Page 440 of 3354 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6785 – chromium-browser: Wildcard matching issue in CSP

https://notcve.org/view.php?id=CVE-2015-6785

The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a policy that was intended to be specific to subdomains. La función CSPSource::hostMatches en WebKit/Source/core/frame/csp/CSPSource.cpp en la implementación de la Content Security Policy (CSP) en Google Chrome en versiones anteriores a 47.0.2526.73 acepta un nombre de host x.y como una coincidencia para un patrón *.x.y, lo que puede permitir a atacantes remotos eludir restricciones destinadas al acceso en circunstancias oportunistas mediante el aprovechamiento de una política que estaba destinada a ser específica para subdominios. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/78416 http://www.securitytracker.com/id/1034298 http://www.ubuntu.com/usn/USN-2825-1 https://code.google.com/p/chromium/issues/detail?id=534542 https://codereview.chromium.org/1367933003& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6786 – chromium-browser: Scheme bypass in CSP

https://notcve.org/view.php?id=CVE-2015-6786

The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a * pattern, which allows remote attackers to bypass intended scheme restrictions in opportunistic circumstances by leveraging a policy that relies on this pattern. La función CSPSourceList::matches en WebKit/Source/core/frame/csp/CSPSourceList.cpp en la implementación de la Content Security Policy (CSP) en Google Chrome en versiones anteriores a 47.0.2526.73 acepta una URL blob:, data: o filesystem: como coincidencia para un patrón *, lo que permite a atacantes remotos eludir las restricciones de esquema previstas en circunstancias oportunistas mediante el aprovechamiento de una política que confía en éste patrón. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/78416 http://www.securitytracker.com/id/1034298 http://www.ubuntu.com/usn/USN-2825-1 https://code.google.com/p/chromium/issues/detail?id=534570 https://codereview.chromium.org/1361763005& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 3

CVE-2015-6787 – pdfium - CPDF_Function::Call Stack Buffer Overflow

https://notcve.org/view.php?id=CVE-2015-6787

Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 47.0.2526.73 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. Pdfium suffers from a heap-based out-of-bounds read in CPDF_DIBSource:DownSampleScanline32Bit. • https://www.exploit-db.com/exploits/39165 https://www.exploit-db.com/exploits/39162 https://www.exploit-db.com/exploits/39163 http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.securitytracker.com/id/1034298 http://www.ubuntu.com/usn/USN-2825-1 https://code.google.com/p/chromium/issues/detail?id= •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1302 – chromium-browser: information leak in PDF viewer

https://notcve.org/view.php?id=CVE-2015-1302

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc. El visor PDF en Google Chrome en versiones anteriores a 46.0.2490.86 no restringe adecuadamente mensajes de programación de secuencias de comandos y la exposición de la API, lo que permite a atacantes remotos eludir la Same Origin Policy a través de un embedder no intencionado o de la carga de un plugin no intencionado, relacionado con pdf.js y out_of_process_instance.cc. • http://googlechromereleases.blogspot.com/2015/11/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00120.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00121.html http://rhn.redhat.com/errata/RHSA-2015-1841.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/77537 http://www.securitytracker.com/id/1034132 https://code.google.com/p/chromium/issues/detail?id=520422 https://codereview.chromium.org/1316803003 https • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-7834

https://notcve.org/view.php?id=CVE-2015-7834

Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.6.85.23, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 •