Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2017-5058 | Use After Free vulnerability in Google Chrome A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5057 | Type Confusion vulnerability in multiple products Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | 8.8 |
| 2017-10-27 | CVE-2017-5056 | Use After Free vulnerability in multiple products A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5055 | Use After Free vulnerability in Google Chrome A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5054 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5052 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting. | 8.8 |
| 2017-10-26 | CVE-2017-5996 | Untrusted Search Path vulnerability in Beyondtrust Remote Support The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions. | 7.8 |
| 2017-10-26 | CVE-2017-3771 | Unspecified vulnerability in Lenovo products System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process. | 7.5 |
| 2017-10-26 | CVE-2017-12160 | Improper Authentication vulnerability in Redhat Keycloak It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. | 7.2 |
| 2017-10-26 | CVE-2017-12159 | Insufficient Session Expiration vulnerability in multiple products It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. | 7.5 |