Page 444 of 2694 results (0.032 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1293 – chromium-browser: Cross-origin bypass in DOM

https://notcve.org/view.php?id=CVE-2015-1293

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Vulnerabilidad en la implementación DOM en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=524074 https://security.gentoo.org/glsa/201603-09 https://access.redhat.com/security/cve • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1297 – chromium-browser: Permission scoping error in WebRequest

https://notcve.org/view.php?id=CVE-2015-1297

The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension. Vulnerabilidad en la implementación WebRequest API en extensions/browser/api/web_request/web_request_api.cc en Google Chrome en versiones anteriores a 45.0.2454.85, no considera correctamente una fuente de petición antes de aceptar la petición, lo que permite a atacantes remotos eludir las restricciones de acceso previstas a través de una (1) app o (2) extensión manipulada. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=510802 https://codereview.chromium.org/1267183003 https://security.gentoo.org/glsa/201603-09 • CWE-254: 7PK - Security Features •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-1301 – chromium-browser: various fixes from internal audits

https://notcve.org/view.php?id=CVE-2015-1301

Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=413706 https://code.google.com/p/chromium/issues/detail?id=482369 https://code.google.co •

CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0

CVE-2015-6581

https://notcve.org/view.php?id=CVE-2015-6581

Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure. Vulnerabilidad de liberación doble en la función opj_j2k_copy_default_tcp_and_create_tcd en j2k.c en OpenJPEG en versiones anteriores a r3002, como se utiliza en PDFium en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de la memoria dinámica) desencadenando un fallo de asignación de memoria. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168736.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169258.html http://www.debian.org/security/2016/dsa-3665 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=486538 https://code.google.com/p/chromium/issues/detail?id=526825 https://code.google.com/p/openjpeg/issues/detail? •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1295 – chromium-browser: Use-after-free in Printing

https://notcve.org/view.php?id=CVE-2015-1295

Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities. Múltiples vulnerabilidades de uso después de liberación de memoria en la clase PrintWebViewHelper en components/printing/renderer/print_web_view_helper.cc en Google Chrome en versiones anteriores a 45.0.2454.85, permiten a atacantes remotos asistidos por usuario causar una denegación de servicio o posiblemente tener otro impacto no especificado desencadenando mensajes IPC anidados durante la preparación para impresión, según lo demostrado por mensajes asociados a documentos PDF en conjunción con mensajes acerca de las capacidades de la impresora. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=502562 https://codereview.chromium.org/1228693002 https://security.gentoo.org/glsa/201603-09 • CWE-416: Use After Free •