Skip to main content
CVE-2017-15945 HIGH This Week

The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure MariaDB MySQL
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-15581 HIGH This Week

In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Diary With Lock
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-15938 HIGH PATCH This Week

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-5068 HIGH This Week

Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Microsoft Information Disclosure Chrome +3
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-15582 HIGH This Week

In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Diary With Lock
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-15935 HIGH This Week

Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP Pandora Fms
NVD
CVSS 3.0
7.2
EPSS
0.4%
CVE-2017-6160 MEDIUM This Month

In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Application Acceleration Manager Big Ip Policy Enforcement Manager
NVD
CVSS 3.0
5.9
EPSS
4.6%
CVE-2017-14182 MEDIUM This Month

A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fortinet Fortios
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2017-5106 MEDIUM This Month

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Debian Linux +3
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2017-5104 MEDIUM This Month

Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2017-5101 MEDIUM This Month

Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Debian Linux +3
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2017-5094 MEDIUM This Month

Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Microsoft Information Disclosure Debian Linux +4
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2017-5120 MEDIUM This Month

Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Debian Linux +3
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2017-5105 MEDIUM This Month

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Debian Linux +3
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2017-5093 MEDIUM This Month

Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Debian Linux +3
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2017-5086 MEDIUM This Month

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Enterprise Linux Desktop +2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2017-5076 MEDIUM This Month

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Enterprise Linux Desktop +2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2017-5067 MEDIUM This Month

An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Enterprise Linux Desktop +2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2017-5060 MEDIUM This Month

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Authentication Bypass Chrome Enterprise Linux Desktop +2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2017-5110 MEDIUM This Month

Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Debian Linux +3
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2017-5072 MEDIUM This Month

Inappropriate implementation in Omnibox in Google Chrome prior to 59.0.3071.92 for Android allowed a remote attacker to perform domain spoofing with RTL characters via a crafted URL page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-5117 MEDIUM This Month

Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-5089 MEDIUM This Month

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2017-15937 MEDIUM This Month

Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pandora Fms
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-5066 MEDIUM This Month

Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Jwt Attack Chrome +3
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2017-5090 MEDIUM This Month

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.115 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name containing a U+0620. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-5071 MEDIUM This Month

Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Enterprise Linux Desktop +2
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2017-6163 MEDIUM This Month

In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Access Policy Manager +4
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2017-6162 MEDIUM This Month

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Access Policy Manager +4
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2017-5069 MEDIUM This Month

Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Google Chrome Enterprise Linux Desktop +2
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2017-5085 MEDIUM This Month

Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Google Chrome
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-7733 MEDIUM This Month

A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinet Fortios
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6159 MEDIUM This Month

F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Access Policy Manager +4
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2017-6161 MEDIUM This Month

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Access Policy Manager +7
NVD
CVSS 3.0
5.3
EPSS
2.7%
CVE-2017-15939 MEDIUM PATCH This Month

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-5082 MEDIUM This Month

Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-15936 MEDIUM This Month

In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-15934 MEDIUM This Month

Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-5061 MEDIUM This Month

A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Microsoft Information Disclosure Chrome +3
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2017-5107 MEDIUM This Month

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Microsoft Information Disclosure Chrome Enterprise Linux Desktop +2
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2017-5065 MEDIUM This Month

Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Enterprise Linux Desktop +2
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2017-5119 MEDIUM This Month

Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Google Chrome Debian Linux
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2017-5109 MEDIUM This Month

Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Debian Linux +3
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2017-5103 MEDIUM This Month

Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Debian Linux +3
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2017-5102 MEDIUM This Month

Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Debian Linux +3
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2017-5083 MEDIUM This Month

Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Enterprise Linux Desktop +2
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2017-5079 MEDIUM This Month

Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Enterprise Linux Desktop +2
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2017-5075 MEDIUM This Month

Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Enterprise Linux Desktop +2
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2017-5096 MEDIUM This Month

Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.0
4.3
EPSS
0.4%
CVE-2017-5118 MEDIUM This Month

Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Authentication Bypass Chrome Debian Linux +3
NVD
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy