CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3190 – chromium: multiple security fixes in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3190
08 Oct 2014 — Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that accesses the path property of an Event object. Vulnerabilidad de uso después de liberación en la función Event::currentTarget en core/events/Event.cpp en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, pe... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 4%CPEs: 11EXPL: 0CVE-2014-3192 – chromium: use-after-free in DOM, fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3192
08 Oct 2014 — Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación en la función ProcessingInstruction::setXSLStyleSheet en core/dom/ProcessingInstruction.cpp en la implementación DOM en Blink, utilizado en Google... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3189 – chromium: OOB reads in PDFium fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3189
08 Oct 2014 — The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors. La función chrome_pdf::CopyImage en pdf/draw_utils.cc en el componente PDFium en Google Chrome anterior a 38.0.2125.101 no valida debidamente las dimensiones de los datos de imágenes, lo que permite a ... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-125: Out-of-bounds Read CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 3%CPEs: 233EXPL: 0CVE-2014-1568 – nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73)
https://notcve.org/view.php?id=CVE-2014-1568
25 Sep 2014 — Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof ... • http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html • CWE-310: Cryptographic Issues CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.1EPSS: 0%CPEs: 82EXPL: 0CVE-2014-3172 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3172
27 Aug 2014 — The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL. La Api de extensión Debugger en browser/extensions/api/debugger/debugger_api.cc en Google Chrome anterior a 37.0.2062.94 no valida la URL de una pestaña antes de una operación de adjuntar, l... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 82EXPL: 0CVE-2014-3175 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3175
27 Aug 2014 — Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 37.0.2062.94 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html •
CVSS: 10.0EPSS: 6%CPEs: 82EXPL: 0CVE-2014-3176 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3176
27 Aug 2014 — Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177. Google Chrome anterior a 37.0.2062.94 no maneja debidamente la interacción de las extensiones, IPC, la API sync y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 6%CPEs: 82EXPL: 0CVE-2014-3177 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3177
27 Aug 2014 — Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176. Google Chrome anterior a 37.0.2062.94 no maneja debidamente la interacción de las extensiones, IPC, la API sync, y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 3%CPEs: 85EXPL: 0CVE-2014-3169 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3169
27 Aug 2014 — Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal. Vulnerabilidad de uso después de liberación en core/dom/ContainerNode.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 37.0.2062.94, permite a atacantes remotos causar ... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html •
CVSS: 7.5EPSS: 0%CPEs: 82EXPL: 0CVE-2014-3170 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3170
27 Aug 2014 — extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character. extensions/common/url_pattern.cc en Google Chrome anterior a 37.0.2062.94 no previene el uso de un caracter '\0' en un nombre de anfitrión, lo que permite a atacantes remotos falsificar el dialogo del permiso de extensión mediante la dependencia en el truncado despué... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html • CWE-264: Permissions, Privileges, and Access Controls •