|
255061
|
7.0 |
HIGH
Local
|
google
|
chrome
|
Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptoh…
|
CWE-362
Race Condition
|
CVE-2017-15405
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255062
|
7.8 |
HIGH
Local
|
google
|
chrome
|
An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2017-15404
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255063
|
7.3 |
HIGH
Local
|
google
|
chrome
|
Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute…
|
CWE-77
Command Injection
|
CVE-2017-15403
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255064
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prio…
|
CWE-20
Improper Input Validation
|
CVE-2017-15402
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255065
|
8.8 |
HIGH
Network
|
google
|
chrome
|
A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code …
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2017-15401
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255066
|
6.5 |
MEDIUM
Network
|
inedo
|
proget
|
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.
|
CWE-352
Origin Validation Error
|
CVE-2017-15608
|
2024-11-21 12:14 |
2018-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255067
|
6.1 |
MEDIUM
Network
|
google
debian
redhat
|
chrome
debian_linux
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
|
Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15429
|
2024-11-21 12:14 |
2018-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255068
|
8.8 |
HIGH
Network
|
google
|
chrome
|
A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15406
|
2024-11-21 12:14 |
2018-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255069
|
8.8 |
HIGH
Network
|
google
debian
redhat
|
chrome
debian_linux
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
|
A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
CWE-416
Use After Free
|
CVE-2017-15399
|
2024-11-21 12:14 |
2018-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255070
|
9.8 |
CRITICAL
Network
|
google
redhat
debian
|
chrome
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
debian_linux
|
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15398
|
2024-11-21 12:14 |
2018-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
