CVSS: 9.1EPSS: 0%CPEs: 44EXPL: 0CVE-2013-6628
https://notcve.org/view.php?id=CVE-2013-6628
13 Nov 2013 — net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session. net/socket/ssl_client_socket_nss.cc en la implementación TLS de Google Chrome anterior a la versión 31.0.1650.48 no asegura que el certificado del servidor es el mismo durante la renegociación co... • http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html •
CVSS: 10.0EPSS: 1%CPEs: 44EXPL: 0CVE-2013-2931
https://notcve.org/view.php?id=CVE-2013-2931
13 Nov 2013 — Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anteriores a 31.0.1650.48 permiten a atacantes ejecutar código arbitrario o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html •
CVSS: 10.0EPSS: 2%CPEs: 21EXPL: 0CVE-2013-6629 – libjpeg: information leak (read of uninitialized memory)
https://notcve.org/view.php?id=CVE-2013-6629
12 Nov 2013 — The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. La función get_sos de jdmarker.c en libjpeg 6b y libjpeg-turbo hasta la versión 1.3.... • http://advisories.mageia.org/MGASA-2013-0333.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-456: Missing Initialization of a Variable •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2013-6630 – libjpeg: information leak (read of uninitialized memory)
https://notcve.org/view.php?id=CVE-2013-6630
12 Nov 2013 — The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. La función get_dht en jdmarker.c en libjpeg-turbo hasta la versión 1.3.0, tal y como se usa en Google Chrome ante... • http://advisories.mageia.org/MGASA-2013-0333.html • CWE-189: Numeric Errors CWE-456: Missing Initialization of a Variable •
CVSS: 9.8EPSS: 2%CPEs: 74EXPL: 0CVE-2013-2925
https://notcve.org/view.php?id=CVE-2013-2925
16 Oct 2013 — Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object. Vulnerabilidad de uso después de liberación en core/xml/XMLHttpRequest.cpp de Blink, tal como se usa en Google Chrome anterior a la versión 30.0.1599.101, permite a atacantes remotos provocar una denegación de serv... • http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 2%CPEs: 74EXPL: 0CVE-2013-2926
https://notcve.org/view.php?id=CVE-2013-2926
16 Oct 2013 — Use-after-free vulnerability in the IndentOutdentCommand::tryIndentingAsListItem function in core/editing/IndentOutdentCommand.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to list elements. Vulnerabilidad de uso después de liberación en la función IndentOutdentCommand::tryIndentingAsListItem en core/editing/IndentOutdentCommand.cpp de Blink, tal como se usa en Goog... • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 2%CPEs: 79EXPL: 0CVE-2013-2927
https://notcve.org/view.php?id=CVE-2013-2927
16 Oct 2013 — Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements. Vulnerabilidad de uso después de liberación en la función HTMLFormElement::prepareForSubmission en core/html/HTMLFormElement.cpp de Blink, tal como se usa en Google Chrome anterior a la versi... • http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 74EXPL: 0CVE-2013-2928
https://notcve.org/view.php?id=CVE-2013-2928
16 Oct 2013 — Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades sin especificar en Google Chrome anterior a la versión 30.0.1599.101 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html •
CVSS: 8.8EPSS: 1%CPEs: 59EXPL: 0CVE-2013-2906
https://notcve.org/view.php?id=CVE-2013-2906
02 Oct 2013 — Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp. Condiciones de carrera múltiple en la implementación Web Audio en Blink, tal como se utiliza en Google Chrome... • http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 1%CPEs: 59EXPL: 0CVE-2013-2907
https://notcve.org/view.php?id=CVE-2013-2907
02 Oct 2013 — The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. La implementación del objeto Window.prototype en Google Chrome anterior a 30.0.1599.66 permite a atacantes remotos causar una denegación de servicio (lectura fuera de límites) a través de vectores sin especificar. • http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •