Page 432 of 3294 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1616 – chromium-browser: various fixes from internal audits

https://notcve.org/view.php?id=CVE-2016-1616

The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button. La función CustomButton::AcceleratorPressed en ui/views/controls/button/custom_button.cc en Google Chrome en versiones anteriores a 48.0.2564.82 permite a atacantes remotos suplantar URLs a través de vectores implicando un botón personalizado no enfocado. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.debian.org/security/2016/dsa-3456 http://www.securityfocus.com/bid/81430 http://www.securitytracker.com/id/1034801 https://code&# • CWE-254: 7PK - Security Features •

CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2052 – chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6

https://notcve.org/view.php?id=CVE-2016-2052

Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947. Múltiples vulnerabilidades no especificadas en HarfBuzz en versiones anteriores a 1.0.6, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de datos manipulados, como se demuestra por una sobre lectura del buffer como resultado de una comprobación de longitud invertida en hb-ot-font.cc, una cuestión diferente de CVE-2015-8947. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00070.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.securityfocus.com/bid/81812 http://www.securitytracker.com/id/1034801 http://www.ubuntu.com/usn/USN-2877-1 http://www.ubuntu.com/usn/USN-3067-1 https://code.google.com/p/chromium/issues/detail?id=544270 https://code.google.com/p/chromium/issues/detail?id=579625 https •

CVSS: 7.6EPSS: 2%CPEs: 1EXPL: 0

CVE-2016-1619 – chromium-browser: out-of-bounds read in PDFium

https://notcve.org/view.php?id=CVE-2016-1619

Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document. Múltiples desbordamientos de enteros en las funciones (1) sycc422_to_rgb y (2) sycc444_to_rgb en fxcodec/codec/fx_codec_jpx_opj.cpp en PDFium, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de un documento PDF manipulado. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.debian.org/security/2016/dsa-3456 http://www.securityfocus.com/bid/81430 http://www.securitytracker.com/id/1034801 https://code&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1620 – chromium-browser: various fixes from internal audits

https://notcve.org/view.php?id=CVE-2016-1620

Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 48.0.2564.82 permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.debian.org/security/2016/dsa-3456 http://www.securityfocus.com/bid/81430 http://www.securitytracker.com/id/1034801 http://www. •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1617 – chromium-browser: various fixes from internal audits

https://notcve.org/view.php?id=CVE-2016-1617

The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. La función CSPSource::schemeMatches en WebKit/Source/core/frame/csp/CSPSource.cpp en la implementación de Content Security Policy (CSP) en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, no aplica políticas http a URLs https y no aplica políticas ws a URLs wss, lo que hace más fácil para atacantes remotos determinar si un sitio web específico HSTS ha sido visitado leyendo un informe CSP. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.debian.org/security/2016/dsa-3456 http://www.securityfocus.com/bid/81430 http://www.securitytracker.com/id/1034801 http://www. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •