Export limit exceeded: 23139 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23139 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13674 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
| IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||||
| CVE-2019-13673 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 7.4 High |
| Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-13671 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
| UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page. | ||||
| CVE-2019-13670 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 6.5 Medium |
| Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-13669 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
| Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2019-13668 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 7.4 High |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-13667 | 3 Apple, Google, Redhat | 3 Iphone Os, Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2019-13666 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 7.4 High |
| Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-13665 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 6.5 Medium |
| Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page. | ||||
| CVE-2019-13664 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| CVE-2019-13663 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
| IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||||
| CVE-2019-13662 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| CVE-2019-13661 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
| UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. | ||||
| CVE-2019-13660 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 5.3 Medium |
| UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. | ||||
| CVE-2019-13659 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
| IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||||
| CVE-2019-13648 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2024-11-21 | 5.5 Medium |
| In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c. | ||||
| CVE-2019-13638 | 3 Debian, Gnu, Redhat | 7 Debian Linux, Patch, Enterprise Linux and 4 more | 2024-11-21 | N/A |
| GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. | ||||
| CVE-2019-13636 | 2 Gnu, Redhat | 2 Patch, Enterprise Linux | 2024-11-21 | N/A |
| In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. | ||||
| CVE-2019-13631 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
| In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. | ||||
| CVE-2019-13627 | 5 Canonical, Debian, Libgcrypt20 Project and 2 more | 5 Ubuntu Linux, Debian Linux, Libgcrypt20 and 2 more | 2024-11-21 | 6.3 Medium |
| It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. | ||||