Skip to main content
CVE-2019-5803 MEDIUM This Month

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Backports Leap
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-5802 MEDIUM This Month

Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle Leap
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-5801 MEDIUM This Month

Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome Backports +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-5800 MEDIUM This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Backports Leap
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-5799 MEDIUM This Month

Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Backports Leap
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-5798 MEDIUM This Month

Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Debian Linux +5
NVD
CVSS 3.1
6.5
EPSS
3.2%
CVE-2019-5794 MEDIUM This Month

Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle Leap
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-5793 MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Leap
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10851 MEDIUM This Month

Computrols CBAS 18.0.0 has hard-coded encryption keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Computrols Building Automation Software
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-7127 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
6.5
EPSS
12.1%
CVE-2019-7110 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
6.5
EPSS
12.1%
CVE-2019-7109 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
6.5
EPSS
12.1%
CVE-2019-7138 MEDIUM PATCH This Month

Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Bridge Cc
NVD
CVSS 3.0
6.5
EPSS
4.0%
CVE-2019-7137 MEDIUM PATCH This Month

Adobe Bridge CC versions 9.0.2 have a memory corruption vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Information Disclosure Adobe Memory Corruption Bridge Cc
NVD
CVSS 3.0
6.5
EPSS
4.7%
CVE-2019-7136 MEDIUM PATCH This Month

Adobe Bridge CC versions 9.0.2 have an use after free vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Information Disclosure Adobe Memory Corruption Use After Free +1
NVD
CVSS 3.0
6.5
EPSS
4.0%
CVE-2019-7135 MEDIUM PATCH This Month

Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Bridge Cc
NVD
CVSS 3.0
6.5
EPSS
4.0%
CVE-2019-7134 MEDIUM PATCH This Month

Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Bridge Cc
NVD
CVSS 3.0
6.5
EPSS
4.0%
CVE-2019-7133 MEDIUM PATCH This Month

Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Bridge Cc
NVD
CVSS 3.0
6.5
EPSS
3.8%
CVE-2019-10846 MEDIUM POC This Month

Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Computrols Building Automation System
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
4.7%
CVE-2019-0201 MEDIUM PATCH This Month

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Apache Activemq Drill Zookeeper +7
NVD
CVSS 3.1
5.9
EPSS
9.6%
CVE-2019-5804 MEDIUM This Month

Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Leap
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-4039 MEDIUM This Month

IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-12298 MEDIUM This Month

Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds write (1024 bytes) via a modified input file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Leanify
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2019-12309 MEDIUM PATCH This Month

dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Dotcms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy