Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-19 | CVE-2019-5773 | Origin Validation Error vulnerability in multiple products Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. | 6.5 |
| 2019-02-19 | CVE-2019-5768 | Improper Privilege Management vulnerability in multiple products DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. | 6.5 |
| 2019-02-19 | CVE-2019-5767 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. | 6.5 |
| 2019-02-19 | CVE-2019-5766 | Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2019-02-19 | CVE-2019-5765 | Cleartext Storage of Sensitive Information vulnerability in multiple products An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. | 5.5 |
| 2019-02-19 | CVE-2019-5754 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy. | 6.5 |
| 2019-02-18 | CVE-2019-8907 | Out-of-bounds Write vulnerability in multiple products do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. | 6.8 |
| 2019-02-17 | CVE-2016-10742 | Open Redirect vulnerability in multiple products Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. | 5.8 |
| 2019-02-15 | CVE-2019-8354 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in SoX 14.4.2. | 5.0 |
| 2019-02-12 | CVE-2019-8308 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. | 4.4 |