CVE en KEV CISA
137 entrées
| CVE | Sévérité | KEV | Publié | Description |
|---|---|---|---|---|
| CVE-2021-37976 | MEDIUM 6.5 | KEV | Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from proces… | |
| CVE-2021-37973 | CRITICAL 9.6 | KEV | Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sa… | |
| CVE-2021-37975 | HIGH 8.8 | KEV | Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30632 | HIGH 8.8 | KEV | Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30633 | CRITICAL 9.6 | KEV | Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perfo… | |
| CVE-2021-28550 | HIGH 8.8 | KEV | Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Fre… | |
| CVE-2021-30563 | HIGH 8.8 | KEV | Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30554 | HIGH 8.8 | KEV | Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30551 | HIGH 8.8 | KEV | Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30533 | MEDIUM 6.5 | KEV | Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafte… | |
| CVE-2021-21206 | HIGH 8.8 | KEV | Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21224 | HIGH 8.8 | KEV | Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |
| CVE-2021-21220 | HIGH 8.8 | KEV | Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a… | |
| CVE-2021-21193 | HIGH 8.8 | KEV | Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-26411 | HIGH 8.8 | KEV | Internet Explorer Memory Corruption Vulnerability | |
| CVE-2021-21166 | HIGH 8.8 | KEV | Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21017 | HIGH 8.8 | KEV | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based bu… | |
| CVE-2021-21148 | HIGH 8.8 | KEV | Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2020-6572 | HIGH 8.8 | KEV | Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | |
| CVE-2020-16017 | CRITICAL 9.6 | KEV | Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perf… | |
| CVE-2020-16013 | HIGH 8.8 | KEV | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML … | |
| CVE-2020-16010 | CRITICAL 9.6 | KEV | Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially… | |
| CVE-2020-16009 | HIGH 8.8 | KEV | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML … | |
| CVE-2020-15999 | CRITICAL 9.6 | KEV | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pa… | |
| CVE-2020-0878 | MEDIUM 4.2 | KEV | <p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way th… | |
| CVE-2020-6819 | HIGH 8.1 | KEV | Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abu… | |
| CVE-2020-6820 | HIGH 8.1 | KEV | Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing thi… | |
| CVE-2019-17026 | HIGH 8.8 | KEV | Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild a… | |
| CVE-2020-6418 | HIGH 8.8 | KEV | Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-18426 | HIGH 8.2 | KEV | A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and l… | |
| CVE-2019-5825 | MEDIUM 6.5 | KEV | Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pa… | |
| CVE-2019-13720 | HIGH 8.8 | KEV | Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-1297 | HIGH 8.8 | KEV | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Rem… | |
| CVE-2019-11707 | HIGH 8.8 | KEV | A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware… | |
| CVE-2019-11708 | CRITICAL 10.0 | KEV | Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process op… | |
| CVE-2019-5786 | MEDIUM 6.5 | KEV | Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a craft… | |
| CVE-2019-3568 | CRITICAL 9.8 | KEV | A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number… | |
| CVE-2018-17480 | HIGH 8.8 | KEV | Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a rem… | |
| CVE-2018-6065 | HIGH 8.8 | KEV | Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a r… | |
| CVE-2018-17463 | HIGH 8.8 | KEV | Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafte… | |
| CVE-2016-9079 | HIGH 7.5 | KEV | A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox a… | |
| CVE-2018-0798 | HIGH 8.8 | KEV | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability … | |
| CVE-2018-0802 | HIGH 7.8 | KEV | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability d… | |
| CVE-2017-5070 | HIGH 8.8 | KEV | Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arb… | |
| CVE-2017-11826 | HIGH 7.8 | KEV | Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 200… | |
| CVE-2017-11774 | HIGH 7.8 | KEV | Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles … | |
| CVE-2017-5030 | HIGH 8.8 | KEV | Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote a… | |
| CVE-2017-0037 | HIGH 8.1 | KEV | Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningEle… | |
| CVE-2016-5198 | HIGH 8.8 | KEV | V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumpt… | |
| CVE-2016-7262 | HIGH 7.8 | KEV | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted re… |