Page 369 of 3300 results (0.014 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2017-15386 – chromium-browser: ui spoofing in blink

https://notcve.org/view.php?id=CVE-2017-15386

Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Una implementación incorrecta en Blink en Google Chrome, en versiones anteriores a la 62.0.3202.62, permitía que un atacante remoto suplante el contenido del Omnibox (barra de URL) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/752003 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-15386 https://bugzilla.redhat.com/show_bug.cgi?id=1503540 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0

CVE-2017-15388 – chromium-browser: out of bounds read in skia

https://notcve.org/view.php?id=CVE-2017-15388

Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. La iteración mediante puntos no finitos en Skia en Google Chrome, en versiones anteriores a la 62.0.3202.62, permitía que un atacante remoto realice una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/756563 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-15388 https://bugzilla.redhat.com/show_bug.cgi?id=1503543 • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-1206

https://notcve.org/view.php?id=CVE-2015-1206

Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file. Un desbordamiento de búfer basado en memoria dinámica (heap) en Google Chrome en versiones anteriores a M40 permite que atacantes remotos provoquen una denegación de servicio (escritura de memoria no paginada y cierre inesperado del proceso) mediante un archivo MP4 manipulado. • https://bugs.chromium.org/p/chromium/issues/detail?id=444522 https://bugs.chromium.org/p/chromium/issues/detail?id=453979 https://gist.github.com/bittorrent3389/8fee7cdaa73d1d351ee9 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0

CVE-2017-5122 – chromium-browser: out-of-bounds access in v8

https://notcve.org/view.php?id=CVE-2017-5122

Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. El uso incorrecto de la manipulación de tamaños de tabla en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.100 para Windows, permitía que un atacante remoto desencadenase un acceso fuera de límites mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100947 http://www.securitytracker.com/id/1039497 https://access.redhat.com/errata/RHSA-2017:2792 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html https://crbug.com/752423 https://security.gentoo.org/glsa/201709-25 https://access.redhat.com/security/cve/CVE-2017-5122 https://bugzilla.redhat.com/show_bug.cgi?id=1494392 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 4%CPEs: 9EXPL: 0

CVE-2017-5121 – chromium-browser: out-of-bounds access in v8

https://notcve.org/view.php?id=CVE-2017-5121

Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. El uso inapropiado de la optimización JIT en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.100 para Linux, Windows y Mac, permitía que un atacante remoto ejecutase código arbitrario en un espacio aislado o sandbox mediante una página HTML manipulada. Esto está relacionado con la fase de análisis de escape. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100947 http://www.securitytracker.com/id/1039497 https://access.redhat.com/errata/RHSA-2017:2792 https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html https://crbug.com/765433 https://security.gentoo.org/glsa/201709-25 https://access.redhat.com/security/cve/CVE-2017-5121 https:/ • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •