Page 364 of 3346 results (0.012 seconds)

CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Uso de memoria previamente liberada en libxml2 en versiones anteriores a la 2.9.5, tal y como se emplea en Google Chrome en versiones anteriores a la 63.0.3239.84 y otros productos, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file. • http://www.securitytracker.com/id/1040348 https://access.redhat.com/errata/RHSA-2017:3401 https://access.redhat.com/errata/RHSA-2018:0287 https://bugzilla.gnome.org/show_bug.cgi?id=783160 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/727039 https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2018/dsa-4086 https://access.redhat. • CWE-416: Use After Free •

CVSS: 9.6EPSS: 2%CPEs: 5EXPL: 0

Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server. Una escritura fuera de límites en la pila de networking QUIC en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese ejecutar código mediante un servidor malicioso. • https://access.redhat.com/errata/RHSA-2017:3401 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/778505 https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2017/dsa-4064 https://access.redhat.com/security/cve/CVE-2017-15407 https://bugzilla.redhat.com/show_bug.cgi?id=1523123 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium. Un desbordamiento de búfer basado en memoria dinámica (heap) en Omnibox en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese explotar una corrupción de heap mediante un archivo PDF manipulado que es gestionado erróneamente por PDFium. • https://access.redhat.com/errata/RHSA-2017:3401 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/762374 https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2017/dsa-4064 https://access.redhat.com/security/cve/CVE-2017-15408 https://bugzilla.redhat.com/show_bug.cgi?id=1523124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Uso de memoria previamente liberada en PDFium en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. • https://access.redhat.com/errata/RHSA-2017:3401 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/765921 https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2017/dsa-4064 https://access.redhat.com/security/cve/CVE-2017-15410 https://bugzilla.redhat.com/show_bug.cgi?id=1523126 • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. La gestión incorrecta de la navegación hacia atrás en las páginas de error en Navigation en Google Chrome, en versiones anteriores a la 63.0.3239.84, permitía que un atacante remoto suplantase el contenido de Omnibox mediante una página HTML manipulada. • http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2017:3401 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/777419 https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2017/dsa-4064 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2017-15420 https://bugzilla.redhat.com/show_bug.cgi?id=1523135 • CWE-20: Improper Input Validation •