.108 permitió que un atacante remoto pudiera persistir en un proceso explotado a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5816",
   lastModified: "2024-11-21T04:45:33.957",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.380",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/940245",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/940245",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-664",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
chrome-cve-admin@google.comhttps://crbug.com/771815
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/771815
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "El manejo incorrecto de CORS en ServiceWorker en Google Chrome antes de 74.0.3729.108 permitió a un atacante remoto omitir la misma política de origen a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5811",
   lastModified: "2024-11-21T04:45:32.643",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.163",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/771815",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/771815",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 18:15
Modified
2024-11-21 05:35
Summary
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/852645Permissions Required, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/852645Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4714Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DF3F6F7-2305-4BA7-8401-8A7F55C29CB5",
                     versionEndExcluding: "81.0.4044.92",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Una aplicación insuficiente de la política en full screen en Google Chrome versiones anteriores a  81.0.4044.92, permitió a un atacante remoto falsificar la Interfaz de Usuario de seguridad por medio de una página HTML diseñada.",
      },
   ],
   id: "CVE-2020-6431",
   lastModified: "2024-11-21T05:35:42.920",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T18:15:11.717",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/852645",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/852645",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-276",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 18:15
Modified
2024-11-21 05:35
Summary
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/933172Permissions Required, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/933172Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4714Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DF3F6F7-2305-4BA7-8401-8A7F55C29CB5",
                     versionEndExcluding: "81.0.4044.92",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Una aplicación insuficiente de la política en trusted types en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto omitir una política de seguridad de contenido por medio de una página HTML diseñada.",
      },
   ],
   id: "CVE-2020-6446",
   lastModified: "2024-11-21T05:35:44.670",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T18:15:12.623",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/933172",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/933172",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-276",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
chrome-cve-admin@google.comhttps://crbug.com/943087
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/943087
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "El desbordamiento de enteros en ANGLE en Google Chrome en Windows antes de 74.0.3729.108 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de una página HTML diseñada",
      },
   ],
   id: "CVE-2019-5806",
   lastModified: "2024-11-21T04:45:31.970",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:13.880",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/943087",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/943087",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-23 20:29
Modified
2024-11-21 04:45
Summary
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Impacted products
Vendor Product Version
google chrome *
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
                     versionEndExcluding: "73.0.3683.75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Un desbordamiento de enteros que provoca un uso de memoria previamente liberada (use-after-free) en WebMIDI en Google Chrome en Windows antes de la versión 73.0.3683.75, permitió que un atacante remoto que había comprometido el proceso del renderizador ejecutara código arbitrario por medio de una página HTML creada.",
      },
   ],
   id: "CVE-2019-5789",
   lastModified: "2024-11-21T04:45:29.803",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-23T20:29:00.670",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/921581",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/921581",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
chrome-cve-admin@google.comhttps://crbug.com/919640
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/919640
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
      },
      {
         lang: "es",
         value: "El desbordamiento de enteros en PDFium en Google Chrome antes de 74.0.3729.108 permitió a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo PDF creado.",
      },
   ],
   id: "CVE-2019-5821",
   lastModified: "2024-11-21T04:45:34.630",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.693",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/919640",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/919640",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
chrome-cve-admin@google.comhttps://crbug.com/913320
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/913320
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
      },
      {
         lang: "es",
         value: "Use-after-free en PDFium en Google Chrome antes del 74.0.3729.108 permitió a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo PDF creado.",
      },
   ],
   id: "CVE-2019-5805",
   lastModified: "2024-11-21T04:45:31.810",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:13.817",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/913320",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/913320",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
chrome-cve-admin@google.comhttps://crbug.com/962368
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/962368
