Page 357 of 2390 results (0.014 seconds)

CVSS: 6.5EPSS: 2%CPEs: 6EXPL: 0

Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un desbordamiento de búfer basado en memoria dinámica (heap) en WebGL en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/774174 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6038 https://bugzilla.redhat.com/show_bug.cgi?id=1538510 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0

Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page. Validación de datos insuficiente en External Protocol Handler en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto ejecute programas arbitrarios en la máquina del usuario mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/785809 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6043 https://bugzilla.redhat.com/show_bug.cgi?id=1538515 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page. Aplicación de políticas insuficiente en Blink en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase información de referrer mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/763194 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6048 https://bugzilla.redhat.com/show_bug.cgi?id=1538519 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. La falta de soporte para un valor de política no-referrer no estándar, no-referrer en Blink en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto obtuviese detalles de referrer de una página web que pensaba que había rechazado el envío de datos de referrer. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/615608 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6052 https://bugzilla.redhat.com/show_bug.cgi?id=1538524 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0

Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Uso de memoria previamente liberada en WebUI en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una extensión de Chrome manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/797511 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6054 https://bugzilla.redhat.com/show_bug.cgi?id=1538526 • CWE-416: Use After Free •