Page 291 of 3305 results (0.019 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-13662 – chromium-browser: CSP bypass

https://notcve.org/view.php?id=CVE-2019-13662

Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. Una aplicación de política insuficiente en navigations en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto omitir la política de seguridad de contenido por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html https://crbug.com/967780 https://access.redhat.com/security/cve/CVE-2019-13662 https://bugzilla.redhat.com/show_bug.cgi?id=1762383 • CWE-276: Incorrect Default Permissions •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-13698 – Google Chromium RegExpReplace Type Confusion Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2019-13698

Out of bounds memory access in JavaScript in Google Chrome prior to 73.0.3683.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un acceso a la memoria fuera de límites en JavaScript en Google Chrome versiones anteriores a 73.0.3683.103, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chromium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the JavaScript RegExp.replace method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. • https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop.html https://crbug.com/944971 • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0

CVE-2019-8075 – flash-plugin: Same origin policy bypass leading to information disclosure

https://notcve.org/view.php?id=CVE-2019-8075

Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. Adobe Flash Player versión 32.0.0.192 y versiones anteriores, presentan una vulnerabilidad de Omisión de la Política del Mismo Origen. Su explotación con éxito podría conllevar a una divulgación de información en el contexto del usuario actual. • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html https://crbug.com/945997 https://helpx.adobe.com/security/products/flash-player/apsb19-30.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AB2XOYF26EBHJEI6LXCBL32TGZM7UHQ4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW https://www.debian.org/security/2021/dsa-4824 https://access.redhat.com/security/cve/CVE •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-5869 – chromium-browser: Use-after-free in Blink

https://notcve.org/view.php?id=CVE-2019-5869

Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Blink en Google Chrome versiones anteriores a 76.0.3809.132, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2019/08/stable-channel-update-for-desktop_26.html https://crbug.com/978793 https://access.redhat.com/security/cve/CVE-2019-5869 https://bugzilla.redhat.com/show_bug.cgi?id=1748221 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 63%CPEs: 1EXPL: 4

CVE-2019-5825 – Google Chromium V8 Out-of-Bounds Write Vulnerability

https://notcve.org/view.php?id=CVE-2019-5825

Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una escritura fuera de límites en JavaScript en Google Chrome versiones anteriores a 73.0.3683.86, permitió a un atacante remoto, explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://www.exploit-db.com/exploits/48183 https://github.com/timwr/CVE-2019-5825 http://packetstormsecurity.com/files/156641/Google-Chrome-72-73-Array.map-Corruption.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html https://crbug.com/941743 https://access.redhat.com/security/cve/CVE-2019-5825 https://bugzilla.redhat.com/show_bug.cgi?id=1707247 https://bugs.chromium.org/p/chromium/issues/detail?id=941743 https://github.com/exodusintel/Chro • CWE-787: Out-of-bounds Write •