Month | Quarter | Year |
---|---|---|
#116 | #245 | #N/A |
CVE-ID | CWE-ID | Type | Score |
---|---|---|---|
CVE-2019-0921 | CWE-20 | Input Validation | 6.5 |
An spoofing vulnerability exists when Internet Explorer improperly handles URLs, aka 'Internet Explorer Spoofing Vulnerability'.
|
|||
CVE-2018-6096 | CWE-20 | Input Validation | 6.5 |
A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
|
|||
CVE-2018-6082 | CWE-200 | Information Leak / Disclosure | 4.7 |
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
|
|||
CVE-2018-6049 | CWE-254 | Security Features | 6.5 |
Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.
|
|||
CVE-2018-6040 | CWE-254 | Security Features | 6.5 |
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.
|
|||
CVE-2018-4440 | CWE-20 | Input Validation | 4.3 |
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
|
|||
CVE-2018-18354 | CWE-20 | Input Validation | 8.8 |
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.
|
|||
CVE-2018-18353 | CWE-18 | Source Code | 6.5 |
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.
|
|||
CVE-2017-5118 | CWE-254 | Security Features | 4.3 |
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
|
|||
CVE-2017-15426 | CWE-20 | Input Validation | 6.5 |
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
|