Page 387 of 2511 results (0.007 seconds)

CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. Un desbordamiento de entero en FFmpeg de Google Chrome versiones anteriores a 57.0.2987.98 para Mac, Windows, y Linux y versión 57.0.2987.108 para Android permitiría a un atacante remoto escribir fuera de los límites de memoria a través de un archivo de vídeo especialmente diseñado. Relacionado con ChunkDemuxer. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/679640 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5037 https://bugzilla.redhat.com/show_bug.cgi?id=1431038 • CWE-190: Integer Overflow or Wraparound •

CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Un uso después de liberación en PDFium de Google Chrome versiones anteriores a 57.0.2987.98 para Mac, Windows y Linux y versión 57.0.2987.108 para Android permitiría a un usuario remoto provocar una corrupción de memoria dinámica (heap) a través de una archivo PDF especialmente diseñado. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/679649 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5039 https://bugzilla.redhat.com/show_bug.cgi?id=1431039 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0

Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. Chrome Apps de Google Chrome versiones anteriores a 57.0.2987.98 para Linux, Windows y Mac, debido a un fallo de uso después de liberación en GuestView, permitiría a un atacante remoto leer la memoria fuera de los límites a través de una extensión de Chrome especialmente diseñada. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/683523 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5043 https://bugzilla.redhat.com/show_bug.cgi?id=1431045 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 64%CPEs: 11EXPL: 1

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page. El manejo incorrecto de especies complejas en V8 de Google Chrome anteriores a 57.0.2987.98 para Linux, Windows y Mac y 57.0.2987.108 para Android permitió a un atacante remoto ejecutar código arbitrario a través de una página HTML especialmente diseñada. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony X800G Smart TV. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of arrays in Vewd. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/682194 https://security.gentoo.org/glsa/201704-02 https://www.zerodayinitiative.com/advisories/ZDI-20-126 https://access.redhat.com/security/cve/CVE-2017-5030 https://bugzilla.redhat.com/show_bug.cgi?id=1431030 • CWE-125: Out-of-bounds Read •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. Blink en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android, no pudo aplicar correctamente la política de seguridad de contenido inseguro en línea, lo que permitió a un atacante remoto eludir la política de seguridad de contenido a través de una página HTML manipulada. • https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html https://crbug.com/661126 •