97 matches found
CVE-2019-5827
CVE-2019-5827 is an out-of-bounds read in the SQLite library leveraged via Chromium/Chrome. Public records in Debian and related advisories indicate this affects Chromium/Chrome components and was mitigated by upgrading the sqlite3 library (e.g., to versions in Chromium security updates and Debia...
CVE-2019-5798
CVE-2019-5798: In Google Chrome, a lack of proper bounds checking in Skia allowed out-of-bounds memory read via a crafted HTML page. Affected product is Chrome (before 73.0.3683.75); root cause is insufficient bounds checking in Skia’s handling of HTML content. Impact stated: remote attacker coul...
CVE-2019-5789
CVE-2019-5789 is a use-after-free in Chrome's WebMIDI implementation on Windows caused by an integer overflow. A remote attacker who can run crafted HTML in a renderer could execute arbitrary code prior to Chrome 73.0.3683.75. Mitigation: upgrade to 73.0.3683.75 or later (Chromium/Chrome patches)...
CVE-2019-5788
CVE-2019-5788 affects Chromium-based Chrome/Chromium before 73.0.3683.75. The sources describe use-after-free in the FileAPI component (and related issues in Blink Storage) triggered by crafted HTML, with an integer overflow contributing to exploitation. The Debian Arch Linux advisories confirm t...
CVE-2019-5831
CVE-2019-5831 reports an object lifecycle issue in V8 used by Google Chrome/Chromium prior to version 75.0.3770.80, enabling potential remote heap corruption via a crafted HTML page. Public advisories and Debian security notices confirm this as a Chromium/V8 issue with multiple CVEs, and remediat...
CVE-2019-5833
CVE-2019-5833 describes an incorrect dialog box scoping in Google Chrome for Android prior to 75.0.3770.80, enabling a crafted HTML page to display misleading security UI. The vulnerability affects the Chromium/Chrome UI layer and is categorized as a security UI spoofing issue; multiple advisorie...
CVE-2020-6437
CVE-2020-6437 affects the WebView component in Chromium/Google Chrome prior to 81.0.4044.92. An inappropriate implementation/implementation error in WebView allowed a remote attacker to spoof the security UI via a crafted application. The issue is fixed upstream in 81.0.4044.92 (Debian notes also...
CVE-2020-6455
CVE-2020-6455 is an out-of-bounds read in Chromium/Google Chrome’s WebSQL implementation. The issue could allow a remote attacker to potentially cause heap corruption via a crafted page. Affected software is Chrome/Chromium before version 81.0.4044.92. The Debian Arch Linux security advisory and ...
CVE-2019-5791
CVE-2019-5791 is a type confusion in the V8 engine of Chromium/Chrome prior to version 73.0.3683.75. The issue potentially allows remote code execution via crafted HTML pages. Debian/Arch notes indicate fixes in 73.0.3683.75 (Debian: 73.0.3683.75-1; Arch: “before 73.0.3683.75” fixed). Affected pr...
CVE-2020-6443
Chromium/Google Chrome before 81.0.4044.92 is affected by CVE-2020-6443 due to an insufficient data validation flaw in the DevTools component, enabling a remote attacker to execute arbitrary code via a crafted HTML page after convincing a user to use DevTools. Affected product: Chromium/Chrome; r...
CVE-2019-5810
CVE-2019-5810 is a Chromium/Google Chrome information disclosure vulnerability in the Autofill component, reported as information leakage from process memory via a crafted HTML page in Chromium before version 74.0.3729.108. Public records in Debian security advisories and Arch Linux ASA-201904-12...
CVE-2019-5808
CVE-2019-5808 affects Chromium/Google Chrome Blink: a use-after-free in Blink/WebKit prior to 74.0.3729.108 could allow a crafted HTML page to trigger heap corruption. Affected products include Chromium/Chrome; remediation is to upgrade to 74.0.3729.108 or newer (as noted by Arch Debian advisorie...
CVE-2019-5821
CVE-2019-5821 is a concrete issue in PDFium used by Google Chrome/Chromium, caused by an integer overflow in PDFium before 74.0.3729.108, enabling a remote attacker to potentially trigger heap corruption with a crafted PDF. Evidence across multiple advisories confirms the affected component (PDFi...
CVE-2019-5790
CVE-2019-5790 is a heap-based buffer overflow in the V8 JavaScript engine of Chromium/Google Chrome prior to 73.0.3683.75. This vulnerability could allow a remote attacker to execute arbitrary code inside the browser’s sandbox via a crafted HTML page. The Chrome security fix was delivered in the ...
CVE-2019-5822
CVE-2019-5822 affects Google Chrome/Chromium Blink component; describes bypass of Cross‑Origin Resource Sharing (CORS) via a crafted HTML page, effectively bypassing same-origin policy. Affected scope includes Blink/CORS handling in Chrome prior to 74.0.3729.108. Public advisories (Debian DSA-450...
CVE-2019-5793
CVE-2019-5793 affects Chromium/Google Chrome extensions prior to 73.0.3683.75. The vulnerability is described as an excessive permissions issue in the Extensions component, enabling a crafted HTML page to trigger the extension installation UI, effectively bypassing policy controls and potentially...
CVE-2019-5811
CVE-2019-5811 : In Chromium-based browsers, a Cross‑Origin Resource Sharing (CORS) bypass was discovered in Blink, allowing a crafted HTML page to bypass the same-origin policy via Service Worker semantics. The issue is associated with Chrome/Chromium builds prior to 74.0.3729.108. Impact is tied...
CVE-2019-5829
CVE-2019-5829 is a vulnerability in Google's Chromium/Chrome download manager. The issue is an integer overflow that can trigger an out-of-bounds memory access via a crafted HTML page, potentially enabling remote exploitation. Affected software is Chrome/Chromium released before 75.0.3770.80. Mit...
CVE-2020-6425
The CVE-2020-6425 entry concerns Chromium/Google Chrome. The vulnerability is a policy enforcement error in extensions that could allow a user-assisted attacker to bypass site isolation via a crafted Chrome extension. Affected product family: Chromium/Chrome browser engines as distributed in Debi...
CVE-2019-5828
CVE-2019-5828 is a use-after-free vulnerability in the ServiceWorker component of the Chromium/Google Chrome stack, reported to be exploitable remotely via a crafted HTML page. The issue affects Chromium/Chrome versions prior to 75.0.3770.80, with multiple sources listing an upgrade to 75.0.3770....
CVE-2019-5787
CVE-2019-5787 is a use-after-free in the Canvas component of Chromium-based Chrome/Blink (pre-73.0.3683.75). The issue allows a remote attacker to potentially trigger heap corruption via a crafted HTML page. Connected sources also describe related CVEs (5788–5799) in FileAPI, WebMIDI, V8, PDFium,...
CVE-2019-5830
CVE-2019-5830 concerns Google Chrome/Chromium: insufficient CORS policy enforcement allowed a remote attacker to leak cross-origin data via a crafted HTML page. The issue is tracked across multiple advisories and was addressed by updating Chromium/Chrome to a patched release. Affected components:...
CVE-2019-5836
CVE-2019-5836 : A heap buffer overflow in ANGLE within Google Chrome prior to 75.0.3770.80 could allow a remote attacker to cause heap corruption via a crafted HTML page. Connected sources corroborate ANGLE/Chrome scope and advise upgrading to a fixed version; Debian advisories list numerous Chro...
CVE-2019-5839
CVE-2019-5839 affects Google Chrome (Chromium) prior to 75.0.3770.80. The issue is excessive data validation in the URL parser, enabling a remote attacker who lures a user to input a crafted URL to bypass website URL validation. Root cause: improper validation in the URL parsing logic. Impact, pe...
CVE-2019-5832
CVE-2019-5832 affects Chromium/Chrome: an error in the Cross-Origin Resource Sharing (CORS) handling exposes cross-origin data when a crafted HTML page is loaded. Root cause: CORS-related flaw in Chromium’s policy enforcement. Impact stated as information disclosure via cross-origin leaks. Remedi...
