Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-17471 |
Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. Published: November 14, 2018; 10:29:00 AM -0500 |
V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17469 |
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. Published: November 14, 2018; 10:29:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-17468 |
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. Published: November 14, 2018; 10:29:00 AM -0500 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17467 |
Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Published: November 14, 2018; 10:29:00 AM -0500 |
V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17466 |
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Published: November 14, 2018; 10:29:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-17465 |
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Published: November 14, 2018; 10:29:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-17464 |
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Published: November 14, 2018; 10:29:00 AM -0500 |
V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17463 |
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Published: November 14, 2018; 10:29:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-17462 |
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. Published: November 14, 2018; 10:29:00 AM -0500 |
V3.0: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2018-3699 |
Cross-site scripting in the Intel RAID Web Console v3 for Windows may allow an unauthenticated user to elevate privilege via remote access. Published: November 14, 2018; 9:29:00 AM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-3698 |
Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access. Published: November 14, 2018; 9:29:00 AM -0500 |
V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2018-3697 |
Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access. Published: November 14, 2018; 9:29:00 AM -0500 |
V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2018-3696 |
Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access. Published: November 14, 2018; 9:29:00 AM -0500 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2018-3635 |
Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access. Published: November 14, 2018; 9:29:00 AM -0500 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2018-3621 |
Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Published: November 14, 2018; 9:29:00 AM -0500 |
V3.0: 6.5 MEDIUM V2.0: 3.3 LOW |
CVE-2018-12174 |
Heap overflow in Intel Trace Analyzer 2018 in Intel Parallel Studio XE 2018 Update 3 may allow an authenticated user to potentially escalate privileges via local access. Published: November 14, 2018; 9:29:00 AM -0500 |
V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2018-19277 |
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file Published: November 14, 2018; 6:29:07 AM -0500 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-19271 |
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. Published: November 14, 2018; 6:29:07 AM -0500 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-19190 |
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter. Published: November 14, 2018; 4:29:00 AM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-19189 |
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement. Published: November 14, 2018; 4:29:00 AM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |