Page 14 of 123 results (0.014 seconds)

CVSS: 7.5EPSS: 3%CPEs: 7EXPL: 0

CVE-2015-1230 – Google Chrome V8EventListenerList::findOrCreateWrapper Type Confusion Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-1230

The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that adds an AudioContext event listener and triggers "type confusion." La función getHiddenProperty en bindings/core/v8/V8EventListenerList.h en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, tiene un conflicto de nombres con la clase AudioContext, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de código JavaScript que añade un oyente de eventos AudioContext y provoca una 'confusión de tipos.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within findOrCreateWrapper. By manipulating a document's elements, an attacker can force a type confusion error while adding an event listener. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=449610 https://security.gentoo.org/glsa/201503-12 https://src.chromium.org/viewvc/blink?revision=189006&view=revision https://access.redhat.com/security/cve/CVE-2015-1230 https://bugzilla.redhat.com/show_bug.cgi?id=1198537 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0

CVE-2015-1215 – chromium-browser: Out-of-bounds write in skia filters

https://notcve.org/view.php?id=CVE-2015-1215

The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation. La implementación de filtrado en Skia, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que provocan una operación de escritura fuera de rango. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=445809 https://security.gentoo.org/glsa/201503-12 https://access.redhat.com/security/cve/CVE-2015-1215 https://bugzilla.redhat.com/show_bug.cgi?id=1198521 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 6.8EPSS: 1%CPEs: 7EXPL: 0

CVE-2015-1220 – chromium-browser: Use-after-free in gif decoder

https://notcve.org/view.php?id=CVE-2015-1220

Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image. Vulnerabilidad de uso después de liberación en la función GIFImageReader::parseData en platform/image-decoders/gif/GIFImageReader.cpp en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un tamaño de trama manipulado en una imagen GIF. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=437651 https://security.gentoo.org/glsa/201503-12 https://src.chromium.org/viewvc/blink?revision=188423&view=revision https://access.redhat.com/security/cve/CVE-2015-1220 https://bugzilla.redhat.com/show_bug.cgi?id=1198527 • CWE-416: Use After Free •

CVSS: 5.8EPSS: 0%CPEs: 34EXPL: 0

CVE-2014-8160 – kernel: iptables restriction bypass if a protocol handler kernel module not loaded

https://notcve.org/view.php?id=CVE-2014-8160

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. net/netfilter/nf_conntrack_proto_generic.c en el kernel de Linux anterior a 3.18 genera entradas conntrack incorrectas durante el manejo de ciertos juegos de reglas iptables para los protocolos SCTP, DCCP, GRE, y UDP-Lite, lo que permite a atacantes remotos evadir las restricciones de acceso a través de paquetes con números de puertos rechazados. A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db29a9508a9246e77087c5531e45b2c88ec6988b http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-0284.html http://rhn.redhat.com/errata/RHSA&# • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 2%CPEs: 24EXPL: 1

CVE-2014-9666

https://notcve.org/view.php?id=CVE-2014-9666

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. La función tt_sbit_decoder_init en sfnt/ttsbit.c en FreeType anterior a 2.5.4 proceda con una asociación de contar a tamaño (count-to-size) sin restringir el valor de la cuenta, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de enteros y lectura fuera de rango o posiblemente tener otro impacto a través de un bitmap embebido manipulado. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=167 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://www.debian.org/security/2015/dsa-3188 http • CWE-189: Numeric Errors •