Page 434 of 3364 results (0.013 seconds)

CVSS: 8.8EPSS: 8%CPEs: 1EXPL: 1

Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792. Desbordamiento de entero en la función the WebCursor::Deserialize en content/common/cursors/webcursor.cc en Google Chrome en versiones anteriores a la 47.0.2526.106 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un array de pixel RGBA con dimensiones manipuladas, una vulnerabilidad diferente a CVE-2015-6792. • https://www.exploit-db.com/exploits/39039 http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html http://www.securityfocus.com/bid/79686 http://www.securitytracker.com/id/1034491 http://www.ubuntu.com/usn/USN-2860-1 https://code.google.com/p/chromium/issues/detail?id=565023 https://code.google.com/p/chromium/issues/detail?id=569486 https://codereview.chromium.org/1498903003 https://access.redhat.com/security/cve/CVE-2015-8664 https://bugzilla.redhat. • CWE-189: Numeric Errors CWE-416: Use After Free •

CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0

The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664. El subsistema MIDI en Google Chrome en versiones anteriores a la 47.0.2526.106 no maneja correctamente el envío de datos, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de vectores no especificados, relacionada con midi_manager.cc, midi_manager_alsa.cc y midi_manager_mac.cc, una vulnerabilidad diferente a CVE-2015-8664. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00030.html http://rhn.redhat.com/errata/RHSA-2015-2665.html http://www.debian.org/security/2016/dsa-3456 http://www.securityfocus.com/bid/79348 http://www.securitytracker.com/id/1034491 https://code.google.com/p/chromium/issues/detail?id=564501 https://code.google.com&# •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.7.80.23, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.80, permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos, un problema diferente a CVE-2015-8478. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html http://rhn.redhat.com/errata/RHSA-2015-2618.html http://www.ubuntu.com/usn/USN-2860-1 https://access.redhat.com/security/cve/CVE-2015-8548 https://bugzilla.redhat.com/show_bug.cgi?id=1291235 •

CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0

The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." La clase ObjectBackedNativeHandler en extensions/renderer/object_backed_native_handler.cc en el subsistema de extensiones en Google Chrome en versiones anteriores a 47.0.2526.80 implementa de manera incorrecta funciones del controlador, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que aprovechan 'confusión de tipos'. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://rhn.redhat.com/errata/RHSA-2015-2618.html http://www.debian.org/security/2015/dsa-3418 http://www.securityfocus.com/bid/78734 https://code.google.com/p/chromium/issues/detail?id=548273 https://codereview.chromium.org/1422383003 https://security.gentoo.org&#x • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0

Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion. Condición de carrera en la implementación MutationObserver en Blink, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.80, permite a atacantes remotos causar una denegación de servicio (uso después de liberación de memoria) o posiblemente tener otro impacto no especificado mediante el aprovechamiento del borrado de un objeto no previsto. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://rhn.redhat.com/errata/RHSA-2015-2618.html http://www.debian.org/security/2015/dsa-3418 http://www.securityfocus.com/bid/78734 http://www.ubuntu.com/usn/USN-2860-1 https://code.google.com/p/chromium/issues/detail?id=557981 https://codereview.chromium • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •