Month | Quarter | Year |
---|---|---|
#2 | #5 | #4 |
CVE-ID | CWE-ID | Type | Score |
---|---|---|---|
CVE-2018-6084 | CWE-20 | Input Validation | 7.8 |
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.
|
|||
CVE-2018-6080 | CWE-264 | Permissions, Privileges, and Access Control | 6.5 |
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .
|
|||
CVE-2018-6065 | CWE-190 | Integer Overflow or Wraparound | 8.8 |
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||
CVE-2018-6064 | CWE-704 | Incorrect Type Conversion or Cast | 8.8 |
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||
CVE-2018-6063 | CWE-787 | Out-of-bounds Write | 8.8 |
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
|
|||
CVE-2018-6057 | CWE-254 | Security Features | 8.8 |
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.
|
|||
CVE-2018-6056 | CWE-704 | Incorrect Type Conversion or Cast | 8.8 |
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
|
|||
CVE-2018-4937 | CWE-787 | Out-of-bounds Write | 9.8 |
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
|
|||
CVE-2018-4936 | CWE-119 | Buffer Errors | 7.5 |
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.
|
|||
CVE-2018-4935 | CWE-787 | Out-of-bounds Write | 9.8 |
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
|