Page 5 of 75 results (0.011 seconds)

CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0

Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en media en Google Chrome versiones anteriores a 80.0.3987.149, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html https://crbug.com/1031142 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57 https://lists.fedo • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1

Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en WebGL en Google Chrome versiones anteriores a 80.0.3987.149, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html https://crbug.com/1051748 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57 https://lists.fedo • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 1

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en audio en Google Chrome versiones anteriores a 80.0.3987.149, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html http://packetstormsecurity.com/files/172843/Chrome-WebAudio-Use-After-Free.html https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html https://crbug.com/1059686 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI https://lists.fedoraproject.org/archives/list/package-a • CWE-416: Use After Free •

CVSS: 8.4EPSS: 0%CPEs: 13EXPL: 1

A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. • https://bugzilla.suse.com/show_bug.cgi?id=1153921 https://access.redhat.com/security/cve/CVE-2019-3696 https://bugzilla.redhat.com/show_bug.cgi?id=1811707 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.4EPSS: 0%CPEs: 13EXPL: 1

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. • https://bugzilla.suse.com/show_bug.cgi?id=1152763 https://access.redhat.com/security/cve/CVE-2019-3695 https://bugzilla.redhat.com/show_bug.cgi?id=1811703 • CWE-94: Improper Control of Generation of Code ('Code Injection') •