Month | Quarter | Year |
---|---|---|
#212 | #N/A | #N/A |
CVE-ID | CWE-ID | Type | Score |
---|---|---|---|
CVE-2019-6210 | CWE-119 | Buffer Errors | 7.8 |
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to execute arbitrary code with kernel privileges.
|
|||
CVE-2018-6118 | CWE-416 | Use After Free | 8.8 |
A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
|
|||
CVE-2018-6086 | CWE-416 | Use After Free | 8.8 |
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
|
|||
CVE-2018-6085 | CWE-20 | Input Validation | 8.8 |
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
|
|||
CVE-2018-6067 | CWE-119 | Buffer Errors | 8.8 |
Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||
CVE-2018-17462 | CWE-20 | Input Validation | 9.6 |
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
|
|||
CVE-2017-5091 | CWE-416 | Use After Free | 8.8 |
A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
|
|||
CVE-2017-15416 | CWE-119 | Buffer Errors | 6.5 |
Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.
|
|||
CVE-2017-15407 | CWE-787 | Out-of-bounds Write | 8.8 |
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.
|
|||
CVE-2017-15398 | CWE-119 | Buffer Errors | 9.8 |
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.
|