Page 17 of 92 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors. La función chrome_pdf::CopyImage en pdf/draw_utils.cc en el componente PDFium en Google Chrome anterior a 38.0.2125.101 no valida debidamente las dimensiones de los datos de imágenes, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://codereview.chromium.org/519873002 https://crbug.com/398384 https://access.redhat.com/security/cve/CVE-2014-3189 https://bugzilla.redhat.com/show_bug.cgi?id=1151368 • CWE-125: Out-of-bounds Read CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc. Google V8, utilizado en Google Chrome anterior a 38.0.2125.101, no sigue debidamente las reservas de memoria dinámica JavaScript como reservas de memoria no inicializada y no concatena debidamnete los arrays de números de punto flotante y doble precisión, lo que permite a atacantes remotos obtener información sensible a través de código JavaScript manipulado, relacionado con las funciones PagedSpace::AllocateRaw y NewSpace::AllocateRaw en heap/spaces-inl.h, la función LargeObjectSpace::AllocateRaw en heap/spaces.cc, y la función Runtime_ArrayConcat en runtime.cc. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://code.google.com/p/v8/source/detail?r=23144 https://code.google.com/p/v8/source/detail?r=23268 https://crbug.com/403409 https://access.redhat.com/security/cve/CVE-2014-3195 https://bugzilla.redhat.com/show_bug.cgi?id=1150849 • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree, related to the FrameView::updateLayoutAndStyleForPainting function in core/frame/FrameView.cpp and the RenderLayerScrollableArea::setScrollOffset function in core/rendering/RenderLayerScrollableArea.cpp. Vulnerabilidad de uso después de liberación en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado que provoca una actualización 'widget-position' que interactua indebidamente con el árbol de renderización, relacionado con la función FrameView::updateLayoutAndStyleForPainting en core/frame/FrameView.cpp y la función RenderLayerScrollableArea::setScrollOffset en core/rendering/RenderLayerScrollableArea.cpp.Blink • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://crbug.com/402407 https://src.chromium.org/viewvc/blink?revision=180681&view=revision https://access.redhat.com/security/cve/CVE-2014-3191 https://bugzilla.redhat.com/show_bug.cgi?id=1151381 • CWE-416: Use After Free •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site. La función NavigationScheduler::schedulePageBlock en core/loader/NavigationScheduler.cpp en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, no proporciona debidamente los datos de sustitución para las páginas bloqueadas por el auditor de XSS, lo que permite a atacantes remotos obtener información sensible a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://crbug.com/396544 https://src.chromium.org/viewvc/blink?revision=179240&view=revision https://access.redhat.com/security/cve/CVE-2014-3197 https://bugzilla.redhat.com/show_bug.cgi?id=1151422 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 4%CPEs: 11EXPL: 0

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación en la función ProcessingInstruction::setXSLStyleSheet en core/dom/ProcessingInstruction.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://support.apple.com/HT204243 http://support.apple.com/HT204245 http:/& • CWE-416: Use After Free •