CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6141 – chromium-browser: Heap buffer overflow in Skia
https://notcve.org/view.php?id=CVE-2018-6141
Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. La validación insuficiente de un filtro de imagen en Skia en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto, que hubiese comprometido el proceso renderer, pudiese realizar una escritura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/104309 http://www.securitytracker.com/id/1041014 https://access.redhat.com/errata/RHSA-2018:1815 https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/796107 https://www.debian.org/security/2018/dsa-4237 https://access.redhat.com/security/cve/CVE-2018-6141 https://bugzilla.redhat.com/show_bug.cgi?id=1584052 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6142 – chromium-browser: Out of bounds memory access in V8
https://notcve.org/view.php?id=CVE-2018-6142
Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. el fallo en la verificación de los límites de la matriz en V8 en Google Chrome antes de 67.0.3396.62 permitió a un atacante remoto realizar una lectura de memoria fuera de los límites a través de un archivo PDF diseñado. • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/837939 https://access.redhat.com/security/cve/CVE-2018-6142 https://bugzilla.redhat.com/show_bug.cgi?id=1584054 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 2%CPEs: 5EXPL: 0CVE-2018-6143 – chromium-browser: Out of bounds memory access in V8
https://notcve.org/view.php?id=CVE-2018-6143
Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Validación insuficiente en V8 en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/104309 http://www.securitytracker.com/id/1041014 https://access.redhat.com/errata/RHSA-2018:1815 https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/843022 https://www.debian.org/security/2018/dsa-4237 https://access.redhat.com/security/cve/CVE-2018-6143 https://bugzilla.redhat.com/show_bug.cgi?id=1584055 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6144 – chromium-browser: Out of bounds memory access in PDFium
https://notcve.org/view.php?id=CVE-2018-6144
Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. Un error por un paso en PDFium en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto pudiese realizar una escritura de memoria fuera de límites mediante un archivo PDF manipulado. • http://www.securityfocus.com/bid/104309 http://www.securitytracker.com/id/1041014 https://access.redhat.com/errata/RHSA-2018:1815 https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/828049 https://www.debian.org/security/2018/dsa-4237 https://access.redhat.com/security/cve/CVE-2018-6144 https://bugzilla.redhat.com/show_bug.cgi?id=1584056 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6145 – chromium-browser: Incorrect escaping of MathML in Blink
https://notcve.org/view.php?id=CVE-2018-6145
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Una validación de datos insuficiente en el analizador de HTML en Google Chrome antes de 67.0.3396.62 permitió que un atacante remoto pasara por alto la misma política de origen a través de una página HTML diseñada. • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/805924 https://access.redhat.com/security/cve/CVE-2018-6145 https://bugzilla.redhat.com/show_bug.cgi?id=1584057 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •