Page 27 of 263 results (0.010 seconds)

CVSS: 7.5EPSS: 2%CPEs: 9EXPL: 1

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process. Vulnerabilidad de uso despues de liberación en la implementación de Web WOrkers en Google Chrome anteriores a 32.0.1700.76 en Windows y anteriores a 32.0.1700.77 en Mac OS X y Linux permite a atacantes remotos causar una denegación de servicio o posiblemente tener otroimpacto no especificado a través de vectores relacionados con la terminación de un proceso worker. • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html http://www.debian.org/security/2014/dsa-2862 https://code.google.com/p/chromium/issues/detail?id=249502 https://src.chromium.org/viewvc/chrome?revision=233099&view=revision https://src.chromium.org/viewvc/chrome?revision=233367&view=revision • CWE-416: Use After Free •

CVSS: 6.8EPSS: 1%CPEs: 9EXPL: 1

Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element. Vulnerabilidad de uso despues de liberación en la función OnWindowRemovingFromRootWindow de content/browser/web_contents/web_contents_view_aura.cc en Google Chrome anteriores a 32.0.1700.76 en Windows y anteriores a 32.0.1700.77 en Mac OS X y Linux permite a atacantes remotos asistidos por usuario causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que involucran ciertas acciones de imprimir previsualización o cambio de pestaña que interactuan con un elemento de speech input • http://code.google.com/p/chromium/issues/detail?id=320183 http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html http://www.debian.org/security/2014/dsa-2862 https://code.google.com/p/chromium/issues/detail?id=318791 https://src.chromium.org/viewvc/chrome?revision=235302&view=revision • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1

The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. La función OneClickSigninBubbleView::WindowClosing en browser/ui/views/sync/one_click_signin_bubble_view.cc en Google Chrome anteriores a 32.0.1700.78 en Windows y anteriores a 32.0.1700.77 en Mac OS X y Linux permite a atacantes disparar una sincronización con una cuenta Google arbitraria aprovechando el manejo impropio del cerrado de un dialogo de confirmación de acceso no confiable. • http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html http://www.debian.org/security/2014/dsa-2862 https://code.google.com/p/chromium/issues/detail?id=321940 https://src.chromium.org/viewvc/chrome?revision=237115&view=revision • CWE-287: Improper Authentication •

CVSS: 2.6EPSS: 1%CPEs: 16EXPL: 0

Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. Desbordamiento de búfer en srtp.c en libsrtp en srtp 1.4.5 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores relacionados con una inconsistencia en la longitud de las funciones crypto_policy_set_from_profile_for_rtp y srtp_protect. • http://advisories.mageia.org/MGASA-2014-0465.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html http://lwn.net/Articles/579633 http://seclists.org/fulldisclosure/2013/Jun/10 http://www.debian.org/security/2014/dsa-2840 http://www.mandriva.com/security/advisories?name=MDVSA-2014:219 http://www.osvdb.org/93852 https://bugzilla.redhat.com/show_bug.cgi?id=970697 https://github.com/cisco/libs • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.4EPSS: 0%CPEs: 9EXPL: 0

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Underflow de entero en la macro xTrapezoidValid en render/picture.h de X.Org permite a atacantes dependientes de contexto causar una denegación de servicio (crash) a través de un valor mínimo negativo . • http://lists.opensuse.org/opensuse-updates/2013-12/msg00127.html http://lists.x.org/archives/xorg-devel/2013-October/037996.html http://rhn.redhat.com/errata/RHSA-2013-1868.html http://www.debian.org/security/2013/dsa-2822 http://www.openwall.com/lists/oss-security/2013/12/03/8 http://www.openwall.com/lists/oss-security/2013/12/04/8 http://www.ubuntu.com/usn/USN-2500-1 https://bugs.freedesktop.org/show_bug.cgi?id=67484 https://bugs.launchpad.net/ubuntu&# • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •