Lucene search
K
OpensuseBackports

97 matches found

CVE
CVE
added 2019/06/27 4:13 p.m.494 views

CVE-2019-5827

CVE-2019-5827 is an out-of-bounds read in the SQLite library leveraged via Chromium/Chrome. Public records in Debian and related advisories indicate this affects Chromium/Chrome components and was mitigated by upgrading the sqlite3 library (e.g., to versions in Chromium security updates and Debia...

8.8CVSS8.6AI score0.01976EPSS
CVE
CVE
added 2019/05/23 7:17 p.m.489 views

CVE-2019-5798

CVE-2019-5798: In Google Chrome, a lack of proper bounds checking in Skia allowed out-of-bounds memory read via a crafted HTML page. Affected product is Chrome (before 73.0.3683.75); root cause is insufficient bounds checking in Skia’s handling of HTML content. Impact stated: remote attacker coul...

6.5CVSS6.6AI score0.03205EPSS
CVE
CVE
added 2019/05/23 7:12 p.m.343 views

CVE-2019-5789

CVE-2019-5789 is a use-after-free in Chrome's WebMIDI implementation on Windows caused by an integer overflow. A remote attacker who can run crafted HTML in a renderer could execute arbitrary code prior to Chrome 73.0.3683.75. Mitigation: upgrade to 73.0.3683.75 or later (Chromium/Chrome patches)...

9.3CVSS8.5AI score0.07287EPSS
CVE
CVE
added 2019/05/23 7:11 p.m.339 views

CVE-2019-5788

CVE-2019-5788 affects Chromium-based Chrome/Chromium before 73.0.3683.75. The sources describe use-after-free in the FileAPI component (and related issues in Blink Storage) triggered by crafted HTML, with an integer overflow contributing to exploitation. The Debian Arch Linux advisories confirm t...

9.3CVSS8.4AI score0.07151EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.329 views

CVE-2019-5831

CVE-2019-5831 reports an object lifecycle issue in V8 used by Google Chrome/Chromium prior to version 75.0.3770.80, enabling potential remote heap corruption via a crafted HTML page. Public advisories and Debian security notices confirm this as a Chromium/V8 issue with multiple CVEs, and remediat...

8.8CVSS8.4AI score0.01985EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.329 views

CVE-2019-5833

CVE-2019-5833 describes an incorrect dialog box scoping in Google Chrome for Android prior to 75.0.3770.80, enabling a crafted HTML page to display misleading security UI. The vulnerability affects the Chromium/Chrome UI layer and is categorized as a security UI spoofing issue; multiple advisorie...

4.3CVSS4.9AI score0.00994EPSS
CVE
CVE
added 2020/04/13 5:30 p.m.324 views

CVE-2020-6437

CVE-2020-6437 affects the WebView component in Chromium/Google Chrome prior to 81.0.4044.92. An inappropriate implementation/implementation error in WebView allowed a remote attacker to spoof the security UI via a crafted application. The issue is fixed upstream in 81.0.4044.92 (Debian notes also...

4.3CVSS5AI score0.0172EPSS
CVE
CVE
added 2020/04/13 5:31 p.m.321 views

CVE-2020-6455

CVE-2020-6455 is an out-of-bounds read in Chromium/Google Chrome’s WebSQL implementation. The issue could allow a remote attacker to potentially cause heap corruption via a crafted page. Affected software is Chrome/Chromium before version 81.0.4044.92. The Debian Arch Linux security advisory and ...

8.8CVSS8.4AI score0.01977EPSS
CVE
CVE
added 2019/05/23 7:13 p.m.320 views

CVE-2019-5791

CVE-2019-5791 is a type confusion in the V8 engine of Chromium/Chrome prior to version 73.0.3683.75. The issue potentially allows remote code execution via crafted HTML pages. Debian/Arch notes indicate fixes in 73.0.3683.75 (Debian: 73.0.3683.75-1; Arch: “before 73.0.3683.75” fixed). Affected pr...

8.8CVSS8AI score0.01563EPSS
CVE
CVE
added 2020/04/13 5:30 p.m.319 views

CVE-2020-6443

Chromium/Google Chrome before 81.0.4044.92 is affected by CVE-2020-6443 due to an insufficient data validation flaw in the DevTools component, enabling a remote attacker to execute arbitrary code via a crafted HTML page after convincing a user to use DevTools. Affected product: Chromium/Chrome; r...

8.8CVSS8.2AI score0.01803EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.318 views

CVE-2019-5810

CVE-2019-5810 is a Chromium/Google Chrome information disclosure vulnerability in the Autofill component, reported as information leakage from process memory via a crafted HTML page in Chromium before version 74.0.3729.108. Public records in Debian security advisories and Arch Linux ASA-201904-12...

6.5CVSS6.1AI score0.01094EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.317 views

CVE-2019-5808

CVE-2019-5808 affects Chromium/Google Chrome Blink: a use-after-free in Blink/WebKit prior to 74.0.3729.108 could allow a crafted HTML page to trigger heap corruption. Affected products include Chromium/Chrome; remediation is to upgrade to 74.0.3729.108 or newer (as noted by Arch Debian advisorie...

8.8CVSS8.8AI score0.01787EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.317 views

CVE-2019-5821

CVE-2019-5821 is a concrete issue in PDFium used by Google Chrome/Chromium, caused by an integer overflow in PDFium before 74.0.3729.108, enabling a remote attacker to potentially trigger heap corruption with a crafted PDF. Evidence across multiple advisories confirms the affected component (PDFi...

8.8CVSS8.5AI score0.01418EPSS
CVE
CVE
added 2019/05/23 7:12 p.m.314 views

CVE-2019-5790

CVE-2019-5790 is a heap-based buffer overflow in the V8 JavaScript engine of Chromium/Google Chrome prior to 73.0.3683.75. This vulnerability could allow a remote attacker to execute arbitrary code inside the browser’s sandbox via a crafted HTML page. The Chrome security fix was delivered in the ...

8.8CVSS8.7AI score0.01822EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.314 views

CVE-2019-5822

CVE-2019-5822 affects Google Chrome/Chromium Blink component; describes bypass of Cross‑Origin Resource Sharing (CORS) via a crafted HTML page, effectively bypassing same-origin policy. Affected scope includes Blink/CORS handling in Chrome prior to 74.0.3729.108. Public advisories (Debian DSA-450...

8.8CVSS7.7AI score0.01872EPSS
CVE
CVE
added 2019/05/23 7:14 p.m.313 views

CVE-2019-5793

CVE-2019-5793 affects Chromium/Google Chrome extensions prior to 73.0.3683.75. The vulnerability is described as an excessive permissions issue in the Extensions component, enabling a crafted HTML page to trigger the extension installation UI, effectively bypassing policy controls and potentially...

6.5CVSS6.3AI score0.01003EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.312 views

CVE-2019-5811

CVE-2019-5811 : In Chromium-based browsers, a Cross‑Origin Resource Sharing (CORS) bypass was discovered in Blink, allowing a crafted HTML page to bypass the same-origin policy via Service Worker semantics. The issue is associated with Chrome/Chromium builds prior to 74.0.3729.108. Impact is tied...

8.8CVSS7.8AI score0.01246EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.312 views

CVE-2019-5829

CVE-2019-5829 is a vulnerability in Google's Chromium/Chrome download manager. The issue is an integer overflow that can trigger an out-of-bounds memory access via a crafted HTML page, potentially enabling remote exploitation. Affected software is Chrome/Chromium released before 75.0.3770.80. Mit...

8.8CVSS8.2AI score0.01315EPSS
CVE
CVE
added 2020/03/23 12:35 p.m.312 views

CVE-2020-6425

The CVE-2020-6425 entry concerns Chromium/Google Chrome. The vulnerability is a policy enforcement error in extensions that could allow a user-assisted attacker to bypass site isolation via a crafted Chrome extension. Affected product family: Chromium/Chrome browser engines as distributed in Debi...

5.8CVSS5.8AI score0.01151EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.311 views

CVE-2019-5828

CVE-2019-5828 is a use-after-free vulnerability in the ServiceWorker component of the Chromium/Google Chrome stack, reported to be exploitable remotely via a crafted HTML page. The issue affects Chromium/Chrome versions prior to 75.0.3770.80, with multiple sources listing an upgrade to 75.0.3770....

