Vulnerabilities > Fedoraproject > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-27 | CVE-2019-9211 | Reachable Assertion vulnerability in multiple products There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. | 6.5 |
| 2019-02-19 | CVE-2019-5781 | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 6.5 |
| 2019-02-19 | CVE-2019-5779 | Missing Authorization vulnerability in multiple products Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 |
| 2019-02-19 | CVE-2019-5778 | Cross-site Scripting vulnerability in multiple products A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. | 6.5 |
| 2019-02-19 | CVE-2019-5777 | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 6.5 |
| 2019-02-19 | CVE-2019-5776 | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 6.5 |
| 2019-02-19 | CVE-2019-5775 | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 6.5 |
| 2019-02-19 | CVE-2019-5773 | Origin Validation Error vulnerability in multiple products Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. | 6.5 |
| 2019-02-19 | CVE-2019-5768 | Improper Privilege Management vulnerability in multiple products DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. | 6.5 |
| 2019-02-19 | CVE-2019-5767 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. | 6.5 |