CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5251 CVE-2017-5127 416 2018-02-07 2018-02-23
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
5252 CVE-2017-5126 416 2018-02-07 2018-02-22
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
5253 CVE-2017-5125 119 Overflow 2018-02-07 2018-02-23
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
5254 CVE-2017-5122 119 Overflow 2017-10-27 2017-12-08
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page.
5255 CVE-2017-5121 20 Exec Code 2017-10-27 2017-12-08
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.
5256 CVE-2017-5116 704 Exec Code 2017-10-27 2018-01-19
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
5257 CVE-2017-5115 704 2017-10-27 2017-12-30
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
5258 CVE-2017-5114 119 Overflow Mem. Corr. 2017-10-27 2017-12-30
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
5259 CVE-2017-5113 119 Overflow 2017-10-27 2017-12-30
6.8
None Remote Medium Not required Partial Partial Partial
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
5260 CVE-2017-5112 119 Exec Code Overflow 2017-10-27 2017-12-30
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
5261 CVE-2017-5111 416 Mem. Corr. 2017-10-27 2017-12-30
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
5262 CVE-2017-5108 704 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.
5263 CVE-2017-5100 416 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
5264 CVE-2017-5099 20 +Priv 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page.
5265 CVE-2017-5098 416 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
5266 CVE-2017-5097 20 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
5267 CVE-2017-5095 119 Overflow 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.
5268 CVE-2017-5092 20 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
5269 CVE-2017-5091 416 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
5270 CVE-2017-5088 125 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
5271 CVE-2017-5087 416 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape.
5272 CVE-2017-5080 416 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
5273 CVE-2017-5078 77 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument.
5274 CVE-2017-5077 125 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
5275 CVE-2017-5073 416 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
5276 CVE-2017-5071 125 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
5277 CVE-2017-5070 704 Exec Code 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
5278 CVE-2017-5064 119 Overflow 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
5279 CVE-2017-5063 125 Overflow 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
5280 CVE-2017-5062 416 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension.
5281 CVE-2017-5059 704 Exec Code 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.
5282 CVE-2017-5058 416 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
5283 CVE-2017-5057 125 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
5284 CVE-2017-5056 125 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
5285 CVE-2017-5054 119 Overflow 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page.
5286 CVE-2017-5053 264 Exec Code 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.
5287 CVE-2017-5052 119 Overflow Mem. Corr. 2017-10-27 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting.
5288 CVE-2017-5051 190 Overflow 2017-04-24 2017-04-28
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
5289 CVE-2017-5050 190 Overflow 2017-04-24 2017-04-28
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
5290 CVE-2017-5049 190 Overflow 2017-04-24 2017-04-28
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
5291 CVE-2017-5048 190 Overflow 2017-04-24 2017-04-28
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
5292 CVE-2017-5047 190 Overflow 2017-04-24 2017-04-28
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
5293 CVE-2017-5044 119 Overflow 2017-04-24 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
5294 CVE-2017-5043 416 2017-04-24 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.
5295 CVE-2017-5039 416 2017-04-24 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
5296 CVE-2017-5038 416 2017-04-24 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.
5297 CVE-2017-5037 190 Overflow 2017-04-24 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
5298 CVE-2017-5036 416 2017-04-24 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.
5299 CVE-2017-5035 362 2017-04-24 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.
5300 CVE-2017-5034 416 2017-04-24 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.