CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1707
https://notcve.org/view.php?id=CVE-2014-1707
Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors. Vulnerabilidad de salto de directorio en CrosDisks en Google Chrome OS anterior a 33.0.1750.152 tiene vectores de impacto y ataque no especificados. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html https://code.google.com/p/chromium/issues/detail?id=351811 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1710
https://notcve.org/view.php?id=CVE-2014-1710
The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain position is within the bounds of a shared-memory segment, which allows remote attackers to cause a denial of service (GPU command-buffer memory corruption) or possibly have unspecified other impact via unknown vectors. La función AsyncPixelTransfersCompletedQuery::End en gpu/command_buffer/service/query_manager.cc en Google Chrome, utilizado en Google Chrome OS anterior a 33.0.1750.152, no comprueba si cierta posición está dentro de los límites de un segmento de memoria compartida, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de memoria de comando de buffer de GPU) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html https://code.google.com/p/chromium/issues/detail?id=351852 https://src.chromium.org/viewvc/chrome?revision=256723&view=revision https://src.chromium.org/viewvc/chrome?revision=256918&view=revision • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 88EXPL: 0CVE-2013-2866
https://notcve.org/view.php?id=CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property. El plugin Flash en Google Chrome anterior 27.0.1453.116 no determinar correctamente si un usuario desea autorizar el acceso de una aplicación Flash a la cámara o micrófono, que permite a atacantes remotos obtener información sensible del entorno físico de una máquina a través de ataques de clickjacking, como se demuestra por un ataque con una hoja de estilos (CSS) modificada en la propiedad de opacidad. • http://googlechromereleases.blogspot.com/2013/06/stable-channel-update-for-chrome-os.html http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_18.html http://habrahabr.ru/post/182706 https://code.google.com/p/chromium/issues/detail?id=249335 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16693 https://src.chromium.org/viewvc/chrome?revision=206188&view=revision • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 54EXPL: 0CVE-2013-2832
https://notcve.org/view.php?id=CVE-2013-2832
The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote attackers to obtain sensitive information via unspecified vectors. La función Buffer::Set en core/cross/buffer.cc en el plug-in O3D en Google Chrome OS anterior a v26.0.1410.57 no impide que los datos no inicializados permanezcan en un búfer, pudiendo permitir a atacantes remotos obtener información sensible a través vectores no especificados. • http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git%3Ba=commit%3Bh=9181705680e1f53fd1e895ebe84c1b7f18c5c380 http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html https://code.google.com/p/chromium/issues/detail?id=227197 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 54EXPL: 0CVE-2013-2833
https://notcve.org/view.php?id=CVE-2013-2833
Use-after-free vulnerability in the O3D plug-in in Google Chrome OS before 26.0.1410.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper management of ownership relationships involving Elements and DrawElements. Vulnerabilidad usar-despues-de-liberar en el plug-in 03D en Google Chrome OS anterior a v26.0.1410.57 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado mediante vectores relacionados con el manejo inadecuado de las relaciones de propiedad comprenden Elements y DrawElements. • http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git%3Ba=commit%3Bh=9181705680e1f53fd1e895ebe84c1b7f18c5c380 http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html https://code.google.com/p/chromium/issues/detail?id=227181 • CWE-399: Resource Management Errors •