NVD Vulnerabilities

Subscribe to NVD Vulnerabilities feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 14 min 58 sec ago

CVE-2018-17469

Wed, 11/14/2018 - 10:29
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
Categories: NVD

CVE-2018-17471

Wed, 11/14/2018 - 10:29
Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
Categories: NVD

CVE-2018-17472

Wed, 11/14/2018 - 10:29
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.
Categories: NVD

CVE-2018-17473

Wed, 11/14/2018 - 10:29
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Categories: NVD

CVE-2018-17474

Wed, 11/14/2018 - 10:29
Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Categories: NVD

CVE-2018-17475

Wed, 11/14/2018 - 10:29
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Categories: NVD

CVE-2018-17476

Wed, 11/14/2018 - 10:29
Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
Categories: NVD

CVE-2018-17477

Wed, 11/14/2018 - 10:29
Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.
Categories: NVD

CVE-2018-6057

Wed, 11/14/2018 - 10:29
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.
Categories: NVD

CVE-2018-12174

Wed, 11/14/2018 - 09:29
Heap overflow in Intel Trace Analyzer 2018 in Intel Parallel Studio XE 2018 Update 3 may allow an authenticated user to potentially escalate privileges via local access.
Categories: NVD

CVE-2018-3621

Wed, 11/14/2018 - 09:29
Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
Categories: NVD

CVE-2018-3635

Wed, 11/14/2018 - 09:29
Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access.
Categories: NVD

CVE-2018-3696

Wed, 11/14/2018 - 09:29
Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access.
Categories: NVD

CVE-2018-3697

Wed, 11/14/2018 - 09:29
Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access.
Categories: NVD

CVE-2018-3698

Wed, 11/14/2018 - 09:29
Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access.
Categories: NVD

CVE-2018-3699

Wed, 11/14/2018 - 09:29
Cross-site scripting in the Intel RAID Web Console v3 for Windows may allow an unauthenticated user to elevate privilege via remote access.
Categories: NVD

CVE-2018-19271

Wed, 11/14/2018 - 06:29
Centreon 3.4.x allows SQL Injection via the main.php searchH parameter.
Categories: NVD

CVE-2018-19277

Wed, 11/14/2018 - 06:29
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
Categories: NVD

CVE-2018-19186

Wed, 11/14/2018 - 04:29
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter.
Categories: NVD

CVE-2018-19187

Wed, 11/14/2018 - 04:29
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement.
Categories: NVD