CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1707
https://notcve.org/view.php?id=CVE-2014-1707
16 Mar 2014 — Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors. Vulnerabilidad de salto de directorio en CrosDisks en Google Chrome OS anterior a 33.0.1750.152 tiene vectores de impacto y ataque no especificados. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1711
https://notcve.org/view.php?id=CVE-2014-1711
16 Mar 2014 — The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. El controlador de GPU en el kernel en Google Chrome OS anterior a 33.0.1750.152 permite a atacantes remotos causar una denegación de servicio (escritura fuera de límites) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 54EXPL: 0CVE-2013-2833
https://notcve.org/view.php?id=CVE-2013-2833
16 Apr 2013 — Use-after-free vulnerability in the O3D plug-in in Google Chrome OS before 26.0.1410.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper management of ownership relationships involving Elements and DrawElements. Vulnerabilidad usar-despues-de-liberar en el plug-in 03D en Google Chrome OS anterior a v26.0.1410.57 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado mediante v... • http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git%3Ba=commit%3Bh=9181705680e1f53fd1e895ebe84c1b7f18c5c380 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2013-2832
https://notcve.org/view.php?id=CVE-2013-2832
16 Apr 2013 — The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote attackers to obtain sensitive information via unspecified vectors. La función Buffer::Set en core/cross/buffer.cc en el plug-in O3D en Google Chrome OS anterior a v26.0.1410.57 no impide que los datos no inicializados permanezcan en un búfer, pudiendo permitir a atacantes remotos obtener información sensible a tra... • http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git%3Ba=commit%3Bh=9181705680e1f53fd1e895ebe84c1b7f18c5c380 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 54EXPL: 0CVE-2013-2835
https://notcve.org/view.php?id=CVE-2013-2835
16 Apr 2013 — Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834. Google Chrome OS anterior a v26.0.1410.57 no fuerza correctamente las restricciones de origen para el O3D y el plugin Google Talk, permitiendo a atacantes remotos eludir el mecanismo de protección de lista blanca de dominios (domain-whitel... • http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 54EXPL: 0CVE-2013-2834
https://notcve.org/view.php?id=CVE-2013-2834
16 Apr 2013 — Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835. Google Chrome OS anterior a v26.0.1410.57 no fuerza correctamente las restricciones de origen para el O3D y el plugin Google Talk, permitiendo a atacantes remotos eludir el mecanismo de protección de lista blanca de dominios (domain-whitel... • http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git%3Ba=commit%3Bh=9181705680e1f53fd1e895ebe84c1b7f18c5c380 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 54EXPL: 0CVE-2013-0927
https://notcve.org/view.php?id=CVE-2013-0927
10 Apr 2013 — Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended access restrictions via crafted configuration data. Google Chrome OS antes v26.0.1410.57 se basa en una implementación de Pango pango-utils.c read_config que carga el contenido del archivo .Pangorc en el directorio home del usuario ... • http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git%3Ba=commit%3Bh=fb5a664def6cd34bf7295489ea73e1d989bdd6d0 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 118EXPL: 0CVE-2013-0915
https://notcve.org/view.php?id=CVE-2013-0915
18 Mar 2013 — The GPU process in Google Chrome OS before 25.0.1364.173 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an "overflow." El proceso de GPU en Google Chrome OS anterior a v25.0.1364.173 permite a atacantes provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con un "desbordamiento". • http://googlechromereleases.blogspot.com/2013/03/stable-channel-update-for-chrome-os_15.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5129 – Gentoo Linux Security Advisory 201404-06
https://notcve.org/view.php?id=CVE-2012-5129
04 Dec 2012 — Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows remote attackers to cause a denial of service (GPU process crash) or possibly have unspecified other impact via unknown vectors. Desbordamiento de búfer en memoria dinámica en el subsistema WebGL en Google Chrome OS antes de v23.0.1271.94, permite a atacantes remotos provocar una denegación de servicio (caída del proceso GPU) o posiblemente tener un impacto no especificado a través de vectores desconocidos. Mult... • http://googlechromereleases.blogspot.com/2012/11/stable-update-for-chrome-os_30.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 118EXPL: 0CVE-2012-2870 – libxslt: Use-after-free when processing an invalid XPath expression
https://notcve.org/view.php?id=CVE-2012-2870
31 Aug 2012 — libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. libxslt v1.1.26 y anteriores, tal como se utiliza en Google Chrome anterior a v21.0.11... • http://code.google.com/p/chromium/issues/detail?id=138672 • CWE-399: Resource Management Errors CWE-416: Use After Free •