CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3851 CVE-2018-6174 190 Exec Code Overflow 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page.
3852 CVE-2018-6170 787 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
3853 CVE-2018-6161 20 Bypass 2019-06-27 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
3854 CVE-2018-6157 704 2019-06-27 2019-07-01
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
3855 CVE-2018-6156 119 Overflow 2019-06-27 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
3856 CVE-2018-6154 119 Overflow 2019-06-27 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
3857 CVE-2018-6153 787 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
3858 CVE-2018-6151 125 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.
3859 CVE-2018-6149 787 2019-06-27 2019-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
3860 CVE-2018-6144 787 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.
3861 CVE-2018-6141 125 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.
3862 CVE-2018-6139 20 Exec Code 2019-01-09 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
3863 CVE-2018-6131 416 2019-06-27 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
3864 CVE-2018-6126 787 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
3865 CVE-2018-6121 20 2019-06-27 2019-07-01
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page.
3866 CVE-2018-6120 787 Exec Code Overflow 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
3867 CVE-2018-6118 416 Exec Code 2019-06-27 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
3868 CVE-2018-6111 20 Exec Code 2019-01-09 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.
3869 CVE-2018-6094 119 Overflow 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
3870 CVE-2018-6092 190 Exec Code Overflow 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
3871 CVE-2018-6090 190 Exec Code Overflow 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
3872 CVE-2018-6088 20 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
3873 CVE-2018-6087 416 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
3874 CVE-2018-6086 416 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
3875 CVE-2018-6085 20 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
3876 CVE-2018-6083 2018-11-14 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
3877 CVE-2018-6074 20 Bypass 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
3878 CVE-2018-6073 119 Overflow 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
3879 CVE-2018-6072 190 Overflow 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
3880 CVE-2018-6071 190 Overflow 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
3881 CVE-2018-6067 125 2018-11-14 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
3882 CVE-2018-6065 190 Overflow 2018-11-14 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
3883 CVE-2018-6064 704 2018-11-14 2019-05-02
6.8
None Remote Medium Not required Partial Partial Partial
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
3884 CVE-2018-6063 787 2018-11-14 2018-12-26
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
3885 CVE-2018-6062 787 Overflow 2018-11-14 2018-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
3886 CVE-2018-6060 416 2018-11-14 2018-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
3887 CVE-2018-6057 732 Bypass 2018-11-14 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.
3888 CVE-2018-6055 20 2018-09-25 2018-11-20
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.
3889 CVE-2018-6054 416 2018-09-25 2018-11-20
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
3890 CVE-2018-6043 20 2018-09-25 2018-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.
3891 CVE-2018-6035 200 +Info 2018-09-25 2018-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
3892 CVE-2018-6033 20 2018-09-25 2018-11-20
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.
3893 CVE-2018-6031 416 2018-09-25 2018-11-20
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
3894 CVE-2018-6023 352 CSRF 2018-05-11 2018-06-14
6.8
None Remote Medium Not required Partial Partial Partial
Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc.
3895 CVE-2018-6021 78 Exec Code 2018-05-09 2018-06-13
6.5
None Remote Low Single system Partial Partial Partial
Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution.
3896 CVE-2018-6020 287 2018-05-09 2018-06-13
6.4
None Remote Low Not required None Partial Partial
In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings.
3897 CVE-2018-6018 319 2018-01-24 2019-10-02
6.4
None Remote Low Not required Partial Partial None
Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic.
3898 CVE-2018-6017 319 2018-01-24 2019-10-02
6.4
None Remote Low Not required Partial Partial None
Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic.
3899 CVE-2018-6009 352 CSRF 2018-01-22 2018-02-09
6.8
None Remote Medium Not required Partial Partial Partial
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.
3900 CVE-2018-6007 352 CSRF 2018-01-29 2018-02-15
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.