Page 201 of 2778 results (0.018 seconds)

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

18 Oct 2016 — Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages. Blink en Google Chrome en versiones previas a 54.0.2840.59 para Windows, Mac y Linux; 54.0.2840.85 para Android tiene una validación insuficiente en el manejo de bitmap, lo que permite a un atacante remoto explotar potencialmente una corrupción de memoria a través de pá... • http://rhn.redhat.com/errata/RHSA-2016-2067.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

18 Oct 2016 — Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages. Google Chrome en versiones previas a 54.0 para iOS tiene una validación insuficiente de URLs para windows en ventanas abiertas por DOM, lo que permite a un atacante remoto eludir restricciones de navegación a ciertos esquemas de URL a través de páginas HTML manipuladas. Chromium is an open-source w... • http://rhn.redhat.com/errata/RHSA-2016-2067.html • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

18 Oct 2016 — PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files. PDFium en Google Chrome en versiones previas a 54.0.2840.59 para Windows, Mac y Linux; 54.0.2840.85 para Android maneja incorrectamente los ciclos de vida de objetos en CFFL_FormFillter::KillFocusForAnnot, lo que permite a un atacante remot... • http://rhn.redhat.com/errata/RHSA-2016-2067.html • CWE-416: Use After Free •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

18 Oct 2016 — Unspecified vulnerabilities in Google Chrome before 54.0.2840.59. Vulnerabilidades no especificadas en Google Chrome versiones anteriores a la versión 54.0.2840.59. It was discovered that a long running unload handler could cause an incognito profile to be reused in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. Multiple security vulnerabilities were discovered in Chromium. • https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

14 Oct 2016 — SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation. SHA-1 no es resistente a la colisión, lo que facilita a atacantes dependientes del contexto llevar a cabo ataques de espionaje, como es demostrado por ataques en el uso d... • http://ia.cr/2007/474 • CWE-326: Inadequate Encryption Strength •

CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0

05 Oct 2016 — Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 53.0.2785.143 permiten a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted... • http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0

05 Oct 2016 — Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de linberación en V8 en Google Chrome anterior a la versión 53.0.2785.143, permite a atacantes remotos provocar una denegación de servicio (bloqueo) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. A use-after-free was discovered in the V8 bindings ... • http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

29 Sep 2016 — Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. Google Chrome en versiones anteriores a 53.0.2785.113 permite a atacantes remotos eludir el mecanismo de protección SafeBrowsing a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2016-1905.html • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

25 Sep 2016 — Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message. Google Chrome en versiones anteriores a 53.0.2785.113 no asegura... • http://rhn.redhat.com/errata/RHSA-2016-1905.html • CWE-476: NULL Pointer Dereference •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

16 Sep 2016 — WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code. WebKit/Source/bendengs/templates/enterface.cpp en Blink, como se usa en Google Chrome en versiones anteriores a 53.0.2785.113, no previene ciertas llamadas de constructor, lo que permite a atacantes remotos provocar u... • http://rhn.redhat.com/errata/RHSA-2016-1905.html • CWE-416: Use After Free •