ios vulnerabilities and exploits

NA
CVE-2019-9901

Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond...

NA
CVE-2019-7304

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1....

NA
CVE-2019-5818

Google Chrome could allow a remote attacker to bypass security restrictions, caused by uninitialized value in media reader. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to gain unauthorized access to the system....

NA
CVE-2019-5813

Google Chrome could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in V8. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information....

NA
CVE-2019-5808

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free vulnerability in Blink. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on...

NA
CVE-2019-5809

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free vulnerability in Blink. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on...

NA
CVE-2019-5810

Google Chrome could allow a remote attacker to obtain sensitive information, caused by an error in Autofill. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information....

NA
CVE-2019-5811

Google Chrome could allow a remote attacker to bypass security restrictions, caused by a CORS bypass in Blink. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to gain unauthorized access to the system....

NA
CVE-2019-5815

Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Blink. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to...

NA
CVE-2019-5814

Google Chrome could allow a remote attacker to bypass security restrictions, caused by a CORS bypass in Blink. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to gain unauthorized access to the system....