Page 78 of 726 results (0.008 seconds)

CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0

CVE-2017-5108 – chromium-browser: type confusion in pdfium

https://notcve.org/view.php?id=CVE-2017-5108

Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file. Una confusión de tipos en PDFium en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto pudiese modificar objetos con fines maliciosos mediante un archivo PDF manipulado. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/695830 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5108 https://bugzilla.redhat.com/show_bug.cgi?id=1475211 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 8.8EPSS: 2%CPEs: 9EXPL: 0

CVE-2017-5098 – chromium-browser: use after free in v8

https://notcve.org/view.php?id=CVE-2017-5098

A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en V8 en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/740803 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5098 https://bugzilla.redhat.com/show_bug.cgi?id=1475200 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2017-5093 – chromium-browser: ui spoofing in blink

https://notcve.org/view.php?id=CVE-2017-5093

Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. Una implementación incorrecta en la manipulación de diálogos modal en Blink en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto evitase que se mostrase una advertencia en pantalla completa mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/550017 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5093 https://bugzilla.redhat.com/show_bug.cgi?id=1475195 • CWE-20: Improper Input Validation CWE-223: Omission of Security-relevant Information •

CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0

CVE-2017-5103 – chromium-browser: uninitialized use in skia

https://notcve.org/view.php?id=CVE-2017-5103

Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. El uso de un valor no inicializado en Skia en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Linux, Windows y Mac, permitía que un atacante remoto obtuviese información sensible de la memoria de procesos mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/726199 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5103 https://bugzilla.redhat.com/show_bug.cgi?id=1475205 • CWE-908: Use of Uninitialized Resource •

CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 0

CVE-2017-5102 – chromium-browser: uninitialized use in skia

https://notcve.org/view.php?id=CVE-2017-5102

Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. El uso de un valor no inicializado en Skia en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto obtuviese información sensible de la memoria de procesos mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/727678 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5102 https://bugzilla.redhat.com/show_bug.cgi?id=1475204 • CWE-908: Use of Uninitialized Resource •