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1629DCDC-F45C-4F3E-A8EF-43E40E2FD504",
                     versionEndExcluding: "75.0.3770.80",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La insuficiente validación de datos en Blink en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto realizara una falsificación de dominio a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5834",
   lastModified: "2024-11-21T04:45:36.410",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:15.333",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/962368",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/962368",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-346",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 18:15
Modified
2024-11-21 05:35
Summary
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/1032158Permissions Required, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/1032158Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4714Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DF3F6F7-2305-4BA7-8401-8A7F55C29CB5",
                     versionEndExcluding: "81.0.4044.92",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Una aplicación insuficiente de la política en extensions de Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto quien había comprometido el proceso de renderización omitir las restricciones de navegación por medio de una página HTML diseñada.",
      },
   ],
   id: "CVE-2020-6435",
   lastModified: "2024-11-21T05:35:43.390",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T18:15:11.953",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/1032158",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/1032158",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
chrome-cve-admin@google.comhttps://crbug.com/665766
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/665766
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1629DCDC-F45C-4F3E-A8EF-43E40E2FD504",
                     versionEndExcluding: "75.0.3770.80",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La aplicación de políticas insuficientes en CORS en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto filtrara datos de origen cruzado a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5830",
   lastModified: "2024-11-21T04:45:35.867",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:15.100",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/665766",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/665766",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
chrome-cve-admin@google.comhttps://crbug.com/945067
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/945067
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1629DCDC-F45C-4F3E-A8EF-43E40E2FD504",
                     versionEndExcluding: "75.0.3770.80",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "El alcance del cuadro de diálogo incorrecto en el navegador en Google Chrome en Android antes de 75.0.3770.80 permitió a un atacante remoto mostrar una IU de seguridad engañosa a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5833",
   lastModified: "2024-11-21T04:45:36.273",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:15.270",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/945067",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/945067",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-01-21 18:15
Modified
2024-11-21 05:33
Summary
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F58C1F6-AA0C-46EC-81CC-14F62DDD1D1F",
                     versionEndIncluding: "3.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.",
      },
      {
         lang: "es",
         value: "apt-cacher-ng versiones hasta 3.3, permite a usuarios locales obtener información confidencial al secuestrar el puerto TCP codificado. El programa /usr/lib/apt-cacher-ng/acngtool intenta conectarse a apt-cacher-ng por medio de TCP en el puerto localhost 3142, inclusive si es pasada la opción de línea de comando explicita SocketPath=/var/run/apt-cacher-ng/socket. El trabajo cron de /etc/cron.daily/apt-cacher-ng (que está activo por defecto) intenta esto periódicamente. Como el 3142 es un puerto sin privilegios, cualquier usuario local puede intentar vincularse a este puerto y recibirá peticiones desde acngtool. Puede haber datos confidenciales en estas peticiones, por ejemplo, si AdminAuth está habilitado en /etc/apt-cacher-ng/security.conf. Estos datos confidenciales pueden filtrarse a usuarios locales no privilegiados que logran unirse a este puerto antes de que el demonio apt-cacher-ng pueda hacerlo.",
      },
   ],
   id: "CVE-2020-5202",
   lastModified: "2024-11-21T05:33:40.100",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-01-21T18:15:13.060",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2020/01/20/4",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2020/01/20/4",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/oss-sec/2020/q1/21",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2020-5202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2020/01/20/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2020/01/20/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/oss-sec/2020/q1/21",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2020-5202",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
chrome-cve-admin@google.comhttps://crbug.com/916838
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/916838
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La fuga de información en relleno automático  en Google Chrome antes de 74.0.3729.108 permitió que un atacante remoto obtuviera información potencialmente sensible de la memoria de proceso a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5810",
   lastModified: "2024-11-21T04:45:32.507",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.100",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/916838",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/916838",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-312",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
chrome-cve-admin@google.comhttps://crbug.com/926105
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/926105
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E801A650-BF69-4C0C-B1F4-B06F3A7C17B4",
                     versionEndExcluding: "74.0.3729.108",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La implementación inadecuada en Blink en Google Chrome antes de 74.0.3729.108 permitió a un atacante remoto omitir la misma política de origen a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5822",
   lastModified: "2024-11-21T04:45:34.767",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:14.757",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/926105",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/926105",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-23 20:29
Modified
2024-11-21 04:45
Summary
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Impacted products
Vendor Product Version
google chrome *
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
                     versionEndExcluding: "73.0.3683.75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La  insuficiente aplicación de políticas en Content Security Policy en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto eludir la política de seguridad de contenido por medio de una página HTML creada.",
      },
   ],
   id: "CVE-2019-5803",
   lastModified: "2024-11-21T04:45:31.567",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-23T20:29:01.297",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/909865",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/909865",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-07 19:29
Modified
2024-11-21 04:48
Summary
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://bugzilla.suse.com/show_bug.cgi?id=1124863Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4aPatch, Vendor Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=1124863Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4aPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:kde:kauth:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E3326D4-ECA4-46F5-9B03-896847B33BB1",
                     versionEndExcluding: "5.55.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:opensuse:backports:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D47B6AC2-F30A-4AE8-8E5A-AD31E922D51D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1607628F-77A7-4C1F-98DF-0DC50AE8627D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.",
      },
      {
         lang: "es",
         value: "KDE KAuth, versiones anteriores 5.55, permite el paso de parámetros con tipos arbitrarios a ayudantes que se ejecutan como root sobre DBus a través de DBusHelperProxy.cpp. Ciertos tipos pueden causar caídas y desencadenar la decodificación de imágenes arbitrarias con plugins cargados dinámicamente. En otras palabras, KAuth involuntariamente hace que este código del plugin se ejecute como root, lo que aumenta la severidad de cualquier posible explotación de una vulnerabilidad del plugin.",
      },
   ],
   id: "CVE-2019-7443",
   lastModified: "2024-11-21T04:48:14.897",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-07T19:29:01.410",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1124863",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1124863",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 18:15
Modified
2024-11-21 05:35
Summary
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/933171Permissions Required, Vendor Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
chrome-cve-admin@google.comhttps://www.debian.org/security/2020/dsa-4714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/933171Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4714Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DF3F6F7-2305-4BA7-8401-8A7F55C29CB5",
                     versionEndExcluding: "81.0.4044.92",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Una aplicación insuficiente de la política en trusted types en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto omitir una política de seguridad de contenido por medio de una página HTML diseñada.",
      },
   ],
   id: "CVE-2020-6445",
   lastModified: "2024-11-21T05:35:44.547",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T18:15:12.547",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/933171",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "chrome-cve-admin@google.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://crbug.com/933171",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4714",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-276",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-23 20:29
Modified
2024-11-21 04:45
Summary
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Impacted products
Vendor Product Version
google chrome *
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
                     versionEndExcluding: "73.0.3683.75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "Un desbordamiento de enteros que provoca una capacidad incorrecta de un búfer en JavaScript en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara código arbitrario dentro de un sandbox por medio de una página HTML creada.",
      },
   ],
   id: "CVE-2019-5790",
   lastModified: "2024-11-21T04:45:29.920",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-23T20:29:00.700",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/914736",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/914736",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-23 20:29
Modified
2024-11-21 04:45
Summary
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Impacted products
Vendor Product Version
google chrome *
apple iphone_os -
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
                     versionEndExcluding: "73.0.3683.75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "La eliminación incorrecta de las URL en Omnibox en Google Chrome en iOS antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara una suplantación de dominio por medio de una página HTML creada.",
      },
   ],
   id: "CVE-2019-5801",
   lastModified: "2024-11-21T04:45:31.320",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-23T20:29:01.200",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/921390",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/921390",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-07-30 21:15
Modified
2024-11-21 04:44
Summary
Double Free in VLC versions <= 3.0.6 leads to a crash.
Impacted products
Vendor Product Version
videolan vlc_media_player *
opensuse backports sle-15
opensuse backports sle-15
opensuse leap 15.0
opensuse leap 15.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B495DB-9B59-48DE-9B22-7AB48CDBBF2B",
                     versionEndIncluding: "3.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Double Free in VLC versions <= 3.0.6 leads to a crash.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de Doble Liberación en VLC versiones anteriores a 3.0.6 (incluida), conlleva a un bloqueo.",
      },
   ],
   id: "CVE-2019-5460",
   lastModified: "2024-11-21T04:44:58.610",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-07-30T21:15:12.320",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://hackerone.com/reports/503208",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://hackerone.com/reports/503208",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-415",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-415",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-27 17:15
Modified
2024-11-21 04:45
Summary
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
chrome-cve-admin@google.comhttps://crbug.com/950328
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
chrome-cve-admin@google.comhttps://seclists.org/bugtraq/2019/Aug/19
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/201908-18
chrome-cve-admin@google.comhttps://www.debian.org/security/2019/dsa-4500
chrome-cve-admin@google.comhttps://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0791
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/950328
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/19
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-18
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4500
af854a3a-2127-422b-91ae-364da2661108https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0791
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1629DCDC-F45C-4F3E-A8EF-43E40E2FD504",
                     versionEndExcluding: "75.0.3770.80",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                     matchCriteriaId: "398716BC-E609-4338-BAB9-7CB2A78599BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
      },
      {
         lang: "es",
         value: "El problema del lifecycle del objeto en V8 en Google Chrome antes de 75.0.3770.80 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada.",
      },
   ],
   id: "CVE-2019-5831",
   lastModified: "2024-11-21T04:45:36.007",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-27T17:15:15.163",
   references: [
      {
         source: "chrome-cve-admin@google.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://crbug.com/950328",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "chrome-cve-admin@google.com",
         url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0791",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://crbug.com/950328",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Aug/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201908-18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0791",
      },
   ],
   sourceIdentifier: "chrome-cve-admin@google.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

var-201907-1556
Vulnerability from variot

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue. PowerDNS Authoritative Server Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. PowerDNSAuthoritativeServer is a DNS server of the Dutch PowerDNS company. A security vulnerability exists in PowerDNSAuthoritativeServer 4.1.8 and earlier. An attacker could exploit the vulnerability by sending a large number of NOTIFY packets to cause a denial of service. PowerDNS Authoritative Server is prone to a denial-of-service vulnerability. PowerDNS Authoritative Server version 4.1.8 and prior are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-4470-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 23, 2019 https://www.debian.org/security/faq

Package : pdns CVE ID : CVE-2019-10162 CVE-2019-10163

Two vulnerabilities have been discovered in pdns, an authoritative DNS server which may result in denial of service via malformed zone records and excessive NOTIFY packets in a master/slave setup.

For the stable distribution (stretch), these problems have been fixed in version 4.0.3-1+deb9u5.

We recommend that you upgrade your pdns packages.

For the detailed security status of pdns please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pdns

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl0P6LYACgkQEMKTtsN8 Tjbi2RAAqjNYSOlZ5W/yfVxGPO5OiyC8XojhGPuPdVmByyCDTqzgPtZftKHxXfD2 0sdc5/NM7ZNC/3brzRrVlMVRm7/bJvPloeDAGb8bnSzge9Nzz9FB7zcQxc5fdaqA pn7/++FWXDmOVy2NEObcerk/SodAWDpVfmIZP6kH3aIeGs0WrUA/cusmV+C94kgv 6XVJ3IW2dsIQrHvkoBMi4TJg5PrIHW0RruuJHlUSUgTusZ3XQS+hd93dciK7E+an xi0yB5oA6Mb/vw7DzlBRQfkgMiG6p9YRTgXwBdvrxqEVkNYpq9G/xH+nUdE6rDqt M3bG5tUMGCdtywwmwaSGXvkv6/5puPkMRpJIyTeVQTVYMbOgWyovC5sB5T8JytyD tW7qpbv/Mbhw0mmh0m8KoWnegNQhTTn8d3IKCxalB9JYpw3zhkHmfQW79lBRtqCy SvJEhkOVW7yhsWCl+HjKMXphsPST/oeKP3vJx4ET+4n58OfOt9Fm7rx406g2sY2o NsUwTdF3GDD00v0iuF+Vcm2nA6Qj6dOAXlp4kZygjFbDao4iF6lzY4KGDYS/Pn5Z kB4g58ShfWkAE+/WAvF8QVNcICnlI3l9SxwR2NiY/x6O53vkYBWeiJP/OvRQhlPQ Kw4enCb3qrjgb6jMNDPBMe8TjMh92sEqiXPQBy57OcStAjcfxfI= =nUCz -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1556",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "backports",
            scope: "eq",
            trust: 1,
            vendor: "opensuse",
            version: "sle-15",
         },
         {
            model: "authoritative",
            scope: "gte",
            trust: 1,
            vendor: "powerdns",
            version: "4.0.0",
         },
         {
            model: "leap",
            scope: "eq",
            trust: 1,
            vendor: "opensuse",
            version: "15.0",
         },
         {
            model: "leap",
            scope: "eq",
            trust: 1,
            vendor: "opensuse",
            version: "15.1",
         },
         {
            model: "authoritative",
            scope: "lt",
            trust: 1,
            vendor: "powerdns",
            version: "4.1.9",
         },
         {
            model: "authoritative",
            scope: "gte",
            trust: 1,
            vendor: "powerdns",
            version: "4.1.0",
         },
         {
            model: "authoritative",
            scope: "lt",
            trust: 1,
            vendor: "powerdns",
            version: "4.0.8",
         },
         {
            model: "authoritative",
            scope: "eq",
            trust: 1,
            vendor: "powerdns",
            version: "4.1.0",
         },
         {
            model: "authoritative server",
            scope: "lt",
            trust: 0.8,
            vendor: "powerdns",
            version: "4.0.8",
         },
         {
            model: "authoritative server",
            scope: "lt",
            trust: 0.8,
            vendor: "powerdns",
            version: "4.1.9",
         },
         {
            model: "authoritative server",
            scope: "lte",
            trust: 0.6,
            vendor: "powerdns",
            version: "<=4.1.8",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.1.8",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.1.7",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.1.6",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.1.5",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.1.4",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.1.3",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.1.2",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.1.1",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.1",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.0.7",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.0.6",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.0.5",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.0.4",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.0.3",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.0.2",
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.0.1",
         },
         {
            model: "authoritative server 4.0.0-rc2",
            scope: null,
            trust: 0.3,
            vendor: "powerdns",
            version: null,
         },
         {
            model: "authoritative server 4.0.0-beta1",
            scope: null,
            trust: 0.3,
            vendor: "powerdns",
            version: null,
         },
         {
            model: "authoritative server",
            scope: "eq",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.0.0",
         },
         {
            model: "authoritative server",
            scope: "ne",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.1.9",
         },
         {
            model: "authoritative server",
            scope: "ne",
            trust: 0.3,
            vendor: "powerdns",
            version: "4.0.8",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-19481",
         },
         {
            db: "BID",
            id: "108878",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-007437",
         },
         {
            db: "NVD",
            id: "CVE-2019-10163",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:powerdns:authoritative:4.1.0:-:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "4.1.9",
                        versionStartIncluding: "4.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "4.0.8",
                        versionStartIncluding: "4.0.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2019-10163",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Debian,Gert van Dijk",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201906-866",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2019-10163",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  author: "NVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8,
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "Single",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 4,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2019-10163",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 10,
                  id: "CNVD-2019-19481",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "LOW",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 2.8,
                  impactScore: 1.4,
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "secalert@redhat.com",
                  availabilityImpact: "LOW",
                  baseScore: 3.5,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 2.1,
                  impactScore: 1.4,
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
                  version: "3.0",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "Low",
                  baseScore: 4.3,
                  baseSeverity: "Medium",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2019-10163",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "Low",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2019-10163",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "secalert@redhat.com",
                  id: "CVE-2019-10163",
                  trust: 1,
