Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-28	CVE-2018-18494	Origin Validation Error vulnerability in multiple products A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). network low complexity mozilla debian canonical redhat CWE-346	6.5
2019-02-28	CVE-2018-12396	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. network low complexity mozilla debian canonical redhat CWE-732	6.5
2019-02-28	CVE-2019-9209	Off-by-one Error vulnerability in multiple products In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. local low complexity wireshark debian canonical opensuse CWE-193	5.5
2019-02-27	CVE-2019-1559	Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. network high complexity openssl canonical debian netapp f5 tenable opensuse fedoraproject mcafee redhat oracle paloaltonetworks nodejs CWE-203	5.9
2019-02-19	CVE-2019-5781	Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. network low complexity google debian redhat fedoraproject	6.5
2019-02-19	CVE-2019-5779	Missing Authorization vulnerability in multiple products Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. network low complexity google debian redhat fedoraproject CWE-862	4.3
2019-02-19	CVE-2019-5778	Cross-site Scripting vulnerability in multiple products A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. network low complexity google debian redhat fedoraproject CWE-79	6.5
2019-02-19	CVE-2019-5777	Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. network low complexity google redhat debian fedoraproject	6.5
2019-02-19	CVE-2019-5776	Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. network low complexity google debian redhat fedoraproject	6.5
2019-02-19	CVE-2019-5775	Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. network low complexity google debian redhat fedoraproject	6.5