CVSS: 5.0EPSS: 5%CPEs: 44EXPL: 1CVE-2013-6627 – Google Chrome < 31.0.1650.48 - HTTP 1xx base::StringTokenizerT<...>::QuickGetNext Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2013-6627
net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response. net/http/http_stream_parser.cc en Google Chrome anterior a la versión 31.0.1650.48 no procesa adecuadamente códigos de estado HTTP Informational (también conocido como 1xx), lo que permite en servidores web remotos provocar una denegación de servicio (lectura fuera de límites) a través de una respuesta manipulada. Chrome suffers from an HTTP 1xx base::String-Tokenizer-T<...>::Quick-Get-Next out of bounds read vulnerability. • https://www.exploit-db.com/exploits/40944 http://blog.skylined.nl/20161219001.html http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://packetstormsecurity.com/files/140209/Chrome-HTTP-1x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 44EXPL: 0CVE-2013-6624
https://notcve.org/view.php?id=CVE-2013-6624
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes. Vulnerabilidad de uso después de liberación en Google Chrome anterior a la versión 31.0.1650.48 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores que involucren los valores de cadena de atributos id. • http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://www.debian.org/security/2013/dsa-2799 https://code.google.com/p/chromium/issues/detail?id=290566 https://oval.cisecurity.org/ • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 2%CPEs: 44EXPL: 0CVE-2013-6623
https://notcve.org/view.php?id=CVE-2013-6623
The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout. La implementación SVG en Blink, tal como se usa en Google Chrome anterior a la versión 31.0.1650.48, permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) mediante el aprovechamiento del uso de la orden de árbol, en lugar de la orden de dependencia transitiva. • http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://www.debian.org/security/2013/dsa-2799 https://code.google.com/p/chromium/issues/detail?id=282925 https://oval.cisecurity.org/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 44EXPL: 0CVE-2013-2931
https://notcve.org/view.php?id=CVE-2013-2931
Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anteriores a 31.0.1650.48 permiten a atacantes ejecutar código arbitrario o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://www.debian.org/security/2013/dsa-2799 https://code.google.com/p/chromium/issues/detail?id=258723 https://code.google.com/p&# •
CVSS: 7.5EPSS: 2%CPEs: 49EXPL: 1CVE-2013-6621
https://notcve.org/view.php?id=CVE-2013-6621
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element. Vulnerabilidad de uso después de liberación en Google Chrome anterior a la versión 31.0.1650.48 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto sin especificar a través de vectores relacionados con el atributo x-webkit-speech en un elemento INPUT. • http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://www.debian.org/security/2013/dsa-2799 https://code.google.com/p/chromium/issues/detail?id=268565 https://oval.cisecurity.org/ • CWE-399: Resource Management Errors •