National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,229 matching records.
Displaying matches 721 through 740.
Vuln ID Summary CVSS Severity
CVE-2019-13666

Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: November 25, 2019; 10:15:30 AM -05:00
V3.1: 7.4 HIGH
    V2: 4.3 MEDIUM
CVE-2019-13665

Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.

Published: November 25, 2019; 10:15:30 AM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-13664

Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Published: November 25, 2019; 10:15:30 AM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-13663

IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Published: November 25, 2019; 10:15:30 AM -05:00
V3.1: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-13662

Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Published: November 25, 2019; 10:15:30 AM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-13661

UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.

Published: November 25, 2019; 10:15:29 AM -05:00
V3.1: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-13660

UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.

Published: November 25, 2019; 10:15:29 AM -05:00
V3.1: 5.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-13659

IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Published: November 25, 2019; 10:15:29 AM -05:00
V3.1: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-10213

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.

Published: November 25, 2019; 10:15:27 AM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2012-5644

libuser has information disclosure when moving user's home directory

Published: November 25, 2019; 10:15:12 AM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2012-5640

thttpd has a local DoS vulnerability via specially-crafted .htpasswd files

Published: November 25, 2019; 10:15:12 AM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2012-5631

ipa 3.0 does not properly check server identity before sending credential containing cookies

Published: November 25, 2019; 10:15:11 AM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-18675

The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation.

Published: November 25, 2019; 09:15:12 AM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-10207

A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.

Published: November 25, 2019; 09:15:11 AM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2012-5630

libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.

Published: November 25, 2019; 09:15:11 AM -05:00
V3.1: 6.3 MEDIUM
    V2: 3.3 LOW
CVE-2012-5617

gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation

Published: November 25, 2019; 09:15:11 AM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2012-5582

opendnssec misuses libcurl API

Published: November 25, 2019; 09:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2012-5535

gnome-system-log polkit policy allows arbitrary files on the system to be read

Published: November 25, 2019; 09:15:11 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2012-5527

Claws Mail vCalendar plugin: credentials exposed on interface

Published: November 25, 2019; 09:15:11 AM -05:00
(not available)
CVE-2012-5521

quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal

Published: November 25, 2019; 09:15:11 AM -05:00
V3.1: 6.5 MEDIUM
    V2: 3.3 LOW