CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 0CVE-2016-1654 – chromium-browser: uninitialized memory read in media
https://notcve.org/view.php?id=CVE-2016-1654
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors. El subsistema media en Google Chrome en versiones anteriores a 50.0.2661.75 no inicializa una estructura de datos no especificada, lo que permite a atacantes remotos provocar una denegación de servicio (operación de lectura no válida) a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 http://www.ubuntu.com/ • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2016-1655 – chromium-browser: use-after-free related to extensions
https://notcve.org/view.php?id=CVE-2016-1655
Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension. Google Chrome en versiones anteriores a 50.0.2661.75 no considera correctamente que la eliminación de tramas pueda ocurrir durante la ejecución de una llamada de retorno, lo que permite a atacantes remotos provocar una denegación de servicio (uso después de liberación de memoria) o posiblemente tener otro impacto no especificado a través de una extensión manipulada. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 http://www.ubuntu.com/ •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2016-1659 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1659
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 50.0.2661.75 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 http://www.ubuntu.com/ •
CVSS: 8.1EPSS: 4%CPEs: 4EXPL: 0CVE-2016-1651 – Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-1651
fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document. fxcodec/codec/fx_codec_jpx_opj.cpp en PDFium, como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.75, no implementa correctamente las funciones sycc420_to_rgb y sycc422_to_rgb, lo que permite a atacantes remotos obtener información sensible de memoria de proceso o provocar una denegación de servicio (lectura fuera de rango) a través de datos JPEG 2000 manipulados en un documento PDF. This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPEG2000 images. A specially crafted JPEG2000 image embedded inside a PDF can force Google Chrome to read memory past the end of an allocated object. An attacker can leverage this vulnerability to disclose the contents of adjacent memory. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 http://zerodayinitiative.com&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2015-5969
https://notcve.org/view.php?id=CVE-2015-5969
The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments. La secuencia de comandos mysql-systemd-helper en el paquete mysql-community-server en versiones anteriores a 5.6.28-2.17.1 en openSUSE 13.2 y en versiones anteriores a 5.6.28-13.1 en openSUSE Leap 42.1 y el paquete mariadb en versiones anteriores a 10.0.22-2.21.2 en openSUSE 13.2 y en versiones anteriores a 10.0.22-3.1 en SUSE Linux Enterprise (SLE) 12.1 y openSUSE Leap 42.1 permite a usuarios locales descubrir las credenciales de la base de datos listando un proceso y sus argumentos. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html https://bugzilla.suse.com/957174 https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •