Page 355 of 3369 results (0.011 seconds)

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2018-6072 – chromium-browser: integer overflow in pdfium

https://notcve.org/view.php?id=CVE-2018-6072

An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Un desbordamiento de enteros que conduce a un uso de memoria previamente liberada en PDFium en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/791048 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6072 https://bugzilla.redhat.com/show_bug.cgi?id=1552489 • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0

CVE-2018-6075 – chromium-browser: overly permissive cross origin downloads

https://notcve.org/view.php?id=CVE-2018-6075

Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction. El manejo incorrecto de nombres de archivo especificados en las descargas de archivo en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto filtrase datos de orígenes cruzados mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/608669 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6075 https://bugzilla.redhat.com/show_bug.cgi?id=1552492 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-6080 – chromium-browser: information disclosure in ipc call

https://notcve.org/view.php?id=CVE-2018-6080

Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . La falta de comprobaciones de control de acceso en Instrumentation en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto que había comprometido el proceso renderer obtuviese metadatos de la memoria de procesos privilegiados. Chromium suffers from an information disclosure vulnerability via the memory_instrumentation::mojom::Coordinator interface in the resource_coordinator service. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/792028 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6080 https://bugzilla.redhat.com/show_bug.cgi?id=1552497 • CWE-269: Improper Privilege Management •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2018-6063 – chromium-browser: incorrect permissions on shared memory

https://notcve.org/view.php?id=CVE-2018-6063

Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. El uso incorrecto de mojo::WrapSharedMemoryHandle en Mojo en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto que hubiese comprometido el proceso renderer pudiese realizar una escritura de memoria fuera de límites mediante una página HTML manipulada. Chromium suffers from an issue where calling mojo::WrapSharedMemoryHandle is insufficient to produce read-only descriptors for IPC. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/792900 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6063 https://bugzilla.redhat.com/show_bug.cgi?id=1552480 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2018-6057 – chromium-browser: incorrect permissions on shared memory

https://notcve.org/view.php?id=CVE-2018-6057

Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page. La falta de una convención especial de Android ashmem en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto que había comprometido el proceso renderer omitiese las garantías de solo lectura del proceso intermedio mediante una página HTML manipulada. Chromium suffers from an issues where read-only SharedMemory descriptors on Android are writable. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/789959 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6057 https://bugzilla.redhat.com/show_bug.cgi?id=1552479 • CWE-732: Incorrect Permission Assignment for Critical Resource •