Page 197 of 2390 results (0.025 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

05 Dec 2016 — PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file. PDFium en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android maneja incorrectamente la navegación en PDFs, lo que permitió a un atacante remoto leer archivos locales a través de un archivo PDF manipulado. Chromium is an open-source web browser, pow... • http://rhn.redhat.com/errata/RHSA-2016-2919.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

05 Dec 2016 — A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. Un ataque de tiempo en aritmética de punto flotante desnormalizada en filtros SVG en Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante eludir la Same Origin Policy a través de ... • http://rhn.redhat.com/errata/RHSA-2016-2919.html • CWE-189: Numeric Errors •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

05 Dec 2016 — Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page. Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android manejó incorrectamente acciones de formularios, lo que permitió a un atacante remoto eludir la Content Security Policy a través de una página HTML manipulada. Multiple vulnerabilities ... • http://rhn.redhat.com/errata/RHSA-2016-2919.html • CWE-19: Data Processing Errors •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

05 Dec 2016 — Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page. Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android maneja iframes incorrectamente, lo que permitió a un atacante remoto eludir una política no referida a través de una página HTML manipulada. Multiple vulnerabilities were discovered in Chromiu... • http://rhn.redhat.com/errata/RHSA-2016-2919.html • CWE-19: Data Processing Errors •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0

05 Dec 2016 — Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page. Confusión de tipo en libGLESv2 en ANGLE en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android posiblemente permitió a un atacante remoto eludir la validación del búfer a través de una página HTML manipulada. Multiple vulnerabilities were discovered i... • http://rhn.redhat.com/errata/RHSA-2016-2919.html • CWE-190: Integer Overflow or Wraparound •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

05 Dec 2016 — Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. La filtración de un árbol de sombra SVG dando lugar a corrupción del árbol DOM en Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto inyectar secuencias de comandos ... • http://rhn.redhat.com/errata/RHSA-2016-2919.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

05 Dec 2016 — A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso después de liberación de memoria en V8 en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto explotar potencialmente corrupción de memoria a través de una página HTML manipulada. Multiple vulnerabilities were discovered ... • http://rhn.redhat.com/errata/RHSA-2016-2919.html • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

05 Dec 2016 — Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. Blink en Google Chrome anterior a 55.0.2883.75 para Linux y Windows y 55.0.2883.84 para Android permitió una posible corrupción del árbol DOM durante el manejo del evento sincronizado, lo que permitió a un atacante remoto inyectar secue... • http://rhn.redhat.com/errata/RHSA-2016-2919.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

05 Dec 2016 — Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page. Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android desinfecta insuficientemente URLs DevTools, lo que permitió a un atacante remoto leer archivos locales a través de una página HTML manipulada. Multiple vulnerabilities were discovered in Chromium. If a user wer... • http://rhn.redhat.com/errata/RHSA-2016-2919.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

05 Dec 2016 — Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75. múltiples vulnerabilidades no especificadas en Google Chrome anterior a la versión 55,0,2883,75 Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL, bypass same origin restrictions, cause a denial of servi... • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html •