| Month | Quarter | Year |
|---|---|---|
| #4 | #5 | #N/A |
| CVE-ID | CWE-ID | Type | Score |
|---|---|---|---|
| CVE-2018-9502 | CWE-125 | Out-of-bounds Read | 6.5 |
|
In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111936792
|
|||
| CVE-2018-8567 | CWE-264 | Permissions, Privileges, and Access Control | 5.4 |
|
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.
|
|||
| CVE-2018-8358 | CWE-254 | Security Features | 4.3 |
|
A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
|
|||
| CVE-2018-8243 | CWE-119 | Buffer Errors | 7.5 |
|
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8267.
|
|||
| CVE-2018-8112 | CWE-200 | Information Leak / Disclosure | 4.3 |
|
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
|
|||
| CVE-2018-6097 | CWE-19 | Data Handling | 6.5 |
|
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.
|
|||
| CVE-2018-6096 | CWE-20 | Input Validation | 6.5 |
|
A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
|
|||
| CVE-2018-6082 | CWE-200 | Information Leak / Disclosure | 4.7 |
|
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
|
|||
| CVE-2018-6049 | CWE-254 | Security Features | 6.5 |
|
Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.
|
|||
| CVE-2018-6040 | CWE-254 | Security Features | 6.5 |
|
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.
|
|||