Page 480 of 2560 results (0.014 seconds)

CVSS: 5.0EPSS: 0%CPEs: 80EXPL: 0

CVE-2014-1746

https://notcve.org/view.php?id=CVE-2014-1746

The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer. La función InMemoryUrlProtocol::Read en media/filters/in_memory_url_protocol.cc en Google Chrome anterior a 35.0.1916.114 depende de un tipo de datos de enteros insuficientemente grande, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de vectores que provocan el uso de un buffer grande. • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html http://secunia.com/advisories/58920 http://secunia.com/advisories/59155 http://secunia.com/advisories/60372 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2939 http://www.securitytracker.com/id/1030270 https://code.google.com/p/chromium/issues/detail?id=364065 https://src.chromium.org/viewvc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 80EXPL: 0

CVE-2014-1749

https://notcve.org/view.php?id=CVE-2014-1749

Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 35.0.1916.114 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html http://secunia.com/advisories/58920 http://secunia.com/advisories/59155 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2939 http://www.securitytracker.com/id/1030270 https://code.google.com/p/chromium/issues/detail?id=374649 •

CVSS: 7.5EPSS: 1%CPEs: 80EXPL: 0

CVE-2014-1743

https://notcve.org/view.php?id=CVE-2014-1743

Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation. Vulnerabilidad de uso después de liberación en la función StyleElement::removedFromDocument en core/dom/StyleElement.cpp en Blink, utilizado en Google Chrome anterior a 35.0.1916.114, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente tener otro impacto no especificado a través de código JavaScript que provoca mutación de árboles. • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html http://secunia.com/advisories/58920 http://secunia.com/advisories/59155 http://secunia.com/advisories/60372 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2939 http://www.securitytracker.com/id/1030270 https://code.google.com/p/chromium/issues/detail?id=356653 https://src.chromium.org/viewvc • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 1%CPEs: 112EXPL: 0

CVE-2014-3152

https://notcve.org/view.php?id=CVE-2014-3152

Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value. Desbordamiento de enteros en la función LCodeGen::PrepareKeyedOperand en arm/lithium-codegen-arm.cc en Google V8 anterior a 3.25.28.16, utilizado en Google Chrome anterior a 35.0.1916.114, permite a atacantes remotos causar una denegación de servicios o posiblemente tener otro impacto no especificado a través de vectores que provocan un valor de clave negativo. • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157338.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157357.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157363.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html http://secunia.com/advisories/58920 http://secunia.com/advisories/59155 http://secunia.com/advisories/60372 http://www.de • CWE-189: Numeric Errors •

CVSS: 4.3EPSS: 2%CPEs: 80EXPL: 2

CVE-2014-3803

https://notcve.org/view.php?id=CVE-2014-3803

The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute. La funcionalidad SpeechInput en Blink, utilizado en Google Chrome anterior a 35.0.1916.114, permite a atacantes remotos habilitar acceso a micrófono y obtener texto de reconocimiento de voz sin indicación a través de un elemento INPUT con un atributo -x-webkit-speech. • http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html http://secunia.com/advisories/60372 http://www.securityfocus.com/bid/67582 https://code.google.com/p/chromium/issues/detail?id=360448 https://src.chromium.org/viewvc/blink?revision=171373&view=revision • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •