CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5818 – chromium-browser: Uninitialized value in media reader
https://notcve.org/view.php?id=CVE-2019-5818
Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Los datos no inicializados en medios en Google Chrome antes del 74.0.3729.108 permitieron a un atacante remoto obtener información potencialmente sensible de la memoria de proceso a través de un archivo de video creado • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html https://crbug.com/929962 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 htt • CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 2%CPEs: 15EXPL: 0CVE-2019-5798 – chromium-browser: Out of bounds read in Skia
https://notcve.org/view.php?id=CVE-2019-5798
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. La falta de comprobación de límites correcta en Skia en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara una lectura de memoria fuera de límites por medio de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://access.redhat.com/errata/RHSA-2019:1308 https://access.redhat.com/errata/RHSA-2019:1309 https://access.redhat.com/errata/RHSA-2019:1310 https://chromereleases.googleblog.com/2019/03/stable-ch • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5787 – chromium-browser: Use after free in Canvas
https://notcve.org/view.php?id=CVE-2019-5787
Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El uso de memoria después del proceso Garbage-Collection en Blink en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto explotar potencialmente la corrupción de pila por medio de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/913964 https://access.redhat.com/security/cve/CVE-2019-5787 https://bugzilla.redhat.com/show_bug.cgi?id=1688189 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5794 – chromium-browser: Security UI spoofing
https://notcve.org/view.php?id=CVE-2019-5794
Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. El manejo incorrecto de peticiones canceladas en Navigation en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto ejecutara una suplantación de dominio por medio de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/935175 https://access.redhat.com/security/cve/CVE-2019-5794 https://bugzilla.redhat.com/show_bug.cgi?id=1688196 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5800 – chromium-browser: CSP bypass with blob URL
https://notcve.org/view.php?id=CVE-2019-5800
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. La insuficiente aplicación de políticas en Blink en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto eludir la política de seguridad de contenido por medio de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/894228 https://access.redhat.com/security/cve/CVE-2019-5800 https://bugzilla.redhat.com/show_bug.cgi?id=1688202 • CWE-20: Improper Input Validation •