Page 498 of 3367 results (0.067 seconds)

CVSS: 6.8EPSS: 1%CPEs: 58EXPL: 0

CVE-2013-6634

https://notcve.org/view.php?id=CVE-2013-6634

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code. La función OneclickSigninHelper::ShowInfoBarIfPossible en browser/ui/sync/one_click_signin_helper.cc en Google Chrome anteriores a 31.0.1650.63 utiliza una URL incorrecta durante validación del reino (realm), lo cual permite a atacantes efectuar ataques de fijación de sesión y secuestro de sesiones web mediante sincronizaciones inadecuadas después de un status code HTTP de 302 (también conocido como "Found"). • http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://secunia.com/advisories/56217 http://www.debian.org/security/2013/dsa-2811 http://www.securitytracker.com/id/1029442 https://code.google.com/p/chromium/issues/detail?id=307159 https://src.chromium.org/viewvc/chro • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0

CVE-2013-6637

https://notcve.org/view.php?id=CVE-2013-6637

Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades en Google Chrome anterior a la versión 31.0.1650.63 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://secunia.com/advisories/56217 http://www.debian.org/security/2013/dsa-2811 http://www.securitytracker.com/id/1029442 https://code.google.com/p/chromium/issues/detail?id=300892 https://code.google.com/p/chromium&# •

CVSS: 7.5EPSS: 2%CPEs: 83EXPL: 0

CVE-2013-6638

https://notcve.org/view.php?id=CVE-2013-6638

Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runtime_TypedArrayInitialize and (2) Runtime_TypedArrayInitializeFromArrayLike functions. Múltiples desbordamientos de buffer en runtime.cc en Google V8 anteriores a 3.22.24.7, como se utiliza en Google Chrome anteriores a 31.0.1650.63, permite a atacantes remotos causar denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que provocan un array tipado grande, relacionado con las funciones (1) Runtime_TypedArrayInitialize y (2) Runtime_TypedArrayInitializeFromArrayLike. • http://code.google.com/p/v8/source/detail?r=17800 http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00122.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00124.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://lists.opensuse.org/opensuse-updates • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 2%CPEs: 58EXPL: 0

CVE-2013-6635

https://notcve.org/view.php?id=CVE-2013-6635

Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing of the DOM tree, related to CompositeEditCommand.cpp and ReplaceSelectionCommand.cpp. Vulnerabilidad de uso después de liberación en la implementación de edición en Blink, como se utiliza en Google Chrome anteriores a 31.0.1650.63, permite a atacantes remotos causar denegación de servicio o posiblemente tener otro impacto no especificado a través de código JavaScript que provoca la eliminación de un nodo durante el proceado del árbol DOM, relacionado con CompositeEditCommand.cpp y ReplaceSelectioncommand.cpp • http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://secunia.com/advisories/56217 http://support.apple.com/kb/HT6145 http://support.apple.com/kb/HT6162 http://support.apple.com/kb/HT6163 http://www.debian.org/security/2013/dsa-2811 http://www.securitytracker&# • CWE-399: Resource Management Errors •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2013-6802

https://notcve.org/view.php?id=CVE-2013-6802

Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632. Google Chrome 31.0 anterior a.1650.57 antes permite a atacantes remotos evitar las restricciones de sandbox aprovechando el acceso a un proceso de render, como se demostró durante una competición Pwn2Own Mobile en PacSec 2013, una vulnerabilidad diferente a CVE-2013 a 6632. • http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.html http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls https://code.google.com/p/chromium/issues/detail?id=319117 https://code.google.com/p/chromium/issues/detail?id=319125 https://exchange.xforce.ibmcloud.com/vulnerabilities/89201 • CWE-264: Permissions, Privileges, and Access Controls •