National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-13683 — Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
    Published: November 25, 2019; 10:15:31 AM -05:00

    V3.1: 6.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-13684 — Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
    Published: November 25, 2019; 10:15:31 AM -05:00

    V3.1: 5.3 MEDIUM
        V2: 2.6 LOW

  • CVE-2019-13691 — Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
    Published: November 25, 2019; 10:15:32 AM -05:00

    V3.1: 4.3 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-13692 — Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
    Published: November 25, 2019; 10:15:32 AM -05:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2019-13697 — Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
    Published: November 25, 2019; 10:15:32 AM -05:00

    V3.1: 6.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-13716 — Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
    Published: November 25, 2019; 10:15:33 AM -05:00

    V3.1: 4.3 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-5847 — Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: November 25, 2019; 10:15:35 AM -05:00

    V3.1: 6.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-18460 — An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.
    Published: November 26, 2019; 10:15:12 AM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2019-18448 — An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control.
    Published: November 26, 2019; 12:15:12 PM -05:00

    V3.1: 6.5 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2019-18450 — An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions.
    Published: November 26, 2019; 12:15:12 PM -05:00

    V3.1: 4.3 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2019-18451 — An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature. It has an Open Redirect.
    Published: November 26, 2019; 12:15:12 PM -05:00

    V3.1: 6.1 MEDIUM
        V2: 5.8 MEDIUM

  • CVE-2019-18452 — An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions.
    Published: November 26, 2019; 12:15:12 PM -05:00

    V3.1: 5.3 MEDIUM
        V2: 5.0 MEDIUM

  • CVE-2019-18453 — An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions.
    Published: November 26, 2019; 12:15:12 PM -05:00

    V3.1: 4.3 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2019-5848 — Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
    Published: November 25, 2019; 10:15:35 AM -05:00

    V3.1: 6.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-5849 — Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
    Published: November 25, 2019; 10:15:35 AM -05:00

    V3.1: 8.1 HIGH
        V2: 5.8 MEDIUM

  • CVE-2019-5852 — Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
    Published: November 25, 2019; 10:15:35 AM -05:00

    V3.1: 6.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-5853 — Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: November 25, 2019; 10:15:35 AM -05:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2019-5854 — Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
    Published: November 25, 2019; 10:15:36 AM -05:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2019-5866 — Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: November 25, 2019; 10:15:36 AM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2019-18457 — An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions.
    Published: November 26, 2019; 11:15:13 AM -05:00

    V3.1: 8.8 HIGH
        V2: 6.5 MEDIUM