Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 31907 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-13710 2 Google, Opensuse 2 Chrome, Backports Sle 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
CVE-2019-13691 1 Google 1 Chrome 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2019-13680 1 Google 1 Chrome 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.
CVE-2019-13678 1 Google 1 Chrome 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2019-13674 1 Google 1 Chrome 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2019-13672 2 Apple, Google 2 Iphone Os, Chrome 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS.
CVE-2019-13671 1 Google 1 Chrome 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2019-13669 1 Google 1 Chrome 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2019-13667 2 Apple, Google 2 Iphone Os, Chrome 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2019-13663 1 Google 1 Chrome 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2019-13661 1 Google 1 Chrome 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
CVE-2019-13660 1 Google 1 Chrome 2024-11-21 4.3 MEDIUM 5.3 MEDIUM
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
CVE-2019-13659 1 Google 1 Chrome 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2019-13656 1 Broadcom 2 Ca Client Automation, Ca Workload Automation Ae 2024-11-21 7.5 HIGH 9.8 CRITICAL
An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code.
CVE-2019-13565 7 Apple, Canonical, Debian and 4 more 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.
CVE-2019-13528 1 Tridium 7 Edge 10, Jace-8000, Jace 3e and 4 more 2024-11-21 2.1 LOW 4.4 MEDIUM
A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10).
CVE-2019-13467 2 Sandisk, Westerndigital 2 Ssd Dashboard, Ssd Dashboard 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download resources from the Dashboard web service. This vulnerability may allow an attacker to substitute downloaded resources with arbitrary files.
CVE-2019-13465 1 Ros 1 Ros-comm 2024-11-21 5.0 MEDIUM 8.6 HIGH
An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. ROS_ASSERT_MSG only works when ROS_ASSERT_ENABLED is defined. This leads to a problem in the remove() function in clients/roscpp/src/libros/spinner.cpp. When ROS_ASSERT_ENABLED is not defined, the iterator loop will run out of the scope of the array, and cause denial of service for other components (that depend on the communication-related functions of this package). NOTE: The reporter of this issue now believes it was a false alarm.
CVE-2019-13458 2 Debian, Otrs 2 Debian Linux, Otrs 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords.
CVE-2019-13423 1 Search-guard 1 Search Guard 2024-11-21 6.5 MEDIUM 8.8 HIGH
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time