Page 300 of 3305 results (0.030 seconds)

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. La validación excesiva de datos en el analizador de URL en Google Chrome anterior a la versión 75.0.3770.80 permitió que un atacante remoto convenciera a un usuario de introducir una URL para omitir la validación de URL del sitio web a través de una URL diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/925614 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 3%CPEs: 8EXPL: 0

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El error en el paso de parámetros en los medios en Google Chrome antes de 74.0.3729.131 permitió a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html https://crbug.com/948564 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://www.debian.org/security/2019/dsa-4500 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 1

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El desbordamiento de enteros en SQLite a través de WebSQL en Google Chrome antes de 74.0.3729.131 permitió que un atacante remoto pudiera explotar la corrupción del heap a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html https://crbug.com/952406 https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/ • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La aplicación insuficiente de políticas en Blink en Google Chrome antes de 74.0.3729.108 permitió a un atacante remoto filtrar datos de cross-origin a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html https://crbug.com/930057 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 htt • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Los datos no inicializados en medios en Google Chrome antes del 74.0.3729.108 permitieron a un atacante remoto obtener información potencialmente sensible de la memoria de proceso a través de un archivo de video creado • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html https://crbug.com/929962 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 htt • CWE-908: Use of Uninitialized Resource •