CVSS: 8.8EPSS: 2%CPEs: 12EXPL: 0CVE-2017-5029 – chromium-browser: integer overflow in libxslt
https://notcve.org/view.php?id=CVE-2017-5029
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. La función xsltAddTextString en transform.c en libxslt 1.1.29, tal como se utiliza en Blink en Google Chrome anteriores a 57.0.2987.98 para Mac, Windows y Linux y 57.0.2987.108 para Android, carecía de una comprobación de desbordamiento de entero durante un cálculo de tamaño, lo que permite a un atacante remoto realizar una escritura de memoria fuera de límites a través de una página HTML diseñada. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 http://www.securitytracker.com/id/1038157 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/676623 https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5 https://access.redhat.com/security/cve/CVE-2017-5029 https://bugzilla.redhat.com/show_bug.cgi?id=1431033 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5041 – chromium-browser: address spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5041
Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page. Google Chrome versiones anteriores a 57.0.2987.100 gestiona incorrectamente las acciones ir adelante/atrás en la navegación lo que permitiría a un atacante remoto mostrar información incorrecta de un sitio a través de una página HTML especialmente diseñada. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/642490 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5041 https://bugzilla.redhat.com/show_bug.cgi?id=1431041 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5042 – chromium-browser: incorrect handling of cookies in cast
https://notcve.org/view.php?id=CVE-2017-5042
Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent. Cast en Google Chrome versiones anteriores a 57.0.2987.98 para Mac, Windows y Linux y versión 57.0.2987.108 para Android envía cookies a sitios descubiertos a través de SSDP, hecho que permitiría a un atacante en el segmento de red local iniciar conexiones a URLs arbitrarias pudiendo observar en texto plano cualquier cookie enviada. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/671932 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5042 https://bugzilla.redhat.com/show_bug.cgi?id=1431043 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2017-5039 – chromium-browser: use after free in pdfium
https://notcve.org/view.php?id=CVE-2017-5039
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Un uso después de liberación en PDFium de Google Chrome versiones anteriores a 57.0.2987.98 para Mac, Windows y Linux y versión 57.0.2987.108 para Android permitiría a un usuario remoto provocar una corrupción de memoria dinámica (heap) a través de una archivo PDF especialmente diseñado. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/679649 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5039 https://bugzilla.redhat.com/show_bug.cgi?id=1431039 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2017-5036 – chromium-browser: use after free in pdfium
https://notcve.org/view.php?id=CVE-2017-5036
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file. Un uso después de liberación en PDFium de Google Chrome versiones anteriores a 57.0.2987.98 para Mac, Windows y Linux y versión 57.0.2987.108 para Android, permitiría a un usuario remoto provocar un impacto indefinido a través de un archivo PDF especialmente diseñado. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/691371 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5036 https://bugzilla.redhat.com/show_bug.cgi?id=1431037 • CWE-416: Use After Free •