Page 361 of 2694 results (0.013 seconds)

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2017-15410 – chromium-browser: use after free in pdfium

https://notcve.org/view.php?id=CVE-2017-15410

Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Uso de memoria previamente liberada en PDFium en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. • https://access.redhat.com/errata/RHSA-2017:3401 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/765921 https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2017/dsa-4064 https://access.redhat.com/security/cve/CVE-2017-15410 https://bugzilla.redhat.com/show_bug.cgi?id=1523126 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2017-15413 – chromium-browser: type confusion in webassembly

https://notcve.org/view.php?id=CVE-2017-15413

Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Confusión de tipos en WebAssembly en V8 en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. • https://access.redhat.com/errata/RHSA-2017:3401 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/766666 https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2017/dsa-4064 https://access.redhat.com/security/cve/CVE-2017-15413 https://bugzilla.redhat.com/show_bug.cgi?id=1523129 • CWE-704: Incorrect Type Conversion or Cast •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2017-15419 – chromium-browser: cross origin leak of redirect url in blink

https://notcve.org/view.php?id=CVE-2017-15419

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page. Aplicación de políticas insuficiente en Resource Timing API in Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto dedujese el historial de navegación desencadenando una URL cross-origin filtrada mediante una página HTML manipulada. • https://access.redhat.com/errata/RHSA-2017:3401 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/780312 https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2017/dsa-4064 https://access.redhat.com/security/cve/CVE-2017-15419 https://bugzilla.redhat.com/show_bug.cgi?id=1523134 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2017-15408 – chromium-browser: heap buffer overflow in pdfium

https://notcve.org/view.php?id=CVE-2017-15408

Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium. Un desbordamiento de búfer basado en memoria dinámica (heap) en Omnibox en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese explotar una corrupción de heap mediante un archivo PDF manipulado que es gestionado erróneamente por PDFium. • https://access.redhat.com/errata/RHSA-2017:3401 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/762374 https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2017/dsa-4064 https://access.redhat.com/security/cve/CVE-2017-15408 https://bugzilla.redhat.com/show_bug.cgi?id=1523124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2017-15418 – chromium-browser: use of uninitialized value in skia

https://notcve.org/view.php?id=CVE-2017-15418

Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Uso de memoria no inicializada en Skia en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese obtener información potencialmente sensible del la memoria del proceso mediante una página HTML manipulada. • https://access.redhat.com/errata/RHSA-2017:3401 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/765858 https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2017/dsa-4064 https://access.redhat.com/security/cve/CVE-2017-15418 https://bugzilla.redhat.com/show_bug.cgi?id=1523133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •