Page 370 of 3346 results (0.007 seconds)

CVSS: 8.8EPSS: 4%CPEs: 9EXPL: 0

Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. El uso inapropiado de la optimización JIT en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.100 para Linux, Windows y Mac, permitía que un atacante remoto ejecutase código arbitrario en un espacio aislado o sandbox mediante una página HTML manipulada. Esto está relacionado con la fase de análisis de escape. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100947 http://www.securitytracker.com/id/1039497 https://access.redhat.com/errata/RHSA-2017:2792 https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html https://crbug.com/765433 https://security.gentoo.org/glsa/201709-25 https://access.redhat.com/security/cve/CVE-2017-5121 https:/ • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0

Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. El uso incorrecto de la manipulación de tamaños de tabla en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.100 para Windows, permitía que un atacante remoto desencadenase un acceso fuera de límites mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100947 http://www.securitytracker.com/id/1039497 https://access.redhat.com/errata/RHSA-2017:2792 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html https://crbug.com/752423 https://security.gentoo.org/glsa/201709-25 https://access.redhat.com/security/cve/CVE-2017-5122 https://bugzilla.redhat.com/show_bug.cgi?id=1494392 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 27%CPEs: 2EXPL: 0

Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Un desbordamiento de búfer basado en memoria dinámica (heap) en WebGL en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Windows, permitía que un atacante remoto ejecutase código arbitrario en un espacio aislado o sandbox mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/740603 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5112 https://bugzilla.redhat.com/show_bug.cgi?id=1488773 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0

Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. El uso incorrecto de asignaciones de particiones en PDFium en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Linux, Windows y Mac y a la 61.0.3163.81 para Android, permitía que un atacante remoto pudiese explotar una corrupción de memoria mediante un archivo PDF manipulado. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/752829 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5114 https://bugzilla.redhat.com/show_bug.cgi?id=1488775 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0

Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring). El uso incorrecto de redirecciones no coincidentes de www en la navegación por el explorador en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, Windows y Linux y a la 61.0.3163.81 para Android, permitía que un atacante remoto degradase las peticiones HTTPS a HTTP mediante una página HTML manipulada. En otras palabras, Chrome podría transmitir texto en claro incluso aunque el usuario hubiese introducido una URL https. Esto se debe a un método alternativo mal diseñado para los casos en los que el nombre de dominio en una URL casi coincide con el nombre de dominio en un certificado del servidor X.509 (pero difiere en la subcadena "www." inicial). • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/718676 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5120 https://bugzilla.redhat.com/show_bug.cgi?id=1488782 •