Lista CVE - 2019 / Giugno
Visualizzazione 1101 - 1200 di 1244 CVE per Giugno 2019 (Pagina 12 di 13)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-16086 | 2019-06-27 | Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a... |
| CVE-2018-17460 | 2019-06-27 | Insufficient data validation in filesystem URIs in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |
| CVE-2018-17478 | 2019-06-27 | Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. |
| CVE-2018-17479 | 2019-06-27 | Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2018-20073 | 2019-06-27 | Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem. |
| CVE-2018-6118 | 2019-06-27 | A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process... |
| CVE-2018-6121 | 2019-06-27 | Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page. |
| CVE-2018-6128 | 2019-06-27 | Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
| CVE-2018-6129 | 2019-06-27 | Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
| CVE-2018-6130 | 2019-06-27 | Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
| CVE-2018-6131 | 2019-06-27 | Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2018-6132 | 2019-06-27 | Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. |
| CVE-2018-6134 | 2019-06-27 | Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. |
| CVE-2018-6136 | 2019-06-27 | Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
| CVE-2018-6138 | 2019-06-27 | Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a... |
| CVE-2018-6142 | 2019-06-27 | Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. |
| CVE-2018-6145 | 2019-06-27 | Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
| CVE-2018-6148 | 2019-06-27 | Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2018-6149 | 2019-06-27 | Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
| CVE-2018-6150 | 2019-06-27 | Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2018-6154 | 2019-06-27 | Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2018-6155 | 2019-06-27 | Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
| CVE-2018-6156 | 2019-06-27 | Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
| CVE-2018-6157 | 2019-06-27 | Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
| CVE-2018-6159 | 2019-06-27 | Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| CVE-2018-6161 | 2019-06-27 | Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
| CVE-2018-6168 | 2019-06-27 | Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| CVE-2018-6171 | 2019-06-27 | Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process... |
| CVE-2018-6176 | 2019-06-27 | Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted... |
| CVE-2018-6177 | 2019-06-27 | Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2019-5784 | 2019-06-27 | Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5785 | 2019-06-27 | Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
| CVE-2019-5805 | 2019-06-27 | Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
| CVE-2019-5806 | 2019-06-27 | Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5807 | 2019-06-27 | Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5808 | 2019-06-27 | Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5809 | 2019-06-27 | Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML... |
| CVE-2019-5810 | 2019-06-27 | Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| CVE-2019-5811 | 2019-06-27 | Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
| CVE-2019-5812 | 2019-06-27 | Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
| CVE-2019-5813 | 2019-06-27 | Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5814 | 2019-06-27 | Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2019-5816 | 2019-06-27 | Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. |
| CVE-2019-5817 | 2019-06-27 | Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5818 | 2019-06-27 | Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. |
| CVE-2019-5819 | 2019-06-27 | Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. |
| CVE-2019-5820 | 2019-06-27 | Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
| CVE-2019-5821 | 2019-06-27 | Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
| CVE-2019-5786 | 2019-06-27 | Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
| CVE-2019-5822 | 2019-06-27 | Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
| CVE-2019-5823 | 2019-06-27 | Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2019-5824 | 2019-06-27 | Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5827 | 2019-06-27 | Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5828 | 2019-06-27 | Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
| CVE-2019-5829 | 2019-06-27 | Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
| CVE-2019-5830 | 2019-06-27 | Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2019-5831 | 2019-06-27 | Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5832 | 2019-06-27 | Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2019-5833 | 2019-06-27 | Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page. |
| CVE-2019-5834 | 2019-06-27 | Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
| CVE-2019-5835 | 2019-06-27 | Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
| CVE-2019-5836 | 2019-06-27 | Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5837 | 2019-06-27 | Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2019-5838 | 2019-06-27 | Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs... |
| CVE-2019-5839 | 2019-06-27 | Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via... |
| CVE-2019-5840 | 2019-06-27 | Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2019-7225 | 2019-06-27 | The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash... |
| CVE-2018-15557 | 2019-06-27 | An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain... |
| CVE-2019-3628 | 2019-06-27 | Privilege escalation could allow authenticated user to gain access to a core system |
| CVE-2018-15556 | 2019-06-27 | The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers. |
| CVE-2019-3629 | 2019-06-27 | Application protections bypass vulnerability could allow unauthenticated user to impersonate system users |
| CVE-2019-3630 | 2019-06-27 | Command Injection could allow authenticated users to execute arbitrary code |
| CVE-2019-3631 | 2019-06-27 | Command Injection could allow authenticated users to execute arbitrary code |
| CVE-2019-3632 | 2019-06-27 | Directory Traversal vulnerability could lead to elevated privileges |
| CVE-2019-10177 | 2019-06-27 | A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with... |
| CVE-2019-12995 | 2019-06-28 | Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwt_authenticator.cc segmentation fault. |
| CVE-2019-12997 | 2019-06-28 | In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable). |
| CVE-2019-13012 | 2019-06-28 | The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL,... |
| CVE-2018-15555 | 2019-06-28 | On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers. |
| CVE-2018-15520 | 2019-06-28 | Various Lexmark devices have a Buffer Overflow (issue 2 of 2). |
| CVE-2018-15519 | 2019-06-28 | Various Lexmark devices have a Buffer Overflow (issue 1 of 2). |
| CVE-2019-4269 | 2019-06-28 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to... |
| CVE-2018-14919 | 2019-06-28 | LOYTEC LGATE-902 6.3.2 devices allow XSS. |
| CVE-2018-14918 | 2019-06-28 | LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. |
| CVE-2018-14916 | 2019-06-28 | LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. |
| CVE-2019-12932 | 2019-06-28 | A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php. |
| CVE-2018-14887 | 2019-06-28 | Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the... |
| CVE-2018-14886 | 2019-06-28 | The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read local... |
| CVE-2018-14885 | 2019-06-28 | Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without... |
| CVE-2018-14868 | 2019-06-28 | Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current... |
| CVE-2018-14867 | 2019-06-28 | Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers,... |
| CVE-2018-17560 | 2019-06-28 | The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1.9.0 on-premises messenger server allows stored XSS. All backend versions prior to prod-2018-11-13-15-00-42 are affected. |
| CVE-2018-17170 | 2019-06-28 | Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allows code injection via a template, leading to remote code execution. All backend versions prior to prod-2018-11-13-15-00-42 are affected. |
| CVE-2019-10175 | 2019-06-28 | A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume... |
| CVE-2019-10985 | 2019-06-28 | In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker... |
| CVE-2019-10991 | 2019-06-28 | In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may... |
| CVE-2019-10989 | 2019-06-28 | In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may... |
| CVE-2019-10983 | 2019-06-28 | In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information. |
| CVE-2019-10987 | 2019-06-28 | In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow... |
| CVE-2019-10993 | 2019-06-28 | In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. |