Page 5 of 36 results (0.362 seconds)

CVSS: 6.8EPSS: 1%CPEs: 101EXPL: 0

libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. libxml2 v2.9.0-rc1 y anteriores, tal como se utiliza en Google Chrome antes de v21.0.1180.89, no admite correctamente un conversión de una variable no especificada durante la manipulación de las transformaciones XSL, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto desconocido a través de un documento diseñado para tal fin. Se trata de un problema relacionado con la estructura de datos _xmlNs en include/libxml/tree.h. • http://code.google.com/p/chromium/issues/detail?id=138673 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html http://secunia.com/advisories/50838 http://secunia.com/advisories/54886 http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libx • CWE-122: Heap-based Buffer Overflow •

CVSS: 10.0EPSS: 5%CPEs: 38EXPL: 0

Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow." Mesa, tal y como se utiliza en Google Chrome v21.0.1183.0 en las plataformas AC700 Acer, Cr-48, y Samsung Chromebook Series 5 y 5 550, y el Samsung Chromebox Serie v3, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados que desencadenan un "desbordamiento de array". • http://code.google.com/p/chromium/issues/detail?id=141901 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update-for-chrome-os.html http://secunia.com/advisories/51215 http://www.mandriva.com/security/advisories?name=MDVSA-2013:103 http://www.ubuntu.com/usn/USN-1623-1 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0264 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 0%CPEs: 54EXPL: 0

Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. Vulnerabilidad de uso después de liberación (use-after-free) en la funcionalidad PDF en Google Chrome anterior a v21.0.1180.57 en Mac OS X y Linux, y, anterior a v21.0.1180.60 en Windows y Chrome Frame permite a atacantes remotos causar una denegación de servicio o conseguir otro impacto no especificado a través de un documento modificado. • http://code.google.com/p/chromium/issues/detail?id=134888 http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15038 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 54EXPL: 0

The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site. La implementación de arrastrar y soltar en Google Chrome anterior a v21.0.1180.57 en Mac OS X y Linux, y anterior a v21.0.1180.60 en Windows y Chrome Frame, permite a usuarios asistidos por un atacante remoto evitar las restricciones de acceso a archivos a través de un sitio web manipulado. • http://code.google.com/p/chromium/issues/detail?id=127525 http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15658 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 54EXPL: 0

Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process. Google Chrome anterior a v21.0.1180.57 en Mac OS X y Linux, y anterior a v21.0.1180.60 en Windows y Chrome Frame, permite a atacantes remotos obtener información potencialmente sensible acerca de los valores del puntero, aprovechando el acceso a un proceso de render WebUI. • http://code.google.com/p/chromium/issues/detail?id=134519 http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15698 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •