CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2016-1697 – chromium-browser: cross-origin bypass in blink
https://notcve.org/view.php?id=CVE-2016-1697
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. La funciónFrameLoader::startLoad en WebKit/Source/core/loader/FrameLoader.cpp en Blink, como es usada en Google Chrome en versiones anteriores a 51.0.2704.79, no impide marcos de navegación durante las operaciones de separación DocumentLoader, lo que permite a atacantes remotos eludir la Same Origin Policy a través de código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3594 http://www.securitytracker.com/id/1036026 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat.com/errata/RHSA-2016:1201 https://codereview&# • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 2%CPEs: 11EXPL: 0CVE-2016-1699 – Trend Micro Maximum Security Regex Matching Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1699
WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL. WebKit/Source/devtools/front_end/devtools.js en el subsistema Developer Tools (también conocido como DevTools) en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 51.0.2704.79, no asegura que el parámetro remoteFrontendUrl esté asociado con una URL chrome-devtools-frontend.appspot.com, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso a través de una URL manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Maximum Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the analysis of web pages. By performing actions in script matching a large array against a RegEx, an attacker can cause a pointer to be reused after it has been freed. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3594 http://www.securitytracker.com/id/1036026 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat.com/errata/RHSA-2016:1201 https://codereview&# • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-1698 – chromium-browser: information leak in extension bindings
https://notcve.org/view.php?id=CVE-2016-1698
The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition. La función createCustomType en extensions/renderer/resources/binding.js en las extensiones vinculantes en Google Chrome en versiones anteriores a 51.0.2704.79 no valida los tipos de módulos, lo que podría permitir a atacantes cargar módulos arbitrarios u obtener información sensible aprovechando una definición trampa. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3594 http://www.securitytracker.com/id/1036026 https://access.redhat.com/errata/RHSA-2016:1201 https://codereview.chromium.org/1912783002 https://crbug.com/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2016-5126 – Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl
https://notcve.org/view.php?id=CVE-2016-5126
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. Desbordamiento de buffer basado en memoria dinámica en la función iscsi_aio_ioctl en block/iscsi.c en QEMU permite a usuarios locales del SO invitado provocar una denegación de servicio (caída del proceso QEMU) o posiblemente ejecutar código arbitrario a través de una llamada iSCSI ioctl I/O asíncrona manipulada. Quick Emulator(QEMU) built with the Block driver for iSCSI images support (virtio-blk) is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl(2) calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in denial of service, or potentially leverage it to execute arbitrary code with QEMU-process privileges on the host. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a6b3167fa0e825aebb5a7cd8b437b6d41584a196 http://rhn.redhat.com/errata/RHSA-2016-1606.html http://rhn.redhat.com/errata/RHSA-2016-1607.html http://rhn.redhat.com/errata/RHSA-2016-1653.html http://rhn.redhat.com/errata/RHSA-2016-1654.html http://rhn.redhat.com/errata/RHSA-2016-1655.html http://rhn.redhat.com/errata/RHSA-2016-1756.html http://rhn.redhat.com/errata/RHSA-2016-1763.html http://www.openwall.com/lists/oss-secu • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 0CVE-2016-1679 – chromium-browser: heap use-after-free in v8 bindings
https://notcve.org/view.php?id=CVE-2016-1679
The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code. La función ToV8Value en content/child/v8_value_converter_impl.cc en los vínculos V8 en Google Chrome en versiones anteriores a 51.0.2704.63 no restringe adecuadamente el uso de captadores y definidores, lo que permite a atacantes remotos provocar una denegación del sistema (uso después de liberación de memoria) o posiblemente tener otro impacto no especificado a través de un código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat. •