| Month | Quarter | Year |
|---|---|---|
| #14 | #14 | #7 |
| CVE-ID | CWE-ID | Type | Score |
|---|---|---|---|
| CVE-2018-17457 | CWE-416 | Use After Free | 8.8 |
|
An object lifecycle issue in Blink could lead to a use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
|
|||
| CVE-2018-16067 | CWE-416 | Use After Free | 6.5 |
|
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||
| CVE-2018-12841 | CWE-415 | Double Free | 7.8 |
|
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution.
|
|||
| CVE-2018-12838 | CWE-119 | Buffer Errors | 5.5 |
|
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a stack overflow vulnerability. Successful exploitation could lead to information disclosure.
|
|||
| CVE-2018-12833 | CWE-119 | Buffer Errors | 7.8 |
|
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
|
|||
| CVE-2017-13299 | None | None | 7.5 |
|
A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394.
|
|||
| CVE-2017-13298 | CWE-200 | Information Leak / Disclosure | 5.3 |
|
A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051.
|
|||
| CVE-2017-13296 | CWE-200 | Information Leak / Disclosure | 5.3 |
|
A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454.
|
|||
| CVE-2017-13289 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
|
In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70398564.
|
|||
| CVE-2017-13288 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
|
In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69634768.
|
|||