Total
1577 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5088 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |||||
CVE-2017-5052 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting. | |||||
CVE-2017-5111 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. | |||||
CVE-2017-5063 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
CVE-2017-5068 | 5 Apple, Google, Linux and 2 more | 7 Macos, Chrome, Linux Kernel and 4 more | 2023-12-10 | 5.1 MEDIUM | 7.5 HIGH |
Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page. | |||||
CVE-2017-8665 | 2 Apple, Microsoft | 2 Macos, Xamarin.ios | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability." | |||||
CVE-2017-5121 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. | |||||
CVE-2017-5116 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
CVE-2017-5070 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
CVE-2017-5087 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape. | |||||
CVE-2017-5062 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension. | |||||
CVE-2017-5091 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
CVE-2017-5114 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. | |||||
CVE-2017-5048 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | |||||
CVE-2017-5035 | 5 Apple, Debian, Google and 2 more | 7 Macos, Debian Linux, Chrome and 4 more | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. | |||||
CVE-2017-5051 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | |||||
CVE-2017-5030 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page. | |||||
CVE-2017-5037 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | |||||
CVE-2017-5029 | 7 Apple, Debian, Google and 4 more | 10 Macos, Debian Linux, Android and 7 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |||||
CVE-2017-5050 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. |