Page 461 of 2634 results (0.010 seconds)

CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 0

CVE-2015-1224 – chromium-browser: Out-of-bounds read in vpxdecoder

https://notcve.org/view.php?id=CVE-2015-1224

The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted VPx video data. La función VpxVideoDecoder::VpxDecode en media/filters/vpx_video_decoder.cc en la implementación vpxdecoder en Google Chrome anterior a 41.0.2272.76 no asegura que las dimensiones alpha-plane sean idénticas a las dimensiones de imágenes, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de datos de vídeo VPx manipulados. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=449958 https://codereview.chromium.org/858303002 https://security.gentoo.org/glsa/201503-12 https://access.redhat.com/security/cve/CVE-2015-1224 https://bugzilla.redhat.com/show_bug.cgi?id=1198531 • CWE-17: DEPRECATED: Code CWE-125: Out-of-bounds Read •

CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1225 – chromium-browser: Out-of-bounds read in pdfium

https://notcve.org/view.php?id=CVE-2015-1225

PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. PDFium, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 https://code.google.com/p/chromium/issues/detail?id=446033 https://security.gentoo.org/glsa/201503-12 https://access.redhat.com/security/cve/CVE-2015-1225 https://bugzilla.redhat.com/show_bug.cgi?id=1198532 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-1226 – chromium-browser: Validation issue in debugger

https://notcve.org/view.php?id=CVE-2015-1226

The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension. La función DebuggerFunction::InitAgentHost en browser/extensions/api/debugger/debugger_api.cc en Google Chrome anterior a 41.0.2272.76 no restringe correctamente qué URLs están disponibles como objetivos de depuración, lo que permite a atacantes remotos evadir las restricciones de acceso a través de una extensión manipulada. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 https://code.google.com/p/chromium/issues/detail?id=456841 https://codereview.chromium.org/910053002 https://security.gentoo.org/glsa/201503-12 https://access.redhat.com/security/cve/CVE-2015-1226 https://bugzilla.redhat.com/show_bug.cgi?id=1198533 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1227 – chromium-browser: Uninitialized value in blink

https://notcve.org/view.php?id=CVE-2015-1227

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which the default orientation cannot be used. La función DragImage::create en platform/DragImage.cpp en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, no inicializa la memoria para la creación de imágenes, lo que permite a atacantes remotos tener un impacto no especificado mediante la provocación de una decodificación de imagen fallado, tal y como fue demostrado por una imagen para la que la orientación por defecto no puede ser utilizada. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=450389 https://security.gentoo.org/glsa/201503-12 https://src.chromium.org/viewvc/blink?revision=189585&view=revision https://src.chromium.org/viewvc/blink?revision=189816&view=revision https://access.redhat.com/security/cve/CVE • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0

CVE-2015-1228 – chromium-browser: Uninitialized value in rendering

https://notcve.org/view.php?id=CVE-2015-1228

The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence. La función RenderCounter::updateCounter en core/rendering/RenderCounter.cpp en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, no fuerza una operación relayout y como consecuencia no inicializa la memoria para una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través de una secuencia de tokens Cascading Style Sheets (CSS) manipulada. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=444707 https://security.gentoo.org/glsa/201503-12 https://src.chromium.org/viewvc/blink?revision=188180&view=revision https://access.redhat.com/security/cve/CVE-2015-1228 https://bugzilla.redhat.com/show_bug.cgi?id=1198535 • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •