Page 369 of 2459 results (0.005 seconds)

CVSS: 8.8EPSS: 4%CPEs: 9EXPL: 0

Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. El uso inapropiado de la optimización JIT en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.100 para Linux, Windows y Mac, permitía que un atacante remoto ejecutase código arbitrario en un espacio aislado o sandbox mediante una página HTML manipulada. Esto está relacionado con la fase de análisis de escape. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100947 http://www.securitytracker.com/id/1039497 https://access.redhat.com/errata/RHSA-2017:2792 https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html https://crbug.com/765433 https://security.gentoo.org/glsa/201709-25 https://access.redhat.com/security/cve/CVE-2017-5121 https:/ • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0

Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. El uso incorrecto de la manipulación de tamaños de tabla en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.100 para Windows, permitía que un atacante remoto desencadenase un acceso fuera de límites mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100947 http://www.securitytracker.com/id/1039497 https://access.redhat.com/errata/RHSA-2017:2792 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html https://crbug.com/752423 https://security.gentoo.org/glsa/201709-25 https://access.redhat.com/security/cve/CVE-2017-5122 https://bugzilla.redhat.com/show_bug.cgi?id=1494392 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 0

Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento aritmético en Skia en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, windows y Linux y a la 61.0.3163.81 para Android, permitía que un atacante remoto pudiese explotar una corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/747043 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5113 https://bugzilla.redhat.com/show_bug.cgi?id=1488774 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0

A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. Un uso de memoria previamente liberada en PDFium en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Linux, Windows y Mac, permitía que un atacante remoto pudiese explotar una corrupción de memoria mediante un archivo PDF manipulado. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/737023 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5111 https://bugzilla.redhat.com/show_bug.cgi?id=1488772 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 14%CPEs: 11EXPL: 0

Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, Windows y Linux y a la 61.0.3163.81 para Android, permitía que un atacante remoto ejecutase código arbitrario dentro de un espacio aislado o sandbox mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/759624 https://security.gentoo.org/glsa/201709-15 https://security.googleblog.com/2018/01/android-security-ecosystem-investments.html https://access.redhat.com/security/cve/CVE-2017-5116 https://bugzilla.redha • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •