Page 385 of 3354 results (0.010 seconds)

CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0

A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en Blink en Google Chrome, en versiones anteriores a la 57.0.2987.133 para Linux, Windows y Mac y a la 57.0.2987.132 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97220 http://www.securitytracker.com/id/1038623 https://access.redhat.com/errata/RHSA-2017:0860 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html https://crbug.com/705445 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5056 https://bugzilla.redhat.com/show_bug.cgi?id=1437352 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 2%CPEs: 12EXPL: 0

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. La función xsltAddTextString en transform.c en libxslt 1.1.29, tal como se utiliza en Blink en Google Chrome anteriores a 57.0.2987.98 para Mac, Windows y Linux y 57.0.2987.108 para Android, carecía de una comprobación de desbordamiento de entero durante un cálculo de tamaño, lo que permite a un atacante remoto realizar una escritura de memoria fuera de límites a través de una página HTML diseñada. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 http://www.securitytracker.com/id/1038157 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/676623 https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5 https://access.redhat.com/security/cve/CVE-2017-5029 https://bugzilla.redhat.com/show_bug.cgi?id=1431033 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 75%CPEs: 11EXPL: 1

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page. El manejo incorrecto de especies complejas en V8 de Google Chrome anteriores a 57.0.2987.98 para Linux, Windows y Mac y 57.0.2987.108 para Android permitió a un atacante remoto ejecutar código arbitrario a través de una página HTML especialmente diseñada. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony X800G Smart TV. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of arrays in Vewd. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/682194 https://security.gentoo.org/glsa/201704-02 https://www.zerodayinitiative.com/advisories/ZDI-20-126 https://access.redhat.com/security/cve/CVE-2017-5030 https://bugzilla.redhat.com/show_bug.cgi?id=1431030 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0

A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso después de su liberación de ANGLE en Google Chrome anteriores a 57.0.2987.98 para Windows permitió a un atacante remoto realizar una lectura de memoria fuera de límites a través de una página HTML diseñada especialmente. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 http://www.securityfocus.com/bid/98326 https://bugzilla.mozilla.org/show_bug.cgi?id=1328762 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/682020 https://security.gentoo.org/glsa/201704-02 https://www.mozilla.org/security/advisories/mfsa2017-14 https://access.redhat.com/security/cve/CVE&# • CWE-416: Use After Free •

CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0

PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. PDFium en Google Chrome anteriores a 57.0.2987.98 para Windows podría incrementar del final de un búfer, lo que permite a un atacante remoto realizar corrupción de pila heap a través de un archivo PDF especialmente elaborado. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/668724 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5032 https://bugzilla.redhat.com/show_bug.cgi?id=1431032 • CWE-787: Out-of-bounds Write •