Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-19	CVE-2019-5766	Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google debian redhat fedoraproject	6.5
2019-02-19	CVE-2019-5765	Cleartext Storage of Sensitive Information vulnerability in multiple products An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. local low complexity google redhat debian fedoraproject CWE-312	5.5
2019-02-19	CVE-2019-5754	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy. network low complexity google redhat fedoraproject debian CWE-327	6.5
2019-02-18	CVE-2019-8907	Out-of-bounds Write vulnerability in multiple products do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. network file-project debian opensuse canonical CWE-787	6.8
2019-02-17	CVE-2016-10742	Open Redirect vulnerability in multiple products Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. network zabbix debian CWE-601	5.8
2019-02-15	CVE-2019-8354	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in SoX 14.4.2. local low complexity sound-exchange-project debian canonical CWE-190	5.0
2019-02-12	CVE-2019-8308	Exposure of Resource to Wrong Sphere vulnerability in multiple products Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. local flatpak debian redhat CWE-668	4.4
2019-02-11	CVE-2018-15587	Improper Verification of Cryptographic Signature vulnerability in multiple products GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. network gnome debian CWE-347	4.3
2019-02-09	CVE-2019-7665	Out-of-bounds Read vulnerability in multiple products In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. network elfutils-project debian canonical opensuse redhat CWE-125	4.3
2019-02-09	CVE-2019-7663	An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. network libtiff debian canonical opensuse	4.3