Page 9 of 51 results (0.017 seconds)

CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 0

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. La función V8ThrowException::createDOMException en bindings/core/v8/V8ThrowException.cpp en las vinculaciones V8 en Blink, utilizado en Google Chrome anterior a 40.0.2214.111 en Windows, OS X, y Linux y anterior a 40.0.2214.109 en Android, no considera correctamente las restricciones de acceso a Frame durante el lanzamiento de una excepción, lo que permite a atacantes remotos evadir Same Origin Policy a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0163.html http://secunia.com/advisories/62670 http://secunia.com/advisories/62818 http://secunia.com/advisories/62917 http://secunia.com/advisories/62925 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.secur •

CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor. Vulnerabilidad de uso después de liberación en la función VisibleSelection::nonBoundaryShadowTreeRootNode en core/editing/VisibleSelection.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 40.0.2214.111 en Windows, OS X, y Linux y anterior a 40.0.2214.109 en Android, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado que provoca el manejo incorrecto de una ancla shadow-root. • http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0163.html http://secunia.com/advisories/62670 http://secunia.com/advisories/62818 http://secunia.com/advisories/62917 http://secunia.com/advisories/62925 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.secur • CWE-416: Use After Free •

CVSS: 2.1EPSS: 0%CPEs: 41EXPL: 0

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. La función parse_rock_ridge_inode_internal en fs/isofs/rock.c en el kernel de Linux anterior a 3.18.2 no valida un valor de longitud en el campo Extensions Reference (ER) System Use, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de una imagen iso9660 manipulada. An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference (ER) records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e2024624e678f0ebb916e6192bd23c1f9fdf696 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://lists.o • CWE-20: Improper Input Validation •

CVSS: 2.1EPSS: 0%CPEs: 39EXPL: 1

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. La función vdso_addr en arch/x86/vdso/vma.c en el kernel de Linux hasta 3.18.2 no elige correctamente localizaciones de memoria para la área vDSO, lo que facilita a usuarios locales evadir el mecanismo de protección ASLR mediante la adivinación de una localización al final de un PMD. An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. • http://git.kernel.org/?p=linux/kernel/git/luto/linux.git%3Ba=commit%3Bh=bc3b94c31d65e761ddfe150d02932c65971b74e2 http://git.kernel.org/?p=linux/kernel/git/tip/tip.git%3Ba=commit%3Bh=fbe1bf140671619508dfa575d74a185ae53c5dbb http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148480.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg0 •

CVSS: 6.9EPSS: 0%CPEs: 39EXPL: 0

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. Condición de carrera en la función key_gc_unused_keys en security/keys/gc.c en el kernel de Linux hasta 3.18.2 permite a usuarios locales causar una denegación de servicio (corrupción de memoria o pánico) o posiblemente tener otro impacto no especificado a través de comandos keyctl que provocan el acceso a un miembro de la estructura clave durante la recogida de basura de una clave. A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a3a8784454692dd72e5d5d34dcdab17b4420e74c http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://rhn.redhat.com/errata/RHSA-2015-0864.html http://rhn.redhat.com/errata/RHSA-2015-1137.html http://rhn.redhat.com/errata/RHSA-2015-1138& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •