Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-28 CVE-2017-15413 Incorrect Type Conversion or Cast vulnerability in multiple products
Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
redhat debian google CWE-704
8.8
2018-08-28 CVE-2017-15412 Use After Free vulnerability in multiple products
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
redhat debian google xmlsoft CWE-416
8.8
2018-08-28 CVE-2017-15411 Use After Free vulnerability in multiple products
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google debian redhat CWE-416
8.8
2018-08-28 CVE-2017-15410 Use After Free vulnerability in multiple products
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google debian redhat CWE-416
8.8
2018-08-28 CVE-2017-15409 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian redhat CWE-119
8.8
2018-08-28 CVE-2017-15408 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.
network
low complexity
google debian redhat CWE-119
8.8
2018-08-28 CVE-2017-15407 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.
network
low complexity
google debian redhat CWE-787
8.8
2018-08-28 CVE-2018-15571 Improper Neutralization of Formula Elements in a CSV File vulnerability in Export Users to CSV Project Export Users to CSV
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.
local
low complexity
export-users-to-csv-project CWE-1236
8.6
2018-08-28 CVE-2018-15529 OS Command Injection vulnerability in Mutiny 5.01.00/5.01.10/5.01.11
A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
network
low complexity
mutiny CWE-78
8.8
2018-08-28 CVE-2014-6046 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.
network
low complexity
phpmyfaq CWE-352
8.8