Page 308 of 3346 results (0.016 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page. La falta de codificación de URI de entrdas no fiables en DevTools en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto realizase un ataque de inyección de marcado colgante mediante una página HTML manipulada. • https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/895081 https://www.debian.org/security/2019/dsa-4395 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 3%CPEs: 7EXPL: 0

Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Asunciones de optimización incorrectas en Google Chrome, en sus versiones V8 anteriores a la 72.0.3626.81, permitía a un atacante remoto ejecutar código arbitrario dentro de un sandbox mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106767 https://access.redhat.com/errata/RHSA-2019:0309 https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/906043 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6 https://www.debian.org/security/2019/dsa-4395 https://access.redhat.com&# • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. El manejo incorrecto del código diferido en V8 en Google Chrome antes de 72.0.3626.96 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de una página HTML diseñada • https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/899689 https://access.redhat.com/security/cve/CVE-2019-5785 https://bugzilla.redhat.com/show_bug.cgi?id=1676991 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Una asunción de tipo de objeto incorrecta en SVG en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto explotar la corrupción de objectos mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106767 https://access.redhat.com/errata/RHSA-2019:0309 https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/915469 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6 https://www.debian.org/security/2019/dsa-4395 https://access.redhat.com&# • CWE-704: Incorrect Type Conversion or Cast •

CVSS: 9.6EPSS: 2%CPEs: 9EXPL: 0

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. La gestión de un ciclo de vida incorrecta en HTML en determinados elementos en Google Chrome, Android o Mac, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto realizar un escape de sandbox mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106767 https://access.redhat.com/errata/RHSA-2019:0309 https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/912211 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6 https://www.debian.org/security/2019/dsa-4395 https://access.redhat.com&# • CWE-416: Use After Free •