Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-19	CVE-2019-5768	Improper Privilege Management vulnerability in multiple products DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. network low complexity google debian redhat fedoraproject CWE-269	6.5
2019-02-19	CVE-2019-5767	Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. network low complexity google debian redhat fedoraproject CWE-1021	6.5
2019-02-19	CVE-2019-5766	Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google debian redhat fedoraproject	6.5
2019-02-19	CVE-2019-5765	Cleartext Storage of Sensitive Information vulnerability in multiple products An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. local low complexity google redhat debian fedoraproject CWE-312	5.5
2019-02-19	CVE-2019-5754	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy. network low complexity google redhat fedoraproject debian CWE-327	6.5
2019-02-09	CVE-2019-7665	Out-of-bounds Read vulnerability in multiple products In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. local low complexity elfutils-project debian canonical opensuse redhat CWE-125	5.5
2019-02-09	CVE-2019-7664	Out-of-bounds Write vulnerability in multiple products In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. local low complexity elfutils-project redhat CWE-787	5.5
2019-02-08	CVE-2019-7628	Information Exposure vulnerability in Redhat Pagure 5.2 Pagure 5.2 leaks API keys by e-mailing them to users. network high complexity redhat CWE-200	5.9
2019-02-06	CVE-2019-3825	Improper Authentication vulnerability in multiple products A vulnerability was discovered in gdm before 3.31.4. high complexity gnome canonical redhat CWE-287	6.4
2019-02-06	CVE-2019-1003014	Cross-site Scripting vulnerability in multiple products An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file. network low complexity jenkins redhat CWE-79	4.8