CVE-2017-15924
- EPSS 0.45%
- Veröffentlicht 27.10.2017 16:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_comma...
CVE-2017-5103
- EPSS 1.16%
- Veröffentlicht 27.10.2017 05:29:02
- Zuletzt bearbeitet 20.04.2025 01:37:25
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2017-5104
- EPSS 1.16%
- Veröffentlicht 27.10.2017 05:29:02
- Zuletzt bearbeitet 20.04.2025 01:37:25
Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page.
CVE-2017-5105
- EPSS 1.16%
- Veröffentlicht 27.10.2017 05:29:02
- Zuletzt bearbeitet 20.04.2025 01:37:25
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
CVE-2017-5106
- EPSS 1.16%
- Veröffentlicht 27.10.2017 05:29:02
- Zuletzt bearbeitet 20.04.2025 01:37:25
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
CVE-2017-5109
- EPSS 1.16%
- Veröffentlicht 27.10.2017 05:29:02
- Zuletzt bearbeitet 20.04.2025 01:37:25
Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.
CVE-2017-5110
- EPSS 1.07%
- Veröffentlicht 27.10.2017 05:29:02
- Zuletzt bearbeitet 20.04.2025 01:37:25
Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted H...
CVE-2017-5111
- EPSS 1.48%
- Veröffentlicht 27.10.2017 05:29:02
- Zuletzt bearbeitet 20.04.2025 01:37:25
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
CVE-2017-5113
- EPSS 1.27%
- Veröffentlicht 27.10.2017 05:29:02
- Zuletzt bearbeitet 20.04.2025 01:37:25
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-5114
- EPSS 1.48%
- Veröffentlicht 27.10.2017 05:29:02
- Zuletzt bearbeitet 20.04.2025 01:37:25
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.