National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:google:chrome_os:21.0.1180.39
There are 278 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2017-15403

Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.

Published: January 09, 2019; 02:29:00 PM -05:00
V3.0: 7.3 HIGH
    V2: 4.4 MEDIUM
CVE-2017-15402

Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Published: January 09, 2019; 02:29:00 PM -05:00
V3.0: 9.6 CRITICAL
    V2: 6.8 MEDIUM
CVE-2018-4937

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Published: May 19, 2018; 01:29:01 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2018-4936

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.

Published: May 19, 2018; 01:29:01 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-4935

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Published: May 19, 2018; 01:29:01 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2018-4934

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Published: May 19, 2018; 01:29:01 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-4933

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Published: May 19, 2018; 01:29:01 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2018-4932

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Published: May 19, 2018; 01:29:01 PM -04:00
V3.0: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2018-4920

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Published: May 19, 2018; 01:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2018-4919

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Published: May 19, 2018; 01:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-5179

Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.

Published: March 06, 2018; 09:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-15400

Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.

Published: February 07, 2018; 06:29:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2017-15397

Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position.

Published: February 07, 2018; 06:29:00 PM -05:00
V3.0: 7.4 HIGH
    V2: 5.8 MEDIUM
CVE-2017-11305

A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.

Published: December 13, 2017; 04:29:00 PM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-5084

Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint.

Published: October 27, 2017; 01:29:01 AM -04:00
V3.0: 3.3 LOW
    V2: 2.1 LOW
CVE-2017-11292

Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.

Published: October 22, 2017; 03:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2017-3106

Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.

Published: August 11, 2017; 03:29:02 PM -04:00
V3.0: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2017-3085

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

Published: August 11, 2017; 03:29:02 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-3100

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.

Published: July 17, 2017; 09:18:26 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-3099

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution.

Published: July 17, 2017; 09:18:26 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH