NVD disclosure day
CVE-2018-6065
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An integer overflow in the V8 JavaScript engine could lead to heap corruption. This impacts organizations by potentially compromising data and disrupting services if employees access malicious web pages. The risk to business operations is elevated due to the exploitability of this flaw.
CVE-2018-17463
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in Google Chrome's V8 engine allows remote attackers to execute arbitrary code within a sandbox via a crafted HTML page. This impacts organizations by potentially compromising employee systems and sensitive data, posing a significant business risk.
CVE-2018-8589
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in Windows allows for privilege escalation when the system improperly handles calls to Win32k.sys. This impacts organizations running affected Windows versions by potentially allowing local attackers elevated permissions, increasing business risk.
CVE-2018-8581
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
An elevation of privilege vulnerability in Microsoft Exchange Server could allow an attacker to impersonate other users. This may lead to unauthorized access and data compromise. The CISA lists this CVE as actively exploited, posing a business risk.