Page 45 of 2135 results (0.012 seconds)

CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0

25 Oct 2018 — Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. El manejo incorrecto de texturas en Angle en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, ... • http://www.securityfocus.com/bid/105666 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 6%CPEs: 19EXPL: 0

25 Oct 2018 — Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 62 y Firefox ESR 60.2. Algunos de estos ... • http://www.securityfocus.com/bid/105718 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

25 Oct 2018 — Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. El manejo incorrecto de cadenas de filtrado de PDF en PDFium en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium... • http://www.securityfocus.com/bid/105666 • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0

25 Oct 2018 — A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. Una vulnerabilidad en la que WebExtensions pueden ejecutar scripts de contenido en contextos no permitidos tras una navegación u otros eventos. Esto permite el escalado de privilegios potencial mediante WebExt... • http://www.securityfocus.com/bid/105718 • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

25 Oct 2018 — Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. La colocación incorrecta de diálogos en WebContents en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto ocultase la advertencia total de pantalla mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 70.0.3538.67. Issues ad... • http://www.securityfocus.com/bid/105666 •

CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 0

25 Oct 2018 — Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. La gestión incorrecta del historial en iOS en la navegación en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrade... • http://www.securityfocus.com/bid/105666 •

CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0

25 Oct 2018 — Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. Conteo de referencias incorrecto en AppCache en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto realizase un escape del sandbox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 70.0.3538.67. Issues addressed include buffer overflow ... • http://www.securityfocus.com/bid/105666 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

25 Oct 2018 — Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. La implementación incorrecta del recorte de objetos en V8 en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto pudiese explotar una corrupción de objetos mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 70... • http://www.securityfocus.com/bid/105666 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 3%CPEs: 18EXPL: 0

25 Oct 2018 — A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Se ha encontrado una vulnerabilidad potencial en los builds de 32 bit en la que un desbordamiento de enteros ... • http://www.securityfocus.com/bid/105718 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0

25 Oct 2018 — Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. El manejo incorrecto de información de temporización durante la navegación en Blink en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto obtuviese URL de orígenes cruzados mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades ... • http://www.securityfocus.com/bid/105666 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •