Page 366 of 2724 results (0.015 seconds)

CVSS: 6.5EPSS: 2%CPEs: 3EXPL: 0

A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference. Un uso de memoria previamente liberada en Blink en Google Chrome, en versiones anteriores a la 62.0.3202.62, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Esto también se conoce como desreferencia de puntero NULL ImageCapture. • http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/759457 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-15395 https://bugzilla.redhat.com/show_bug.cgi?id=1503550 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. Un desbordamiento de enteros en xmlmemory.c en versiones anteriores a la 2.9.5 de libxml2, tal y como se emplea en Google Chrome, en versiones anteriores a la 62.0.3202.62 y en otros productos, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante un archivo XML manipulado. A heap overflow flaw was found in the libxml2 library. An application compiled with libxml2 using the vulnerable debug-only function xmlMemoryStrdup could be used by an attacker to crash the application or execute arbitrary code with the permission of the user running the application. • http://bugzilla.gnome.org/show_bug.cgi?id=783026 http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/722079 https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html https://security.gentoo. • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0

A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en WebAudio en Blink en Google Chrome, en versiones anteriores a la 62.0.3202.62, permitía que un atacante remoto realice una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/765495 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-5129 https://bugzilla.redhat.com/show_bug.cgi?id=1503535 • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension. La aplicación de políticas insuficiente en Extensions en Google Chrome, en versiones anteriores a la 62.0.3202.62, permite que un atacante remoto realice una suplantación de dominios en diálogos de permiso mediante homógrafos IDN en una Extensión Chrome manipulada. • https://github.com/sudosammy/CVE-2017-15394 http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/745580 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-15394 https://bugzilla.redhat.com/show_bug.cgi?id=1503549 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0

An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write. Un desbordamiento de enteros en Skia en Google Chrome, en versiones anteriores a la 62.0.3202.62, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Esto también se conoce como escritura fuera de límites. • http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/744109 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-5131 https://bugzilla.redhat.com/show_bug.cgi?id=1503538 • CWE-190: Integer Overflow or Wraparound •