CVSS: 6.8EPSS: 1%CPEs: 9EXPL: 1CVE-2013-6645
https://notcve.org/view.php?id=CVE-2013-6645
Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element. Vulnerabilidad de uso despues de liberación en la función OnWindowRemovingFromRootWindow de content/browser/web_contents/web_contents_view_aura.cc en Google Chrome anteriores a 32.0.1700.76 en Windows y anteriores a 32.0.1700.77 en Mac OS X y Linux permite a atacantes remotos asistidos por usuario causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que involucran ciertas acciones de imprimir previsualización o cambio de pestaña que interactuan con un elemento de speech input • http://code.google.com/p/chromium/issues/detail?id=320183 http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html http://www.debian.org/security/2014/dsa-2862 https://code.google.com/p/chromium/issues/detail?id=318791 https://src.chromium.org/viewvc/chrome?revision=235302&view=revision • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2013-6643
https://notcve.org/view.php?id=CVE-2013-6643
The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. La función OneClickSigninBubbleView::WindowClosing en browser/ui/views/sync/one_click_signin_bubble_view.cc en Google Chrome anteriores a 32.0.1700.78 en Windows y anteriores a 32.0.1700.77 en Mac OS X y Linux permite a atacantes disparar una sincronización con una cuenta Google arbitraria aprovechando el manejo impropio del cerrado de un dialogo de confirmación de acceso no confiable. • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html http://www.debian.org/security/2014/dsa-2862 https://code.google.com/p/chromium/issues/detail?id=321940 https://src.chromium.org/viewvc/chrome?revision=237115&view=revision • CWE-287: Improper Authentication •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2013-3713
https://notcve.org/view.php?id=CVE-2013-3713
The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow. La configuración de creación d eimagen en aaa_base anteriores a 16.26.1 para openSUSE 13.1 KDE añade el usuario root al grupo "users" cuando se instala desde una imagen live, lo cual permite a usuarios locales obtener información sensible y probablemente tener otros impactos no especificados, como fue demostrado leyendo /etc/shadow. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00117.html https://bugzilla.novell.com/show_bug.cgi?id=843230 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.6EPSS: 1%CPEs: 16EXPL: 0CVE-2013-2139 – libsrtp: buffer overflow in application of crypto profiles
https://notcve.org/view.php?id=CVE-2013-2139
Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. Desbordamiento de búfer en srtp.c en libsrtp en srtp 1.4.5 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores relacionados con una inconsistencia en la longitud de las funciones crypto_policy_set_from_profile_for_rtp y srtp_protect. • http://advisories.mageia.org/MGASA-2014-0465.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html http://lwn.net/Articles/579633 http://seclists.org/fulldisclosure/2013/Jun/10 http://www.debian.org/security/2014/dsa-2840 http://www.mandriva.com/security/advisories?name=MDVSA-2014:219 http://www.osvdb.org/93852 https://bugzilla.redhat.com/show_bug.cgi?id=970697 https://github.com/cisco/libs • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 9EXPL: 0CVE-2013-6424 – xorg-x11-server: integer underflow when handling trapezoids
https://notcve.org/view.php?id=CVE-2013-6424
Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Underflow de entero en la macro xTrapezoidValid en render/picture.h de X.Org permite a atacantes dependientes de contexto causar una denegación de servicio (crash) a través de un valor mínimo negativo . • http://lists.opensuse.org/opensuse-updates/2013-12/msg00127.html http://lists.x.org/archives/xorg-devel/2013-October/037996.html http://rhn.redhat.com/errata/RHSA-2013-1868.html http://www.debian.org/security/2013/dsa-2822 http://www.openwall.com/lists/oss-security/2013/12/03/8 http://www.openwall.com/lists/oss-security/2013/12/04/8 http://www.ubuntu.com/usn/USN-2500-1 https://bugs.freedesktop.org/show_bug.cgi?id=67484 https://bugs.launchpad.net/ubuntu&# • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •