Page 366 of 3346 results (0.013 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. Una implementación incorrecta del sandbox en Blink en Google Chrome, en versiones anteriores a la 62.0.3202.62, permitía que un atacante remoto inyecte scripts o HTML (UXSS) arbitrarios mediante una página MHTML manipulada. • https://www.exploit-db.com/exploits/45867 https://github.com/Bo0oM/CVE-2017-5124 http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://chromium.googlesource.com/chromium/src/+/4558c2885e618557a674660aff57404d25537070 https://crbug.com/762930 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://www.reddit.com/r/ne • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration. La validación de datos insuficiente en V8 en Google Chrome, en versiones anteriores a la 62.0.3202.62, permitía que un atacante que pueda escribir en Windows Registry pudiese explotar la corrupción de la memoria dinámica (heap) mediante una entrada manipulada al Windows Registry, relacionado con PlatformIntegration. • http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/714401 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-15392 https://bugzilla.redhat.com/show_bug.cgi?id=1503547 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0

Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de búfer basado en memoria dinámica (heap) en Skia en Google Chrome, en versiones anteriores a la 62.0.3202.62, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/749147 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-5125 https://bugzilla.redhat.com/show_bug.cgi?id=1503531 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. La aplicación de políticas insuficiente en Omnibox en Google Chrome, en versiones anteriores a la 62.0.3202.62, permite que un atacante remoto realice una suplantación de dominios mediante homógrafos IDN en un nombre de dominio manipulado. • http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/750239 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-15390 https://bugzilla.redhat.com/show_bug.cgi?id=1503545 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 2%CPEs: 3EXPL: 0

A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference. Un uso de memoria previamente liberada en Blink en Google Chrome, en versiones anteriores a la 62.0.3202.62, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Esto también se conoce como desreferencia de puntero NULL ImageCapture. • http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/759457 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-15395 https://bugzilla.redhat.com/show_bug.cgi?id=1503550 • CWE-416: Use After Free •