CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6114 – chromium-browser: CSP bypass
https://notcve.org/view.php?id=CVE-2018-6114
09 Jan 2019 — Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page. La aplicación incorrecta de la política de seguridad de contenido (CSP) para las etiquetas en Blink en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto omitiese la política de seguridad de contenido mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 80%CPEs: 6EXPL: 2CVE-2018-20346 – Apple Security Advisory 2019-1-22-3
https://notcve.org/view.php?id=CVE-2018-20346
21 Dec 2018 — SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. SQLite anterior a la versión 3.25.3, cuando la extensión FTS3 está habilitada, encuentra un desbordamiento de enteros (y el desbordamiento del búfer result... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 89%CPEs: 5EXPL: 1CVE-2018-17480 – Google Chromium V8 Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2018-17480
11 Dec 2018 — Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Ejecución de código JavaScript proporcionado por el usuario durante una deserialización de arrays, la cual provoca una escritura fuera de límites en la versión "V8" de Google Chrome en versiones anteriores a la 71.0.3578.80, permitía a un atacante remoto ejecutar código a... • http://www.securityfocus.com/bid/106084 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-17481 – chromium-browser: Use after frees in PDFium
https://notcve.org/view.php?id=CVE-2018-17481
11 Dec 2018 — Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. El manejo incorrecto del ciclo de vida de objetos en PDFium en Google Chrome, en versiones anteriores a la 71.0.3578.98, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium t... • http://www.securityfocus.com/bid/106084 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-18335 – chromium-browser: Heap buffer overflow in Skia
https://notcve.org/view.php?id=CVE-2018-18335
11 Dec 2018 — Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de búfer basado en memoria dinámica (heap) en Skia en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 71.0... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18336 – chromium-browser: Use after free in PDFium
https://notcve.org/view.php?id=CVE-2018-18336
11 Dec 2018 — Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. El ciclo de vida de un objecto incorrecto en PDFium en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 71.0.3578.80. I... • http://www.securityfocus.com/bid/106084 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2018-18337 – chromium-browser: Use after free in Blink
https://notcve.org/view.php?id=CVE-2018-18337
11 Dec 2018 — Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Manejo incorrecto de hojas de estilo que provoca un uso de memoria previamente liberada en Blink en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía a un atacante remoto explotar la corrupción de la memoria dinámica (heap) Chromium is an open-source web browser, powered by WebKit. This update up... • http://www.securityfocus.com/bid/106084 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2018-18338 – chromium-browser: Heap buffer overflow in Canvas
https://notcve.org/view.php?id=CVE-2018-18338
11 Dec 2018 — Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El uso incorrecto con hilos no seguros de SkImage en Canvas en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía a un atacante remoto explotar la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to ve... • http://www.securityfocus.com/bid/106084 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18339 – chromium-browser: Use after free in WebAudio
https://notcve.org/view.php?id=CVE-2018-18339
11 Dec 2018 — Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El ciclo de vida de un objecto incorrecto en WebAudio en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 71.0.3578... • http://www.securityfocus.com/bid/106084 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2018-18340 – chromium-browser: Use after free in MediaRecorder
https://notcve.org/view.php?id=CVE-2018-18340
11 Dec 2018 — Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El ciclo de vida de un objecto incorrecto en MediaRecorder en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version... • http://www.securityfocus.com/bid/106084 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •