Page 16 of 80 results (0.075 seconds)

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc. Google V8, utilizado en Google Chrome anterior a 38.0.2125.101, no sigue debidamente las reservas de memoria dinámica JavaScript como reservas de memoria no inicializada y no concatena debidamnete los arrays de números de punto flotante y doble precisión, lo que permite a atacantes remotos obtener información sensible a través de código JavaScript manipulado, relacionado con las funciones PagedSpace::AllocateRaw y NewSpace::AllocateRaw en heap/spaces-inl.h, la función LargeObjectSpace::AllocateRaw en heap/spaces.cc, y la función Runtime_ArrayConcat en runtime.cc. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://code.google.com/p/v8/source/detail?r=23144 https://code.google.com/p/v8/source/detail?r=23268 https://crbug.com/403409 https://access.redhat.com/security/cve/CVE-2014-3195 https://bugzilla.redhat.com/show_bug.cgi?id=1150849 • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree, related to the FrameView::updateLayoutAndStyleForPainting function in core/frame/FrameView.cpp and the RenderLayerScrollableArea::setScrollOffset function in core/rendering/RenderLayerScrollableArea.cpp. Vulnerabilidad de uso después de liberación en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado que provoca una actualización 'widget-position' que interactua indebidamente con el árbol de renderización, relacionado con la función FrameView::updateLayoutAndStyleForPainting en core/frame/FrameView.cpp y la función RenderLayerScrollableArea::setScrollOffset en core/rendering/RenderLayerScrollableArea.cpp.Blink • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://crbug.com/402407 https://src.chromium.org/viewvc/blink?revision=180681&view=revision https://access.redhat.com/security/cve/CVE-2014-3191 https://bugzilla.redhat.com/show_bug.cgi?id=1151381 • CWE-416: Use After Free •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site. La función NavigationScheduler::schedulePageBlock en core/loader/NavigationScheduler.cpp en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, no proporciona debidamente los datos de sustitución para las páginas bloqueadas por el auditor de XSS, lo que permite a atacantes remotos obtener información sensible a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://crbug.com/396544 https://src.chromium.org/viewvc/blink?revision=179240&view=revision https://access.redhat.com/security/cve/CVE-2014-3197 https://bugzilla.redhat.com/show_bug.cgi?id=1151422 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 4%CPEs: 11EXPL: 0

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación en la función ProcessingInstruction::setXSLStyleSheet en core/dom/ProcessingInstruction.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://support.apple.com/HT204243 http://support.apple.com/HT204245 http:/& • CWE-416: Use After Free •

CVSS: 4.0EPSS: 0%CPEs: 103EXPL: 0

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. Apache Subversion 1.0.0 hasta 1.7.x anterior a 1.7.17 y 1.8.x anterior a 1.8.10 utiliza un hash MD5 de la URL y el reino (realm) de la autenticación para almacenar las credenciales de caché, lo que facilita a servidores remotos obtener credenciales a través de un reino (realm) de la autenticación manipulado. It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-0165.html http://rhn.redhat.com/errata/RHSA-2015-0166.html http://secunia.com/advisories/59432 http://secunia.com/advisories/59584 http://secunia.com/advisories/60722 http://subversion.apache.org/security/CVE-2014-3528-advisory.txt http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html ht • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-255: Credentials Management Errors •