| Month | Quarter | Year |
|---|---|---|
| #9 | #5 | #5 |
| CVE-ID | CWE-ID | Type | Score |
|---|---|---|---|
| CVE-2018-6974 | CWE-125 | Out-of-bounds Read | 8.8 |
|
VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host.
|
|||
| CVE-2018-6973 | CWE-787 | Out-of-bounds Write | 8.8 |
|
VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.
|
|||
| CVE-2018-6179 | CWE-200 | Information Leak / Disclosure | 6.5 |
|
Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.
|
|||
| CVE-2018-6170 | CWE-787 | Out-of-bounds Write | 8.8 |
|
A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
|
|||
| CVE-2018-6088 | CWE-20 | Input Validation | 8.8 |
|
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
|
|||
| CVE-2018-6087 | CWE-416 | Use After Free | 8.8 |
|
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
|
|||
| CVE-2018-6071 | CWE-190 | Integer Overflow or Wraparound | 8.8 |
|
An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
|
|||
| CVE-2018-6062 | CWE-787 | Out-of-bounds Write | 8.8 |
|
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
|
|||
| CVE-2018-6031 | CWE-416 | Use After Free | 8.8 |
|
Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
|
|||
| CVE-2018-5095 | CWE-190 | Integer Overflow or Wraparound | 9.8 |
|
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
|
|||