CVSS: 9.3EPSS: 2%CPEs: 7EXPL: 0CVE-2016-1653 – chromium-browser: out-of-bounds write in V8
https://notcve.org/view.php?id=CVE-2016-1653
The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc. La implementación LoadBuffer en Google V8, como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.75, no maneja correctamente tipos de datos, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado que desencadena una operación de escritura fuera de rango, relacionado con compiler/pipeline.cc y compiler/simplified-lowering.cc. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 http://www.ubuntu.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 6%CPEs: 4EXPL: 0CVE-2016-1651 – Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-1651
fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document. fxcodec/codec/fx_codec_jpx_opj.cpp en PDFium, como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.75, no implementa correctamente las funciones sycc420_to_rgb y sycc422_to_rgb, lo que permite a atacantes remotos obtener información sensible de memoria de proceso o provocar una denegación de servicio (lectura fuera de rango) a través de datos JPEG 2000 manipulados en un documento PDF. This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPEG2000 images. A specially crafted JPEG2000 image embedded inside a PDF can force Google Chrome to read memory past the end of an allocated object. An attacker can leverage this vulnerability to disclose the contents of adjacent memory. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 http://zerodayinitiative.com&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 16%CPEs: 6EXPL: 0CVE-2016-1645 – Google Chrome Pdfium JPEG2000 Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1645
Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data. Múltiples errores de entero sin signo en la función opj_j2k_update_image_data en j2k.c en OpenJPEG, como se utiliza en PDFium en Google Chrome en versiones anteriores a 49.0.2623.87, permiten a atacantes remotos causar una denegación de servicio (proyección incorrecta y escritura fuera de rango) o posiblemente tener otro impacto no especificado a través de datos JPEG 2000 manipulados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPEG2000 images. A specially crafted JPEG2000 image embedded inside a PDF can force Google Chrome to write memory past the end of an allocated object. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_8.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00073.html http://www.debian.org/security/2016/dsa-3513 http://www.securityfocus.com/bid/84224 http://www.securitytracker.com/id/1035259 http://www.zerodayinitiative.com/advisories/ZDI-16-197 https://code& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0CVE-2015-2730 – NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)
https://notcve.org/view.php?id=CVE-2015-2730
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors. Mozilla Network Security Services (NSS) anterior a 3.19.1, utilizado en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y otros productos, no realiza correctamente las multiplicaciones Elliptical Curve Cryptography (ECC), lo que facilita a atacantes remotos falsificar firmas ECDSA a través de vectores no especificados. A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1664.html http://rhn.redhat.com/errata/RHSA-2015-1699.html http://www.debian.org&#x • CWE-310: Cryptographic Issues CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.1EPSS: 0%CPEs: 30EXPL: 1CVE-2015-2721 – NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71)
https://notcve.org/view.php?id=CVE-2015-2721
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. Mozilla Network Security Services (NSS) anterior a 3.19, utilizado en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, Thunderbird anterior a 38.1, y otros productos, no determina correctamente las transiciones de estado para la máquina de estados TLS, lo que permite a atacantes man-in-the-middle derrotar los mecanismos de protección criptográfica mediante el bloqueo de mensajes, tal y como fue demostrado mediante la eliminación de una propiedad de confidencialidad adelantada mediante el bloqueo de un mensaje ServerKeyExchange, también conocido como un problema de 'SMACK SKIP-TLS' . It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key Exchange). A remote attacker could use this flaw to bypass the forward-secrecy of a TLS/SSL connection. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1185.html http://rhn.redhat.com/errata/RHSA-2015-1664.html http://www.debian.org&#x • CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •