Security
Headlines
HeadlinesLatestCVEs

Tag

#google

CVE-2014-9940: Android Security Bulletin—May 2017

The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.

CVE
Open in Source
#vulnerability#web#ios#android#google#linux#dos#rce#alibaba#xiaomi#wifi#ssl
CVE-2017-5039: 679649 - chromium - An open-source project to help move the web forward.

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2017-5040: 691323 - chromium - An open-source project to help move the web forward.

V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page.

CVE-2017-5036: 691371 - chromium - An open-source project to help move the web forward.

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.

CVE-2017-5035: 688425 - chromium - An open-source project to help move the web forward.

Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.

CVE-2017-5029: Check for integer overflow in xsltAddTextString (08ab2774) · Commits · GNOME / libxslt

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

CVE-2017-5038: 695476 - chromium - An open-source project to help move the web forward.

Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.

CVE-2017-5037: 679640 - chromium - An open-source project to help move the web forward.

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

CVE-2017-5042: 671932 - chromium - An open-source project to help move the web forward.

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.

CVE-2017-5030: 682194 - chromium - An open-source project to help move the web forward.

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.