                  value: "LOW",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2019-19481",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201906-866",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2019-10163",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-19481",
         },
         {
            db: "VULMON",
            id: "CVE-2019-10163",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-007437",
         },
         {
            db: "NVD",
            id: "CVE-2019-10163",
         },
         {
            db: "NVD",
            id: "CVE-2019-10163",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201906-866",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue. PowerDNS Authoritative Server Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. PowerDNSAuthoritativeServer is a DNS server of the Dutch PowerDNS company. A security vulnerability exists in PowerDNSAuthoritativeServer 4.1.8 and earlier. An attacker could exploit the vulnerability by sending a large number of NOTIFY packets to cause a denial of service. PowerDNS Authoritative Server is prone to a denial-of-service vulnerability. \nPowerDNS Authoritative Server version 4.1.8 and prior are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4470-1                   security@debian.org\nhttps://www.debian.org/security/                       Moritz Muehlenhoff\nJune 23, 2019                         https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : pdns\nCVE ID         : CVE-2019-10162 CVE-2019-10163\n\nTwo vulnerabilities have been discovered in pdns, an authoritative DNS\nserver which may result in denial of service via malformed zone records\nand excessive NOTIFY packets in a master/slave setup. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.0.3-1+deb9u5. \n\nWe recommend that you upgrade your pdns packages. \n\nFor the detailed security status of pdns please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/pdns\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl0P6LYACgkQEMKTtsN8\nTjbi2RAAqjNYSOlZ5W/yfVxGPO5OiyC8XojhGPuPdVmByyCDTqzgPtZftKHxXfD2\n0sdc5/NM7ZNC/3brzRrVlMVRm7/bJvPloeDAGb8bnSzge9Nzz9FB7zcQxc5fdaqA\npn7/++FWXDmOVy2NEObcerk/SodAWDpVfmIZP6kH3aIeGs0WrUA/cusmV+C94kgv\n6XVJ3IW2dsIQrHvkoBMi4TJg5PrIHW0RruuJHlUSUgTusZ3XQS+hd93dciK7E+an\nxi0yB5oA6Mb/vw7DzlBRQfkgMiG6p9YRTgXwBdvrxqEVkNYpq9G/xH+nUdE6rDqt\nM3bG5tUMGCdtywwmwaSGXvkv6/5puPkMRpJIyTeVQTVYMbOgWyovC5sB5T8JytyD\ntW7qpbv/Mbhw0mmh0m8KoWnegNQhTTn8d3IKCxalB9JYpw3zhkHmfQW79lBRtqCy\nSvJEhkOVW7yhsWCl+HjKMXphsPST/oeKP3vJx4ET+4n58OfOt9Fm7rx406g2sY2o\nNsUwTdF3GDD00v0iuF+Vcm2nA6Qj6dOAXlp4kZygjFbDao4iF6lzY4KGDYS/Pn5Z\nkB4g58ShfWkAE+/WAvF8QVNcICnlI3l9SxwR2NiY/x6O53vkYBWeiJP/OvRQhlPQ\nKw4enCb3qrjgb6jMNDPBMe8TjMh92sEqiXPQBy57OcStAjcfxfI=\n=nUCz\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2019-10163",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-007437",
         },
         {
            db: "CNVD",
            id: "CNVD-2019-19481",
         },
         {
            db: "BID",
            id: "108878",
         },
         {
            db: "VULMON",
            id: "CVE-2019-10163",
         },
         {
            db: "PACKETSTORM",
            id: "153381",
         },
      ],
      trust: 2.61,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2019-10163",
            trust: 3.5,
         },
         {
            db: "BID",
            id: "108878",
            trust: 1.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.2234",
            trust: 1.2,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-007437",
            trust: 0.8,
         },
         {
            db: "PACKETSTORM",
            id: "153381",
            trust: 0.7,
         },
         {
            db: "CNVD",
            id: "CNVD-2019-19481",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.2436",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201906-866",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2019-10163",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-19481",
         },
         {
            db: "VULMON",
            id: "CVE-2019-10163",
         },
         {
            db: "BID",
            id: "108878",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-007437",
         },
         {
            db: "PACKETSTORM",
            id: "153381",
         },
         {
            db: "NVD",
            id: "CVE-2019-10163",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201906-866",
         },
      ],
   },
   id: "VAR-201907-1556",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-19481",
         },
      ],
      trust: 0.06,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-19481",
         },
      ],
   },
   last_update_date: "2023-12-18T12:50:10.879000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "PowerDNS Authoritative Server 4.0.8 and 4.1.10 Released",
            trust: 0.8,
            url: "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/",
         },
         {
            title: "PowerDNS Security Advisory 2019-05: Denial of service via NOTIFY packets",
            trust: 0.8,
            url: "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html",
         },
         {
            title: "PowerDNSAuthoritativeServer denial of service vulnerability patch",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/165551",
         },
         {
            title: "PowerDNS Authoritative Server Security vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94008",
         },
         {
            title: "Debian Security Advisories: DSA-4470-1 pdns -- security update",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=ef0d33d49b08fb003c26be24d917554f",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/live-hack-cve/cve-2019-10163 ",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-19481",
         },
         {
            db: "VULMON",
            id: "CVE-2019-10163",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-007437",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201906-866",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-770",
            trust: 1,
         },
         {
            problemtype: "CWE-400",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2019-007437",
         },
         {
            db: "NVD",
            id: "CVE-2019-10163",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2,
            url: "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html",
         },
         {
            trust: 1.7,
            url: "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/",
         },
         {
            trust: 1.7,
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-10163",
         },
         {
            trust: 1.7,
            url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html",
         },
         {
            trust: 1.7,
            url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html",
         },
         {
            trust: 1.5,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-10163",
         },
         {
            trust: 1.3,
            url: "http://www.debian.org/security/2019/dsa-4470",
         },
         {
            trust: 1.2,
            url: "https://www.auscert.org.au/bulletins/esb-2019.2234/",
         },
         {
            trust: 0.9,
            url: "http://www.powerdns.com/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10163",
         },
         {
            trust: 0.7,
            url: "https://www.securityfocus.com/bid/108878",
         },
         {
            trust: 0.6,
            url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00002.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2019.2436/",
         },
         {
            trust: 0.6,
            url: "https://vigilance.fr/vulnerability/powerdns-denial-of-service-via-notify-packets-29602",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/153381/debian-security-advisory-4470-1.html",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/770.html",
         },
         {
            trust: 0.1,
            url: "https://github.com/live-hack-cve/cve-2019-10163",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://security-tracker.debian.org/tracker/pdns",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/faq",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-10162",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-19481",
         },
         {
            db: "VULMON",
            id: "CVE-2019-10163",
         },
         {
            db: "BID",
            id: "108878",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-007437",
         },
         {
            db: "PACKETSTORM",
            id: "153381",
         },
         {
            db: "NVD",
            id: "CVE-2019-10163",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201906-866",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2019-19481",
         },
         {
            db: "VULMON",
            id: "CVE-2019-10163",
         },
         {
            db: "BID",
            id: "108878",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-007437",
         },
         {
            db: "PACKETSTORM",
            id: "153381",
         },
         {
            db: "NVD",
            id: "CVE-2019-10163",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201906-866",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-06-28T00:00:00",
            db: "CNVD",
            id: "CNVD-2019-19481",
         },
         {
            date: "2019-07-30T00:00:00",
            db: "VULMON",
            id: "CVE-2019-10163",
         },
         {
            date: "2019-06-21T00:00:00",
            db: "BID",
            id: "108878",
         },
         {
            date: "2019-08-09T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2019-007437",
         },
         {
            date: "2019-06-23T19:22:22",
            db: "PACKETSTORM",
            id: "153381",
         },
         {
            date: "2019-07-30T23:15:12.263000",
            db: "NVD",
            id: "CVE-2019-10163",
         },
         {
            date: "2019-06-24T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201906-866",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-06-28T00:00:00",
            db: "CNVD",
            id: "CNVD-2019-19481",
         },
         {
            date: "2023-02-03T00:00:00",
            db: "VULMON",
            id: "CVE-2019-10163",
         },
         {
            date: "2019-06-21T00:00:00",
            db: "BID",
            id: "108878",
         },
         {
            date: "2019-08-09T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2019-007437",
         },
         {
            date: "2023-02-03T14:27:58.510000",
            db: "NVD",
            id: "CVE-2019-10163",
         },
         {
            date: "2020-10-09T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201906-866",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201906-866",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "PowerDNS Authoritative Server Vulnerable to resource exhaustion",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2019-007437",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "resource management error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201906-866",
         },
      ],
      trust: 0.6,
   },
}