CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-1729
https://notcve.org/view.php?id=CVE-2014-1729
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 anterior a 3.24.35.22, utilizado en Google Chrome anterior a 34.0.1847.116, permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2905 https://code.google.com/p/chromium/issues/detail?id=345820 https://code.google.com/p/chromium/issues/detail?id=347262 https://code.google.com/p/chromium/issues/detail?id=348319 https://code.google.com/p/chromium/issues/detail?id=350863 https:&# •
CVSS: 7.5EPSS: 1%CPEs: 107EXPL: 0CVE-2014-1700
https://notcve.org/view.php?id=CVE-2014-1700
Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data structure. Vulnerabilidad de uso después de liberación en modules/speech/SpeechSynthesis.cpp en Blink, utilizado en Google Chrome anterior a 33.0.1750.149, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento de cierta estructura de datos de pronunciación. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2883 http://www.securitytracker.com/id/1029914 https://code.google.com/p/chromium/issues/detail?id=344881 https://src.chromium.org/viewvc/blink?revision=168171&view=revision • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 107EXPL: 0CVE-2014-1701
https://notcve.org/view.php?id=CVE-2014-1701
The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events. La función GenerateFunction en bindings/scripts/code_generator_v8.pm en Blink, utilizado en Google Chrome anterior a 33.0.1750.149, no implementa cierta restricción cross-origin para la función EventTarget::dispatchEvent, lo que permite a atacantes remotos realizar ataques de Universal XSS (UXSS) a través de vectores involucrando eventos. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2883 http://www.securitytracker.com/id/1029914 https://code.google.com/p/chromium/issues/detail?id=342618 https://src.chromium.org/viewvc/blink?revision=166999&view=revision • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 107EXPL: 0CVE-2014-1702
https://notcve.org/view.php?id=CVE-2014-1702
Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of scheduled tasks during shutdown of a thread. Vulnerabilidad de uso después de liberación en la función DatabaseThread::cleanupDatabaseThread en modules/webdatabase/DatabaseThread.cpp en la implementación de base de datos de web en Blink, utilizado en Google Chrome anterior a 33.0.1750.149, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento del manejo indebido de tareas programadas durante el apagado de un hilo. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2883 http://www.securitytracker.com/id/1029914 https://code.google.com/p/chromium/issues/detail?id=333058 https://src.chromium.org/viewvc/blink?revision=168059&view=revision • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 107EXPL: 0CVE-2014-1703
https://notcve.org/view.php?id=CVE-2014-1703
Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case. Vulnerabilidad de uso después de liberación en la función WebSocketDispatcherHost::SendOrDrop en content/browser/renderer_host/websocket_dispatcher_host.cc en la implementación Web Sockets en Google Chrome anterior a 33.0.1750.149 podría permitir a atacantes remotos evadir el mecanismo de protección sandbox mediante el aprovechamiento de una eliminación incorrecta en cierto caso de fallo. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2883 http://www.securitytracker.com/id/1029914 https://code.google.com/p/chromium/issues/detail?id=338354 https://src.chromium.org/viewvc/chrome?revision=247627&view=revision • CWE-399: Resource Management Errors •