CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2019-5813 – chromium-browser: Out of bounds read in V8
https://notcve.org/view.php?id=CVE-2019-5813
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Use-after-free en V8 en Google Chrome antes de 74.0.3729.108 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html https://crbug.com/942699 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 htt • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2019-5805 – chromium-browser: Use after free in PDFium
https://notcve.org/view.php?id=CVE-2019-5805
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Use-after-free en PDFium en Google Chrome antes del 74.0.3729.108 permitió a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo PDF creado. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html https://crbug.com/913320 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 htt • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 8EXPL: 0CVE-2019-5807 – chromium-browser: Memory corruption in V8
https://notcve.org/view.php?id=CVE-2019-5807
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El problema de la vida útil del objeto en V8 en Google Chrome antes de 74.0.3729.108 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html https://crbug.com/945644 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 htt • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2019-5811 – chromium-browser: CORS bypass in Blink
https://notcve.org/view.php?id=CVE-2019-5811
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. El manejo incorrecto de CORS en ServiceWorker en Google Chrome antes de 74.0.3729.108 permitió a un atacante remoto omitir la misma política de origen a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html https://crbug.com/771815 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 htt •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-9211
https://notcve.org/view.php?id=CVE-2019-9211
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. Hay un aborto de aserción alcanzable en la función write_long_string_missing_values() en data/sys-file-writer.c en libdata.a en la versión 1.2.0 de GNU PSPP que conducirá a una denegación de servicio (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00068.html http://www.securityfocus.com/bid/107190 https://bugzilla.redhat.com/show_bug.cgi?id=1683499 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3QC6VFE2D7M6ZJXBXRIO4JZPKY57CLV • CWE-617: Reachable Assertion •