Skip to main content
CVE-2019-8939 MEDIUM POC This Month

data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tautulli
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-8935 MEDIUM POC This Month

Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Collabtive
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-5781 MEDIUM This Month

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +3
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-5778 MEDIUM This Month

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Chrome Debian Linux Enterprise Linux Desktop +3
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-5777 MEDIUM This Month

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-5776 MEDIUM This Month

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +3
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-5775 MEDIUM This Month

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +3
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-5773 MEDIUM This Month

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Debian Linux Enterprise Linux Desktop +3
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2019-5768 MEDIUM This Month

DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Chrome Debian Linux Enterprise Linux Desktop +3
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-5767 MEDIUM This Month

Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Chrome Debian Linux Enterprise Linux Desktop +3
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-5766 MEDIUM This Month

Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +3
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2019-5754 MEDIUM This Month

Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2019-5765 MEDIUM This Month

An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2019-3812 MEDIUM PATCH This Month

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qemu Fedora Ubuntu Linux Leap
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-5779 MEDIUM This Month

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Debian Linux Enterprise Linux Desktop +3
NVD
CVSS 3.0
4.3
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy