Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2019-02-19 CVE-2019-5768 Improper Privilege Management vulnerability in multiple products
DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
network
low complexity
google debian redhat fedoraproject CWE-269
6.5
2019-02-19 CVE-2019-5767 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.
network
low complexity
google debian redhat fedoraproject CWE-1021
6.5
2019-02-19 CVE-2019-5766 Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian redhat fedoraproject
6.5
2019-02-19 CVE-2019-5765 Cleartext Storage of Sensitive Information vulnerability in multiple products
An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.
local
low complexity
google redhat debian fedoraproject CWE-312
5.5
2019-02-19 CVE-2019-5764 Use After Free vulnerability in multiple products
Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian redhat fedoraproject CWE-416
8.8
2019-02-19 CVE-2019-5763 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian redhat fedoraproject CWE-754
8.8
2019-02-19 CVE-2019-5762 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
network
low complexity
google debian redhat fedoraproject CWE-119
8.8
2019-02-19 CVE-2019-5761 Out-of-bounds Write vulnerability in multiple products
Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google redhat fedoraproject CWE-787
8.8
2019-02-19 CVE-2019-5760 Use After Free vulnerability in multiple products
Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google redhat fedoraproject debian CWE-416
8.8
2019-02-19 CVE-2019-5759 Use After Free vulnerability in multiple products
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian redhat fedoraproject CWE-416
critical
9.6