Page 476 of 2385 results (0.009 seconds)

CVSS: 6.4EPSS: 0%CPEs: 82EXPL: 0

CVE-2014-3170

https://notcve.org/view.php?id=CVE-2014-3170

extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character. extensions/common/url_pattern.cc en Google Chrome anterior a 37.0.2062.94 no previene el uso de un caracter '\0' en un nombre de anfitrión, lo que permite a atacantes remotos falsificar el dialogo del permiso de extensión mediante la dependencia en el truncado después de este caracter. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69400 http://www.securitytracker.com/id/1030767 https://crbug.com/390624 https://exchange.xforce.ibmcloud.com/vulnerabilities/95470 htt • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 3%CPEs: 85EXPL: 0

CVE-2014-3169

https://notcve.org/view.php?id=CVE-2014-3169

Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal. Vulnerabilidad de uso después de liberación en core/dom/ContainerNode.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 37.0.2062.94, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento de la ejecución de secuencias de comandos que ocurre antes de una notificación de la eliminación de nodos. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/60424 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69405 http://www.securitytracker.com/id/1030767 https://crbug.com/387389 https://exchange. •

CVSS: 7.5EPSS: 2%CPEs: 85EXPL: 0

CVE-2014-3168

https://notcve.org/view.php?id=CVE-2014-3168

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation. Vulnerabilidad de uso después de liberación en la implementación SVG en Blink, utilizado en Google Chrome anterior a 37.0.2062.94, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento del cacheo indebido asociado con la animación. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/60424 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69398 http://www.securitytracker.com/id/1030767 https://crbug.com/369860 https://exchange. •

CVSS: 7.5EPSS: 1%CPEs: 82EXPL: 0

CVE-2014-3171

https://notcve.org/view.php?id=CVE-2014-3171

Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp. Vulnerabilidad de uso después de liberación en los enlaces V8 en Blink, utilizado en Google Chrome anterior a 37.0.2062.94, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento del uso indebido de operaciones de añadir HashMap en lugar de operaciones de configurar HashMap, relacionado con bindings/core/v8/DOMWrapperMap.h y bindings/core/v8/SerializedScriptValue.cpp. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/60424 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69406 http://www.securitytracker.com/id/1030767 https://crbug.com/390928 https://exchange. •

CVSS: 5.0EPSS: 1%CPEs: 82EXPL: 0

CVE-2014-3173

https://notcve.org/view.php?id=CVE-2014-3173

The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc. La implementación WebGL en Google Chrome anterior a 37.0.2062.94 no asegura que llamadas claras interactúan debidamente con el estado de un buffer de dibujo, lo que permite a atacantes remotos causar una denegación de servicio (lectura de memoria no inicializada) a través de un elemento CANVAS manipulado, relacionado con gpu/command_buffer/service/framebuffer_manager.cc y gpu/command_buffer/service/gles2_cmd_decoder.cc. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/60424 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69403 http://www.securitytracker.com/id/1030767 https://crbug.com/376951 https://exchange. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •