Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-28	CVE-2018-12396	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. network low complexity mozilla debian canonical redhat CWE-732	6.5
2019-02-27	CVE-2019-1559	Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. network high complexity openssl canonical debian netapp f5 tenable opensuse fedoraproject mcafee redhat oracle paloaltonetworks nodejs CWE-203	5.9
2019-02-20	CVE-2019-8331	Cross-site Scripting vulnerability in multiple products In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. network low complexity getbootstrap f5 redhat tenable CWE-79	6.1
2019-02-19	CVE-2019-5781	Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. network low complexity google debian redhat fedoraproject	6.5
2019-02-19	CVE-2019-5779	Missing Authorization vulnerability in multiple products Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. network low complexity google debian redhat fedoraproject CWE-862	4.3
2019-02-19	CVE-2019-5778	Cross-site Scripting vulnerability in multiple products A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. network low complexity google debian redhat fedoraproject CWE-79	6.5
2019-02-19	CVE-2019-5777	Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. network low complexity google redhat debian fedoraproject	6.5
2019-02-19	CVE-2019-5776	Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. network low complexity google debian redhat fedoraproject	6.5
2019-02-19	CVE-2019-5775	Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. network low complexity google debian redhat fedoraproject	6.5
2019-02-19	CVE-2019-5773	Origin Validation Error vulnerability in multiple products Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. network low complexity google debian redhat fedoraproject CWE-346	6.5