Security Vulnerabilities - CVEs Published In February 2019
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.
CVSS Score
8.8
EPSS Score
0.009
Published
2019-02-19
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVSS Score
6.5
EPSS Score
0.009
Published
2019-02-19
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVSS Score
6.5
EPSS Score
0.009
Published
2019-02-19
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVSS Score
6.5
EPSS Score
0.009
Published
2019-02-19
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-02-19
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVSS Score
4.3
EPSS Score
0.007
Published
2019-02-19
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-02-19
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-02-19
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
CVSS Score
8.1
EPSS Score
0.009
Published
2019-02-19
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
CVSS Score
8.8
EPSS Score
0.025
Published
2019-02-19