Page 178 of 1428 results (0.023 seconds)

CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0

CVE-2016-1676 – chromium-browser: cross-origin bypass in extension bindings

https://notcve.org/view.php?id=CVE-2016-1676

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. extensions/renderer/resources/binding.js en las extensiones vinculantes en Google Chrome en versiones anteriores a 51.0.2704.63 no utiliza adecuadamente prototipos, lo que permite a atacantes remotos eludir la Same Origin Policy a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 https://access.redhat.com/errata/RHSA-2016:1190 https://codereview& • CWE-284: Improper Access Control •

CVSS: 5.3EPSS: 0%CPEs: 11EXPL: 0

CVE-2016-1692 – chromium-browser: limited cross-origin bypass in serviceworker

https://notcve.org/view.php?id=CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. WebKit/Source/core/css/StyleSheetContents.cpp en Blink, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, permite la carga de origen cruzado de hojas de estilos de CSS con ServiceWorker incluso cuando la descarga de hoja de estilo tiene un tipo MIME incorrecto, lo que permite a atacantes remotos eludir la Same Origin Policy a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat. • CWE-284: Improper Access Control •

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2016-1693 – chromium-browser: http download of software removal tool

https://notcve.org/view.php?id=CVE-2016-1693

browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session. browser/safe_browsing/srt_field_trial_win.cc en Google Chrome en versiones anteriores a 51.0.2704.63 no usa el servicio HTTPS en dl.google.com para obtener el Software Removal Tool, lo que permite a atacantes suplantar el archivo chrome_cleanup_tool.exe (también conocido como CCT) a través de un ataquie man-in-the-middle en una sesión HTTP. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 https://access.redhat.com/errata/RHSA-2016:1190 https://codereview& • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 1%CPEs: 12EXPL: 0

CVE-2016-1678 – chromium-browser: heap overflow in v8

https://notcve.org/view.php?id=CVE-2016-1678

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. objects.cc en Google V8 en versiones anteriores a 5.0.71.32, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, no restringe adecuadamente el empeoramiento descuidado, lo que permite a atacantes remotos provocar un denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblmente tener otro impacto no especificado a través de un código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 1%CPEs: 42EXPL: 0

CVE-2016-4448 – libxml2: Format string vulnerability

https://notcve.org/view.php?id=CVE-2016-4448

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.openwall.com/lists/oss-security/2016/05/25/2 http://www • CWE-134: Use of Externally-Controlled Format String •