CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10740
https://notcve.org/view.php?id=CVE-2019-10740
In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. En Roundcube Webmail en versiones anteriores a la 1.3.10, un atacante en posesión de correos electrónicos cifrados S/MIME o PGP puede envolverlos como subparte dentro de un correo electrónico multiparte diseñado. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html https://github.com/roundcube/roundcubemail/issues/6638 https://github.com/roundcube/roundcubemail/releases/tag/1.3.10 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFFMSO5WKEYSGMTZPZFF4ZADUJ57PRN5 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5802 – chromium-browser: Security UI spoofing
https://notcve.org/view.php?id=CVE-2019-5802
Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. El manejo inadecuado de los orígenes de descarga en Navigation en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara una suplantación de dominios por medio de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/632514 https://access.redhat.com/security/cve/CVE-2019-5802 https://bugzilla.redhat.com/show_bug.cgi?id=1688204 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5794 – chromium-browser: Security UI spoofing
https://notcve.org/view.php?id=CVE-2019-5794
Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. El manejo incorrecto de peticiones canceladas en Navigation en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto ejecutara una suplantación de dominio por medio de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/935175 https://access.redhat.com/security/cve/CVE-2019-5794 https://bugzilla.redhat.com/show_bug.cgi?id=1688196 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9896
https://notcve.org/view.php?id=CVE-2019-9896
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. En PuTTY, en versiones anteriores a la 0.71 en Windows, los atacantes locales podrían secuestrar la aplicación colocando un archivo de ayuda malicioso en el mismo directorio que el ejecutable. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html https://security.netapp.com/advisory/ntap-20190404-0001 https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 33%CPEs: 5EXPL: 1CVE-2019-5796 – Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter
https://notcve.org/view.php?id=CVE-2019-5796
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La carrera de datos en Extensions Guest View en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML creada. There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently in Chrome. • https://www.exploit-db.com/exploits/46566 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/918861 https://access.redhat.com/security/cve/CVE-2019-5796 https://bugzilla.redhat.com/show_bug.cgi?id=1688198 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •