Skip to main content
CVE-2019-5825 MEDIUM POC KEV THREAT This Month

Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Memory Corruption Chrome
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
55.9%
CVE-2019-17403 HIGH POC This Week

Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia File Upload RCE Impact
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-13720 HIGH POC KEV THREAT This Week

Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
73.0%
CVE-2019-18675 HIGH POC This Week

The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Integer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-10217 MEDIUM POC PATCH This Month

A flaw was found in ansible 2.8.0 before 2.8.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ansible
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-17405 MEDIUM POC This Month

Nokia IMPACT < 18A: has Reflected self XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia XSS Impact
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-19250 CRITICAL Act Now

OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Opentrade
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2019-19249 CRITICAL PATCH Act Now

Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Querytree
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-18374 CRITICAL Act Now

Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Symantec Critical System Protection
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-5866 CRITICAL Act Now

Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-5870 CRITICAL Act Now

Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome
NVD
CVSS 3.1
9.6
EPSS
1.4%
CVE-2019-5850 CRITICAL Act Now

Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2019-17406 MEDIUM POC This Month

Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia Path Traversal Impact
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-13721 HIGH This Week

Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-5878 HIGH This Week

Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-5877 HIGH This Week

Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-5876 HIGH This Week

Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-5874 HIGH This Week

Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-5871 HIGH This Week

Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-5859 HIGH This Week

Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-5858 HIGH This Week

Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple RCE Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-5856 HIGH This Week

Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-5854 HIGH This Week

Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-5853 HIGH This Week

Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-5851 HIGH This Week

Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-13724 HIGH This Week

Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-13723 HIGH This Week

Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-13700 HIGH This Week

Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Backports Sle
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-13699 HIGH This Week

Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-13698 HIGH This Week

Out of bounds memory access in JavaScript in Google Chrome prior to 73.0.3683.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-13696 HIGH This Week

Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-13695 HIGH This Week

Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-13694 HIGH This Week

Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-13693 HIGH This Week

Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Memory Corruption Google Use After Free +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-13692 HIGH This Week

Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-13688 HIGH This Week

Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-13687 HIGH This Week

Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-13686 HIGH This Week

Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-13685 HIGH This Week

Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-13682 HIGH This Week

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-10174 HIGH PATCH This Week

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Infinispan Fuse Jboss Data Grid Jboss Enterprise Application Platform +3
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2019-17404 MEDIUM POC This Month

Nokia IMPACT < 18A: allows full path disclosure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia Path Traversal Impact
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-5881 HIGH This Week

Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2019-5849 HIGH This Week

Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2019-19252 HIGH PATCH This Week

vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-16765 HIGH PATCH This Week

If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal RCE Codeql
NVD GitHub
CVSS 3.1
7.8
EPSS
4.7%
CVE-2019-13706 HIGH This Week

Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Backports Sle
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-13702 HIGH This Week

Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Google Chrome Backports Sle
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-14815 HIGH PATCH This Week

A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Linux Linux Kernel Codeready Linux Builder Eus +16
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-15629 HIGH This Week

Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Trend Micro Information Disclosure Password Manager
NVD
CVSS 3.1
7.5
EPSS
2.9%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy