Log

CVE-2017-15419 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ A cross-origin leak of redirect URL has been found in the Blink component of the Chromium browser before 63.0.3239.84.
References
+ https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
+ https://crbug.com/780312
Notes
CVE-2017-15420 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Content spoofing
Description
+ A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 63.0.3239.84.
References
+ https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
+ https://crbug.com/777419
Notes
CVE-2017-15422 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An integer overflow has been found in the ICU component of the Chromium browser before 63.0.3239.84.
References
+ https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
+ https://crbug.com/774382
Notes
CVE-2017-15423 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Information disclosure
Description
+ An information disclosure issue has been found in the SPAKE implementation of the BoringSSL component of the Chromium browser before 63.0.3239.84.
References
+ https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
+ https://github.com/google/boringssl/commit/696c13bd6ab78011adfe7b775519c8b7cc82b604
+ https://crbug.com/778101
Notes
CVE-2017-15424 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Content spoofing
Description
+ A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 63.0.3239.84.
References
+ https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
+ https://crbug.com/756226
Notes
CVE-2017-15425 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Content spoofing
Description
+ A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 63.0.3239.84.
References
+ https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
+ https://crbug.com/756456
Notes
CVE-2017-15426 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Content spoofing
Description
+ A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 63.0.3239.84.
References
+ https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
+ https://crbug.com/756735
Notes
CVE-2017-15427 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ An insufficient blocking of Javascript issue has been found in the Omnibox component of the Chromium browser before 63.0.3239.84.
References
+ https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
+ https://crbug.com/768910
Notes
CVE-2017-15429 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Cross-site scripting
Description
+ A universal XSS has been found in the V8 component of the Chromium browser before 63.0.3239.108.
References
+ https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop_14.html
+ https://crbug.com/788453
Notes
CVE-2017-15535 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ MongoDB 3.4.x before 3.4.10, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory of the running process.
References
+ https://jira.mongodb.org/browse/SERVER-31273
+ https://github.com/mongodb/mongo/commit/5ad69b851801edadbfde8fdf271f4ba7c21170b5
Notes
+ To disable wire protocol compression, users may specify disabled as the compression engine, either in the command line:
+
+ --networkMessageCompressors disabled
+
+ or, alternatively, in the mongod configuration file as:
+
+ net:
+ compression:
+ compressors: disabled