8.8CVSS8.1AI score0.01411EPSS
CVE
CVE
added 2019/05/23 7:10 p.m.310 views

CVE-2019-5787

CVE-2019-5787 is a use-after-free in the Canvas component of Chromium-based Chrome/Blink (pre-73.0.3683.75). The issue allows a remote attacker to potentially trigger heap corruption via a crafted HTML page. Connected sources also describe related CVEs (5788–5799) in FileAPI, WebMIDI, V8, PDFium,...

9.3CVSS8.4AI score0.01952EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.310 views

CVE-2019-5830

CVE-2019-5830 concerns Google Chrome/Chromium: insufficient CORS policy enforcement allowed a remote attacker to leak cross-origin data via a crafted HTML page. The issue is tracked across multiple advisories and was addressed by updating Chromium/Chrome to a patched release. Affected components:...

6.5CVSS6.2AI score0.01421EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.309 views

CVE-2019-5836

CVE-2019-5836 : A heap buffer overflow in ANGLE within Google Chrome prior to 75.0.3770.80 could allow a remote attacker to cause heap corruption via a crafted HTML page. Connected sources corroborate ANGLE/Chrome scope and advise upgrading to a fixed version; Debian advisories list numerous Chro...

8.8CVSS8.6AI score0.01479EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.308 views

CVE-2019-5839

CVE-2019-5839 affects Google Chrome (Chromium) prior to 75.0.3770.80. The issue is excessive data validation in the URL parser, enabling a remote attacker who lures a user to input a crafted URL to bypass website URL validation. Root cause: improper validation in the URL parsing logic. Impact, pe...

4.3CVSS5AI score0.01275EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.307 views

CVE-2019-5832

CVE-2019-5832 affects Chromium/Chrome: an error in the Cross-Origin Resource Sharing (CORS) handling exposes cross-origin data when a crafted HTML page is loaded. Root cause: CORS-related flaw in Chromium’s policy enforcement. Impact stated as information disclosure via cross-origin leaks. Remedi...

6.5CVSS6.2AI score0.01289EPSS
CVE
CVE
added 2019/05/23 7:15 p.m.306 views

CVE-2019-5795

CVE-2019-5795 is an integer overflow in the PDFium component of Google Chrome/Chromium prior to 73.0.3683.75. A crafted PDF file could trigger out-of-bounds memory access. Public sources confirm the PDFium overflow issue; Debian and Arch advisories indicate the fix is in 73.0.3683.75. Remediation...

8.8CVSS8.2AI score0.01223EPSS
CVE
CVE
added 2020/04/13 5:30 p.m.306 views

CVE-2020-6439

CVE-2020-6439 affects Google Chrome/Chromium where an insufficient policy enforcement in navigations permits bypassing the security UI via a crafted HTML page. Affected component is the navigation policy enforcement flow in Chromium/Chrome prior to version 81.0.4044.92. The issue is described as ...

8.8CVSS7.7AI score0.01778EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.303 views

CVE-2019-5824

CVE-2019-5824 affects the Chromium/Chrome media path: a parameter-passing error in the media component could enable heap corruption via a crafted HTML page. Connected advisories corroborate that Chromium/Chrome updates across distributions (e.g., Debian DSA-4500-1, openSUSE/Fedora advisories) add...

8.8CVSS8.3AI score0.01374EPSS
CVE
CVE
added 2020/06/03 10:50 p.m.302 views

CVE-2020-6493

CVE-2020-6493: A use-after-free in Chrome’s WebAuthentication component (older than 83.0.4103.97) could allow a remote attacker who compromises the renderer to escape the sandbox via a crafted HTML page. Affected product is Google Chrome. The issue is fixed in 83.0.4103.97 (upstream); Debian/Arch...

9.6CVSS9.2AI score0.01682EPSS
CVE
CVE
added 2019/05/23 7:18 p.m.301 views

CVE-2019-5799

CVE-2019-5799 is a CSP bypass in Chromium/Google Chrome via blob URLs, affecting versions before 73.0.3683.75. Root cause: content security policy bypass in CSP handling for blob URLs. Impact: remote attacker could bypass CSP and access restricted content. Remediation: upgrade to Chromium/Chrome ...

