Page 112 of 596 results (0.036 seconds)

CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 0

CVE-2018-6097 – chromium-browser: Fullscreen UI spoof

https://notcve.org/view.php?id=CVE-2018-6097

Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page. La gestión incorrecta de los métodos asíncronos en Fullscreen en Google Chrome, en versiones anteriores a la 66.0.3359.117 para macOS, permitía que un atacante remoto pudiese entrar en modo de pantalla completa sin mostrar un aviso mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103917 https://access.redhat.com/errata/RHSA-2018:1195 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/806162 https://security.gentoo.org/glsa/201804-22 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6097 https://bugzilla.redhat.com/show_bug.cgi?id=1568775 • CWE-19: Data Processing Errors •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2018-6084 – Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation

https://notcve.org/view.php?id=CVE-2018-6084

Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file. Los objetos distribuidos poco saneados en Updater en Google Chrome, en versiones anteriores a la 66.0.3359.117 para macOS, permitían que un atacante local ejecutase código arbitrario mediante un archivo ejecutable. Google software updater suffers from a local privilege escalation vulnerability on MacOS due to unsafe use of Distributed Objects. • https://www.exploit-db.com/exploits/44307 http://www.securityfocus.com/bid/103468 http://www.securityfocus.com/bid/103917 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/822424 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 2

CVE-2017-16541 – Mozilla: Proxy bypass using automount and autofs

https://notcve.org/view.php?id=CVE-2017-16541

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. El navegador Tor en versiones anteriores a la 7.0.9 en macOS y Linux permite que atacantes remotos sin omitan las características de anonimato previstas y descubran una dirección IP de cliente mediante vectores que impliquen un sitio web manipulado que aproveche la mala gestión de file:// en Firefox. Esto también se conoce como TorMoil. NOTA: Tails no se ha visto afectado. • https://github.com/Ethan-Chen-uwo/A-breif-introduction-of-CVE-2017-16541 http://www.securityfocus.com/bid/101665 http://www.securitytracker.com/id/1041610 https://access.redhat.com/errata/RHSA-2018:2692 https://access.redhat.com/errata/RHSA-2018:2693 https://access.redhat.com/errata/RHSA-2018:3403 https://access.redhat.com/errata/RHSA-2018:3458 https://blog.torproject.org/tor-browser-709-released https://bugzilla.mozilla.org/show_bug.cgi?id=1412081 https://lists.debian.or • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 4%CPEs: 9EXPL: 0

CVE-2017-5121 – chromium-browser: out-of-bounds access in v8

https://notcve.org/view.php?id=CVE-2017-5121

Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. El uso inapropiado de la optimización JIT en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.100 para Linux, Windows y Mac, permitía que un atacante remoto ejecutase código arbitrario en un espacio aislado o sandbox mediante una página HTML manipulada. Esto está relacionado con la fase de análisis de escape. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100947 http://www.securitytracker.com/id/1039497 https://access.redhat.com/errata/RHSA-2017:2792 https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html https://crbug.com/765433 https://security.gentoo.org/glsa/201709-25 https://access.redhat.com/security/cve/CVE-2017-5121 https:/ • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0

CVE-2017-5120 – chromium-browser: potential https downgrade during redirect navigation

https://notcve.org/view.php?id=CVE-2017-5120

Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring). El uso incorrecto de redirecciones no coincidentes de www en la navegación por el explorador en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, Windows y Linux y a la 61.0.3163.81 para Android, permitía que un atacante remoto degradase las peticiones HTTPS a HTTP mediante una página HTML manipulada. En otras palabras, Chrome podría transmitir texto en claro incluso aunque el usuario hubiese introducido una URL https. Esto se debe a un método alternativo mal diseñado para los casos en los que el nombre de dominio en una URL casi coincide con el nombre de dominio en un certificado del servidor X.509 (pero difiere en la subcadena "www." inicial). • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/718676 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5120 https://bugzilla.redhat.com/show_bug.cgi?id=1488782 •