CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2014-7942 – chromium-browser: uninitialized-value in Fonts
https://notcve.org/view.php?id=CVE-2014-7942
The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. La implementación Fuentes en Google Chrome anterior a 40.0.2214.91 no inicializa la memoria para una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio o la posibilidad de tener otro impacto sin especificar a través de vectores no conocidos • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 http://www.ubuntu.com/usn/USN-2476-1 https:/& • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2014-7939 – chromium-browser: same-origin-bypass in V8
https://notcve.org/view.php?id=CVE-2014-7939
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header. Google Chrome anterior aq 40.0.2214.91, cuando el proxy Harmony en Google V8 está habilitado, permite a atacantes remotos evadir Same Origin Policy a través de código JavaScript manipulado con llamadas Proxy.create y console.log, relacionado con respuestas HTTP a que les falta una cabecera'X-Content-Type-Options: nosniff'. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 https://code.google.com/p/chromium/issues/detail?id=399951 https://access.redhat.com/ • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2014-7923 – ICU: regexp engine missing look-behind expression range check
https://notcve.org/view.php?id=CVE-2014-7923
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression. El paquete Regular Expressions en International Components for Unicode (ICU) 52 anterior a la versión SVN 292944, como es usada en Google Chrome anterior a la versión 40.0.2214.91, permite a los atacantes remotos generar una Denegación de Servicio (corrupción de la memoria) o posiblemente tener otros impactos no especificados por medio de vectores relacionados con una expresión look-behind. • http://advisories.mageia.org/MGASA-2015-0047.html http://bugs.icu-project.org/trac/ticket/11370 http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.oracle.com/technetwork/t • CWE-17: DEPRECATED: Code CWE-122: Heap-based Buffer Overflow •
CVSS: 2.1EPSS: 0%CPEs: 41EXPL: 0CVE-2014-9584 – kernel: isofs: unchecked printing of ER records
https://notcve.org/view.php?id=CVE-2014-9584
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. La función parse_rock_ridge_inode_internal en fs/isofs/rock.c en el kernel de Linux anterior a 3.18.2 no valida un valor de longitud en el campo Extensions Reference (ER) System Use, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de una imagen iso9660 manipulada. An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference (ER) records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e2024624e678f0ebb916e6192bd23c1f9fdf696 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://lists.o • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 39EXPL: 1CVE-2014-9585 – kernel: ASLR bruteforce possible for vdso library
https://notcve.org/view.php?id=CVE-2014-9585
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. La función vdso_addr en arch/x86/vdso/vma.c en el kernel de Linux hasta 3.18.2 no elige correctamente localizaciones de memoria para la área vDSO, lo que facilita a usuarios locales evadir el mecanismo de protección ASLR mediante la adivinación de una localización al final de un PMD. An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. • http://git.kernel.org/?p=linux/kernel/git/luto/linux.git%3Ba=commit%3Bh=bc3b94c31d65e761ddfe150d02932c65971b74e2 http://git.kernel.org/?p=linux/kernel/git/tip/tip.git%3Ba=commit%3Bh=fbe1bf140671619508dfa575d74a185ae53c5dbb http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148480.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg0 •