6.5CVSS6.4AI score0.01499EPSS
CVE
CVE
added 2019/05/23 7:20 p.m.301 views

CVE-2019-5803

CVE-2019-5803 affects Google Chrome/Chromium prior to 73.0.3683.75. The issue is an insufficent Content Security Policy enforcement in Chrome’s CSP implementation, enabling a CSP bypass via crafted HTML content (including CSP bypass with Javascript URLs and related vectors cited in connected sour...

6.5CVSS6.3AI score0.01046EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.301 views

CVE-2019-5809

CVE-2019-5809 is a use-after-free in Blink/WebKit affecting Chromium-based browsers, specifically in the file chooser path. The vulnerability allows a remote attacker who has already compromised the renderer process to escalate privileges via a crafted HTML page. Technical details across connecte...

8.8CVSS8.6AI score0.0153EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.300 views

CVE-2019-5813

CVE-2019-5813 is an out-of-bounds read vulnerability in the V8 JavaScript engine of Chromium/Google Chrome, present in versions prior to 74.0.3729.108. The issue is rooted in the V8 component and could enable information disclosure or heap-related effects as described in vendor advisories. Remedi...

8.8CVSS8.8AI score0.01346EPSS
CVE
CVE
added 2020/04/13 5:30 p.m.300 views

CVE-2020-6441

CVE-2020-6441 affects Chromium/Google Chrome prior to version 81.0.4044.92 and is described as an insufficient policy enforcement issue in the omnibox component, allowing a remote, crafted HTML page to bypass the security UI. Public advisories confirm the vulnerability as a policy‑enforcement err...

4.3CVSS4.8AI score0.01724EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.299 views

CVE-2019-5818

CVE-2019-5818 affects Chromium/Google Chrome’s media reader component before version 74.0.3729.108. The root cause is an uninitialized value in media processing, which can allow a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Public advi...

6.5CVSS6.2AI score0.01614EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.299 views

CVE-2019-5838

CVE-2019-5838 : Insufficient policy enforcement in Chrome extensions API allowed a user-went-through-a-malicious-extension attack to bypass file URI restrictions. Affected: Google Chrome/Chromium prior to 75.0.3770.80. Impact is that a crafted extension could enable access to file URIs that shoul...

4.3CVSS5.1AI score0.00785EPSS
CVE
CVE
added 2019/05/23 7:13 p.m.298 views

CVE-2019-5792

CVE-2019-5792 : An integer overflow in the PDFium component of Chromium/Google Chrome before 73.0.3683.75 allows remote attackers to potentially cause out-of-bounds memory access via a crafted PDF file. Affected product: Chromium/Chrome (PDFium). Root cause: integer overflow in PDFium. Impact: re...

8.8CVSS8.2AI score0.01223EPSS
CVE
CVE
added 2020/04/13 5:30 p.m.298 views

CVE-2020-6440

CVE-2020-6440 concerns an insecure extension handling in Chromium/Google Chrome prior to 81.0.4044.92, caused by an inappropriate implementation in extensions. An attacker could exploit this by convincing a user to install a malicious extension, potentially leading to disclosure of sensitive info...

4.3CVSS4.9AI score0.01153EPSS
CVE
CVE
added 2020/04/13 5:31 p.m.296 views

CVE-2020-6456

CVE-2020-6456 affects the chromium/chrome browser family. The vulnerability is caused by insufficient validation of untrusted input in the clipboard, enabling a local attacker to bypass site isolation via crafted clipboard contents in affected builds prior to 81.0.4044.92. Public records in multi...

6.5CVSS6.4AI score0.01381EPSS
CVE
CVE
added 2020/04/13 5:30 p.m.294 views

CVE-2020-6433

CVE-2020-6433 describes an insufficient policy enforcement vulnerability in the extensions component of Chromium/Google Chrome, allowing a remote attacker to bypass navigation restrictions via crafted HTML. This is part of a broader set of policy enforcement issues in Chromium 81.x. Debian/Arch/F...

4.3CVSS4.8AI score0.01619EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.293 views

CVE-2019-5820

CVE-2019-5820 is a PDFium-based integer overflow in Chromium/Google Chrome prior to 74.0.3729.108 that could allow a remote attacker to potentially trigger heap corruption via a crafted PDF. The issue is documented across multiple advisories (Debian DSA-4500, Arch Linux ASA-201904-12, Gentoo GLSA...

8.8CVSS8.5AI score0.01453EPSS
CVE
CVE
added 2020/04/13 5:30 p.m.293 views

CVE-2020-6446

CVE-2020-6446 : In Chromium, an insufficient policy enforcement issue in the Trusted Types component allowed bypass of CSP via a crafted HTML page, affecting builds prior to 81.0.4044.92. This is described in multiple sources (Arch Linux ASA-202004-9, Debian DSA-4714-1, Gentoo GLSA-202004-09). Re...

6.5CVSS6.3AI score0.0162EPSS
CVE
CVE
added 2019/05/23 7:18 p.m.292 views

CVE-2019-5800

CVE-2019-5800 affects Chromium/Google Chrome prior to 73.0.3683.75. The issue is an access restriction bypass: a CSP bypass via blob URLs in the Content Security Policy, enabling crafted pages to bypass CSP protections. Affected component areas are CSP enforcement mechanisms related to blob URLs ...

6.5CVSS6.3AI score0.01046EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.290 views

CVE-2019-5834

CVE-2019-5834 involves insufficient data validation in Blink used by Google Chrome, enabling domain spoofing via a crafted HTML page in Chrome versions older than 75.0.3770.80. The vulnerability is attributed to the Blink component and affects Chrome before the fixed release. Debian advisories li...

6.5CVSS6.3AI score0.00718EPSS
CVE
CVE
added 2020/06/03 10:50 p.m.285 views

CVE-2020-6495

CVE-2020-6495 refers to an insufficient policy enforcement vulnerability in Google Chrome’s Developer Tools prior to 83.0.4103.97. The issue, identified in multiple sources (CNVD-2020-32320; Arch Linux ASA-202006-3; Debian/ Gentoo advisories), enables a threat actor to exploit a crafted Chrome ex...

6.5CVSS7AI score0.01073EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.283 views

CVE-2019-5817

CVE-2019-5817 is a heap buffer overflow in ANGLE used by Google Chrome on Windows, prior to Chrome 74.0.3729.108. The issue could allow a remote attacker to cause heap corruption via a crafted HTML page. Affected component: ANGLE in Chrome (Windows). Root cause per the linked records is a heap bu...

8.8CVSS8.7AI score0.01849EPSS
CVE
CVE
added 2019/11/25 2:22 p.m.282 views

CVE-2019-13713

CVE-2019-13713 affects Google Chrome/Chromium prior to 78.0.3904.70, caused by insufficient policy enforcement in JavaScript that allowed cross-origin data leakage via a crafted HTML page. Public advisories confirm the issue and that it was fixed in 78.0.3904.70 (updates for Chrome/Chromium and d...

6.5CVSS6.2AI score0.0114EPSS
CVE
CVE
added 2019/12/24 12:7 a.m.282 views

CVE-2019-19951

CVE-2019-19951 affects GraphicsMagick; the issue is a heap-based buffer overflow in ImportRLEPixels() within coders/miff.c (GraphicsMagick 1.4 snapshot-20190423 Q8). Reports in connected documents confirm a heap-based overflow in ImportRLEPixels and document fixes: Mageia MGASA-2020-0102 notes th...

9.8CVSS9.5AI score0.02547EPSS
CVE
CVE
added 2020/04/13 5:30 p.m.280 views

CVE-2020-6431

Chromium/Google Chrome (CVE-2020-6431) has an insufficient policy-enforcement check in full-screen mode that could allow a crafted HTML page to spoof security UI. Affected products include Chromium and Google Chrome prior to version 81.0.4044.92. Debian/Arch/Fedora advisories in the connected doc...

4.3CVSS4.8AI score0.01549EPSS
CVE
CVE
added 2019/07/30 10:16 p.m.279 views

CVE-2019-10163

PowerDNS Authoritative Server (v4.0.x before 4.0.8 and v4.1.x before 4.1.9) is affected. A remote, authorized master server can send a flood of NOTIFY messages that causes high CPU load and can prevent updates to slave zones. Only servers configured as slaves are affected. The issue is mitigated ...

4.3CVSS5.4AI score0.01003EPSS
Total number of security vulnerabilities97