Security News

CVE-2017-5129

National Vulnerability Database - Wed, 02/07/2018 - 18:29
A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Categories: Security News

CVE-2017-5130

National Vulnerability Database - Wed, 02/07/2018 - 18:29
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
Categories: Security News

CVE-2017-5131

National Vulnerability Database - Wed, 02/07/2018 - 18:29
An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.
Categories: Security News

CVE-2017-5132

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.
Categories: Security News

CVE-2017-5133

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentiality execute code via a crafted PDF file.
Categories: Security News

CVE-2018-6829

National Vulnerability Database - Wed, 02/07/2018 - 18:29
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
Categories: Security News

CVE-2017-15386

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Categories: Security News

CVE-2017-15387

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.
Categories: Security News

CVE-2017-15388

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Categories: Security News

CVE-2017-15389

National Vulnerability Database - Wed, 02/07/2018 - 18:29
An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Categories: Security News

CVE-2017-15390

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
Categories: Security News

CVE-2017-15391

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.
Categories: Security News

CVE-2017-15392

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.
Categories: Security News

CVE-2017-15393

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.
Categories: Security News

CVE-2017-15394

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.
Categories: Security News

CVE-2017-15395

National Vulnerability Database - Wed, 02/07/2018 - 18:29
A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.
Categories: Security News

CVE-2017-15397

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position.
Categories: Security News

CVE-2017-15400

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.
Categories: Security News

CVE-2017-5124

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
Categories: Security News

CVE-2018-6574

National Vulnerability Database - Wed, 02/07/2018 - 16:29
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
Categories: Security News

Pages