Page 481 of 3368 results (0.020 seconds)

CVSS: 10.0EPSS: 6%CPEs: 82EXPL: 0

Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177. Google Chrome anterior a 37.0.2062.94 no maneja debidamente la interacción de las extensiones, IPC, la API sync y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-3177. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69404 http://www.securitytracker.com/id/1030767 https://crbug.com/386988 https://exchange.xforce.ibmcloud.com/vulnerabilities/95476 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 6%CPEs: 82EXPL: 0

Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176. Google Chrome anterior a 37.0.2062.94 no maneja debidamente la interacción de las extensiones, IPC, la API sync, y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-3176. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69404 http://www.securitytracker.com/id/1030767 https://crbug.com/386988 https://exchange.xforce.ibmcloud.com/vulnerabilities/95477 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 120EXPL: 0

Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 36.0.1985.143 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html http://secunia.com/advisories/59904 http://secunia.com/advisories/60798 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69203 http://www.securitytracker.com/id/1030732 https://code.google.com/p/chromium/issues/detail?id=400950 https://exchange.xforce.ibmcloud.com/vulnerabilities/95249 •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names. La implementación Public Key Pinning (PKP) en Google Chrome anterior a 36.0.1985.143 en Windows, OS X, y Linux, y anterior a 36.0.1985.135 en Android, no considera correctamente las propiedades de las conexiones SPDY, lo que permite a atacantes remotos obtener información sensible mediante el aprovechamiento del uso de múltiples nombres de dominios. • http://googlechromereleases.blogspot.com/2014/08/chrome-for-android-update.html http://googlechromereleases.blogspot.com/2014/08/chrome-for-ios-update.html http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html http://secunia.com/advisories/59693 http://secunia.com/advisories/59904 http://secunia.com/advisories/60685 http://secunia.com/advisories/60798 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.ietf.or •

CVSS: 7.5EPSS: 1%CPEs: 120EXPL: 0

Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. Vulnerabilidad de uso después de liberación en modules/websockets/WorkerThreadableWebSocketChannel.cpp en la implementación Web Sockets en Blink, utilizado en Google Chrome anterior a 36.0.1985.143, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto a través de vectores que provocan un tiempo de vida inesperadamente largo de un objeto temporal durante el completado del método. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html http://secunia.com/advisories/59904 http://secunia.com/advisories/60798 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69201 http://www.securitytracker.com/id/1030732 https://code.google.com/p/chromium/issues/detail?id=390174 https://exchange.xforce.ibmcloud.com/vulnerabilities/95247 https://src.chromium.org/viewvc/blink?revisio •