Page 184 of 1428 results (0.018 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2016-1665 – chromium-browser: information leak in v8

https://notcve.org/view.php?id=CVE-2016-1665

The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code. La clase JSGenericLowering en compiler/js-generic-lowering.cc en Google V8, tal como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.94, no maneja correctamente los operadores de comparación, lo que permite a atacantes remotos obtener información sensible a través de código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html http://rhn.redhat.com/errata/RHSA-2016-0707.html http://www.debian.org/security/2016/dsa-3564 http://www.securityfocus.co • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2016-1664 – chromium-browser: address bar spoofing

https://notcve.org/view.php?id=CVE-2016-1664

The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site. La función HistoryController::UpdateForCommit en content/renderer/history_controller.cc en Google Chrome en versiones anteriores a 50.0.2661.94 no maneja correctamente la interacción entre las navegaciones hacia delante del submarco y otras navegaciones hacia delante, lo que permite a atacantes remotos lo que permite a atacantes remotos suplantar la barra de dirección a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html http://rhn.redhat.com/errata/RHSA-2016-0707.html http://www.debian.org/security/2016/dsa-3564 http://www.securityfocus.co • CWE-254: 7PK - Security Features •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2016-1666 – chromium-browser: various fixes from internal audits

https://notcve.org/view.php?id=CVE-2016-1666

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 50.0.2661.94 permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html http://rhn.redhat.com/errata/RHSA-2016-0707.html http://www.debian.org/security/2016/dsa-3564 http://www.securityfocus.co •

CVSS: 5.3EPSS: 0%CPEs: 125EXPL: 0

CVE-2016-2518 – ntp: out-of-bounds references on crafted packet

https://notcve.org/view.php?id=CVE-2016-2518

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. La función MATCH_ASSOC en NTP en versiones anteriores 4.2.8p9 y 4.3.x en versiones anteriores a 4.3.92 permite a atacantes remotos provocar una referencia fuera de los límites a través de una solicitud addpeer con un valor hmode grande. An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016& • CWE-125: Out-of-bounds Read •

CVSS: 6.8EPSS: 1%CPEs: 37EXPL: 0

CVE-2016-0264 – JDK: buffer overflow vulnerability in the IBM JVM

https://notcve.org/view.php?id=CVE-2016-0264

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP25 (6.0.16.25), 6 R1 en versiones anteriores a SR8 FP25 (6.1.8.25), 7 en versiones anteriores a SR9 FP40 (7.0.9.40), 7 R1 en versiones anteriores a SR3 FP40 (7.1.3.40) y 8 en versiones anteriores a SR3 (8.0.3.0) permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2016-05 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •