Page 444 of 3354 results (0.007 seconds)

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1291 – chromium-browser: Cross-origin bypass in DOM

https://notcve.org/view.php?id=CVE-2015-1291

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements. Vulnerabilidad en la función ContainerNode::parserRemoveChild en core/dom/ContainerNode.cpp en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, no comprueba si se espera un nodo, lo que permite a atacantes remotos eludir la Same Origin Policy o causar una denegación de servicio (corrupción de árbol DOM) a través de una página web con un código JavaScript manipulado y elementos IFRAME. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=516377 https://security.gentoo.org/glsa/201603-09 https://src.chromium.org/viewvc/blink? • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-1292 – chromium-browser: Cross-origin bypass in ServiceWorker

https://notcve.org/view.php?id=CVE-2015-1292

The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. Vulnerabilidad en la función NavigatorServiceWorker::serviceWorker en modules/serviceworkers/NavigatorServiceWorker.cpp en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy mediante el acceso a un Service Worker. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=522791 https://codereview.chromium.org/1307883002 https://security.gentoo.org/glsa/201603-09 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1293 – chromium-browser: Cross-origin bypass in DOM

https://notcve.org/view.php?id=CVE-2015-1293

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Vulnerabilidad en la implementación DOM en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=524074 https://security.gentoo.org/glsa/201603-09 https://access.redhat.com/security/cve • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1294 – chromium-browser: Use-after-free in Skia

https://notcve.org/view.php?id=CVE-2015-1294

Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation. Vulnerabilidad de uso después de liberación en la memoria en la función SkMatrix::invertNonIdentity en core/SkMatrix.cpp en Skia, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado desencadenando el uso de elementos matrices que llevan a un resultado infinito durante un cálculo de inversión. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=492263 https://codereview.chromium.org/1188433011 https://security.gentoo.org/glsa/201603-09 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1295 – chromium-browser: Use-after-free in Printing

https://notcve.org/view.php?id=CVE-2015-1295

Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities. Múltiples vulnerabilidades de uso después de liberación de memoria en la clase PrintWebViewHelper en components/printing/renderer/print_web_view_helper.cc en Google Chrome en versiones anteriores a 45.0.2454.85, permiten a atacantes remotos asistidos por usuario causar una denegación de servicio o posiblemente tener otro impacto no especificado desencadenando mensajes IPC anidados durante la preparación para impresión, según lo demostrado por mensajes asociados a documentos PDF en conjunción con mensajes acerca de las capacidades de la impresora. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=502562 https://codereview.chromium.org/1228693002 https://security.gentoo.org/glsa/201603-09 • CWE-416: Use After Free •