CVE-2019-5795
CVE-2019-5795 is an integer overflow in the PDFium component of Google Chrome/Chromium prior to 73.0.3683.75. A crafted PDF file could trigger out-of-bounds memory access. Public sources confirm the PDFium overflow issue; Debian and Arch advisories indicate the fix is in 73.0.3683.75. Remediation...
CVE-2020-6439
CVE-2020-6439 affects Google Chrome/Chromium where an insufficient policy enforcement in navigations permits bypassing the security UI via a crafted HTML page. Affected component is the navigation policy enforcement flow in Chromium/Chrome prior to version 81.0.4044.92. The issue is described as ...
CVE-2019-5824
CVE-2019-5824 affects the Chromium/Chrome media path: a parameter-passing error in the media component could enable heap corruption via a crafted HTML page. Connected advisories corroborate that Chromium/Chrome updates across distributions (e.g., Debian DSA-4500-1, openSUSE/Fedora advisories) add...
CVE-2020-6493
CVE-2020-6493: A use-after-free in Chrome’s WebAuthentication component (older than 83.0.4103.97) could allow a remote attacker who compromises the renderer to escape the sandbox via a crafted HTML page. Affected product is Google Chrome. The issue is fixed in 83.0.4103.97 (upstream); Debian/Arch...
CVE-2019-5799
CVE-2019-5799 is a CSP bypass in Chromium/Google Chrome via blob URLs, affecting versions before 73.0.3683.75. Root cause: content security policy bypass in CSP handling for blob URLs. Impact: remote attacker could bypass CSP and access restricted content. Remediation: upgrade to Chromium/Chrome ...
CVE-2019-5803
CVE-2019-5803 affects Google Chrome/Chromium prior to 73.0.3683.75. The issue is an insufficent Content Security Policy enforcement in Chrome’s CSP implementation, enabling a CSP bypass via crafted HTML content (including CSP bypass with Javascript URLs and related vectors cited in connected sour...
CVE-2019-5809
CVE-2019-5809 is a use-after-free in Blink/WebKit affecting Chromium-based browsers, specifically in the file chooser path. The vulnerability allows a remote attacker who has already compromised the renderer process to escalate privileges via a crafted HTML page. Technical details across connecte...
CVE-2019-5813
CVE-2019-5813 is an out-of-bounds read vulnerability in the V8 JavaScript engine of Chromium/Google Chrome, present in versions prior to 74.0.3729.108. The issue is rooted in the V8 component and could enable information disclosure or heap-related effects as described in vendor advisories. Remedi...
CVE-2020-6441
CVE-2020-6441 affects Chromium/Google Chrome prior to version 81.0.4044.92 and is described as an insufficient policy enforcement issue in the omnibox component, allowing a remote, crafted HTML page to bypass the security UI. Public advisories confirm the vulnerability as a policy‑enforcement err...
CVE-2019-5818
CVE-2019-5818 affects Chromium/Google Chrome’s media reader component before version 74.0.3729.108. The root cause is an uninitialized value in media processing, which can allow a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Public advi...
CVE-2019-5838
CVE-2019-5838 : Insufficient policy enforcement in Chrome extensions API allowed a user-went-through-a-malicious-extension attack to bypass file URI restrictions. Affected: Google Chrome/Chromium prior to 75.0.3770.80. Impact is that a crafted extension could enable access to file URIs that shoul...
CVE-2019-5792
CVE-2019-5792 : An integer overflow in the PDFium component of Chromium/Google Chrome before 73.0.3683.75 allows remote attackers to potentially cause out-of-bounds memory access via a crafted PDF file. Affected product: Chromium/Chrome (PDFium). Root cause: integer overflow in PDFium. Impact: re...
CVE-2020-6440
CVE-2020-6440 concerns an insecure extension handling in Chromium/Google Chrome prior to 81.0.4044.92, caused by an inappropriate implementation in extensions. An attacker could exploit this by convincing a user to install a malicious extension, potentially leading to disclosure of sensitive info...
CVE-2020-6456
CVE-2020-6456 affects the chromium/chrome browser family. The vulnerability is caused by insufficient validation of untrusted input in the clipboard, enabling a local attacker to bypass site isolation via crafted clipboard contents in affected builds prior to 81.0.4044.92. Public records in multi...
CVE-2020-6433
CVE-2020-6433 describes an insufficient policy enforcement vulnerability in the extensions component of Chromium/Google Chrome, allowing a remote attacker to bypass navigation restrictions via crafted HTML. This is part of a broader set of policy enforcement issues in Chromium 81.x. Debian/Arch/F...
CVE-2019-5820
CVE-2019-5820 is a PDFium-based integer overflow in Chromium/Google Chrome prior to 74.0.3729.108 that could allow a remote attacker to potentially trigger heap corruption via a crafted PDF. The issue is documented across multiple advisories (Debian DSA-4500, Arch Linux ASA-201904-12, Gentoo GLSA...
CVE-2020-6446
CVE-2020-6446 : In Chromium, an insufficient policy enforcement issue in the Trusted Types component allowed bypass of CSP via a crafted HTML page, affecting builds prior to 81.0.4044.92. This is described in multiple sources (Arch Linux ASA-202004-9, Debian DSA-4714-1, Gentoo GLSA-202004-09). Re...
CVE-2019-5800
CVE-2019-5800 affects Chromium/Google Chrome prior to 73.0.3683.75. The issue is an access restriction bypass: a CSP bypass via blob URLs in the Content Security Policy, enabling crafted pages to bypass CSP protections. Affected component areas are CSP enforcement mechanisms related to blob URLs ...
CVE-2019-5834
CVE-2019-5834 involves insufficient data validation in Blink used by Google Chrome, enabling domain spoofing via a crafted HTML page in Chrome versions older than 75.0.3770.80. The vulnerability is attributed to the Blink component and affects Chrome before the fixed release. Debian advisories li...
CVE-2020-6495
CVE-2020-6495 refers to an insufficient policy enforcement vulnerability in Google Chrome’s Developer Tools prior to 83.0.4103.97. The issue, identified in multiple sources (CNVD-2020-32320; Arch Linux ASA-202006-3; Debian/ Gentoo advisories), enables a threat actor to exploit a crafted Chrome ex...
CVE-2019-5817
CVE-2019-5817 is a heap buffer overflow in ANGLE used by Google Chrome on Windows, prior to Chrome 74.0.3729.108. The issue could allow a remote attacker to cause heap corruption via a crafted HTML page. Affected component: ANGLE in Chrome (Windows). Root cause per the linked records is a heap bu...
CVE-2019-13713
CVE-2019-13713 affects Google Chrome/Chromium prior to 78.0.3904.70, caused by insufficient policy enforcement in JavaScript that allowed cross-origin data leakage via a crafted HTML page. Public advisories confirm the issue and that it was fixed in 78.0.3904.70 (updates for Chrome/Chromium and d...
CVE-2019-19951
CVE-2019-19951 affects GraphicsMagick; the issue is a heap-based buffer overflow in ImportRLEPixels() within coders/miff.c (GraphicsMagick 1.4 snapshot-20190423 Q8). Reports in connected documents confirm a heap-based overflow in ImportRLEPixels and document fixes: Mageia MGASA-2020-0102 notes th...
CVE-2020-6431
Chromium/Google Chrome (CVE-2020-6431) has an insufficient policy-enforcement check in full-screen mode that could allow a crafted HTML page to spoof security UI. Affected products include Chromium and Google Chrome prior to version 81.0.4044.92. Debian/Arch/Fedora advisories in the connected doc...
CVE-2019-10163
PowerDNS Authoritative Server (v4.0.x before 4.0.8 and v4.1.x before 4.1.9) is affected. A remote, authorized master server can send a flood of NOTIFY messages that causes high CPU load and can prevent updates to slave zones. Only servers configured as slaves are affected. The issue is mitigated ...