Page 42 of 1444 results (0.011 seconds)

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page. El manejo incorrecto de sesiones de navegación fallidas con URL inválidas en Navigation en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía a un atacante remoto engañar a un usuario para que ejecutase código JavaScript en un origen arbitrario mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/850824 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18347 https://bugzilla.redhat.com/show_bug.cgi?id=1656561 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page. La validación insuficiente de los protocolos externos en Shell Integration en Google Chrome en Windows en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto lanzase programas externos mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/889459 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18354 https://bugzilla.redhat.com/show_bug.cgi?id=1656568 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. El manejo incorrecto del ciclo de vida de objetos en PDFium en Google Chrome, en versiones anteriores a la 71.0.3578.98, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html https://crbug.com/901654 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://www.debian.org/security/2019/dsa-4395 https://access.redhat.com/security/cve/CVE-2018-17481 https:&#x • CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page. El manejo incorrecto de cuadros de alertas emergentes en Blink en Google Chrome en versiones anteriores a la 71.0.3578.80, permitía a un atacante remoto presentar interfaces de usuario de navegador confusas mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/606104 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18346 https://bugzilla.redhat.com/show_bug.cgi?id=1656560 •

CVSS: 10.0EPSS: 97%CPEs: 18EXPL: 4

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Flash Player, en versiones 31.0.0.153 y anteriores y en la 31.0.0.108 y anteriores, tiene una vulnerabilidad de uso de memoria previamente liberada. La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability • https://www.exploit-db.com/exploits/46051 https://github.com/scanfsec/CVE-2018-15982 https://github.com/FlatL1neAPT/CVE-2018-15982 https://github.com/SyFi/CVE-2018-15982 http://www.securityfocus.com/bid/106116 https://access.redhat.com/errata/RHSA-2018:3795 https://helpx.adobe.com/security/products/flash-player/apsb18-42.html https://access.redhat.com/security/cve/CVE-2018-15982 https://bugzilla.redhat.com/show_bug.cgi?id=1656585 • CWE-416: Use After Free •