CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 0CVE-2016-1680 – chromium-browser: heap use-after-free in skia
https://notcve.org/view.php?id=CVE-2016-1680
Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación de memoria en ports/SkFontHost_FreeType.cpp en Skia, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, permite a atacantes remotos provocar una denegación del servicio (corrupción de la memoria dinámica) o o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2016-1682 – chromium-browser: csp bypass for serviceworker
https://notcve.org/view.php?id=CVE-2016-1682
The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration. La función ServiceWorkerContainer::registerServiceWorkerImpl en WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp en Blink, como es usada en Google Chrome en versiones anteriores a 51.0.2704.63, permite a atacantes remotos eludir el mecanismo de protección Content Security Policy (CSP) a través de un registro ServiceWorker. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat. • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0CVE-2016-1684 – chromium-browser: integer overflow in libxslt
https://notcve.org/view.php?id=CVE-2016-1684
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. numbers.c en libxslt en versiones anteriores a 1.1.29, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, no maneja correctamente el token de formato i para datos xsl:number, lo que permite a atacantes remotos provocar una denegación del servicio (desbordamiento de entero o consumo de recursos) o posiblemente tener otro impacto no especificado a través de un documento manipulado. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-05 •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2016-1691 – chromium-browser: heap buffer-overflow in skia
https://notcve.org/view.php?id=CVE-2016-1691
Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp. Skia, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, no maneja correctamente la ejecución de coincidencia, lo que permite a atacantes remotos provocar una denegación del servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente tener otro impacto no especificado a través de curvas manipuladas, relacionado con SkOpCoincidence.cpp y SkPathOpsCommon.cpp. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2016-1677 – chromium-browser: type confusion in v8
https://notcve.org/view.php?id=CVE-2016-1677
uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion." uri.js en Google V8 en versiones anteriores a 5.1.281.26, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, usa un tipo de matriz incorrecto, lo que permite a atacantes remotos obtener información sensible llamando a la función decodeURI y aprovechando "confusión de tipo". • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •