Page 71 of 425 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2019-5838 – chromium-browser: Overly permissive tab access in Extensions

https://notcve.org/view.php?id=CVE-2019-5838

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension. La aplicación de políticas insuficientes en la API de extensiones en Google Chrome antes de 75.0.3770.80 permitió a un atacante que convenció a un usuario de instalar una extensión maliciosa para evitar las restricciones en los URI de archivos a través de una extensión de Chrome diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/893087 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https: • CWE-863: Incorrect Authorization •

CVSS: 8.8EPSS: 5%CPEs: 8EXPL: 0

CVE-2019-5829 – chromium-browser: Use after free in Download Manager

https://notcve.org/view.php?id=CVE-2019-5829

Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. El desbordamiento de enteros en el administrador de descargas en Google Chrome antes de la versión 75.0.3770.80 permitió que un atacante remoto pudiera realizar un acceso a la memoria fuera de límites a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/958533 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4 • CWE-190: Integer Overflow or Wraparound •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2019-5836 – chromium-browser: Heap buffer overflow in Angle

https://notcve.org/view.php?id=CVE-2019-5836

Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El desbordamiento del búfer del montón en ANGLE en Google Chrome antes de 75.0.3770.80 permitió a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/947342 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https: • CWE-787: Out-of-bounds Write •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2019-5839 – chromium-browser: Incorrect handling of certain code points in Blink

https://notcve.org/view.php?id=CVE-2019-5839

Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. La validación excesiva de datos en el analizador de URL en Google Chrome anterior a la versión 75.0.3770.80 permitió que un atacante remoto convenciera a un usuario de introducir una URL para omitir la validación de URL del sitio web a través de una URL diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/925614 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1

CVE-2019-12221

https://notcve.org/view.php?id=CVE-2019-12221

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. Se detectó un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9 cuando se usa junto con libSDL2_image.a en SDL2_image 2.0.4. Hay un SEGV en la función SDL SDL_free_REAL at stdlib / SDL_malloc.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html https://bugzilla.libsdl.org/show_bug.cgi?id=4628 https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO https://lists.fedoraproject.org/archives/list/package • CWE-787: Out-of-bounds Write •