Page 586 of 3368 results (0.017 seconds)

CVSS: 7.5EPSS: 10%CPEs: 4EXPL: 0

Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing. Vulnerabilidad de uso después de liberación en Google Chrome anteriores a v15.0.874.120 permite al atacante remoto asistido por el usario provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con la edición. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the library attempts to replace a particular element due to an HTML5 ContentEditable command. Due to the library not accommodating for DOM mutation events that can be made to occur, an aggressor can modify the tree out from underneath the library, leading to a type change. • http://code.google.com/p/chromium/issues/detail?id=102242 http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/46933 http://secunia.com/advisories/48274 http://secunia.com/advisories/48288 http://secunia.com/advisories/4 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0

Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream. Vulnerabilidad de doble liberación en el decodificador de Theora en Google Chrome anterior a v15.0.874.120 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de una cadena manipulada. • http://code.google.com/p/chromium/issues/detail?id=100465 http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html http://secunia.com/advisories/46933 http://secunia.com/advisories/49089 http://www.debian.org/security/2012/dsa-2471 http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 http://www.mandriva.com/security/advisories?name=MDVSA-2012:076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14484 • CWE-415: Double Free •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet. Google Chrome anterior a v15.0.874.120, cuando se usa Java Runtime Environment (JRE) 7, no pide confirmación al usuario antes de la ejecución de que el applet se inicie, lo que permite a atacantes remotos tener un impacto no especificado a través de un applet diseñado para ello. • http://code.google.com/p/chromium/issues/detail?id=102461 http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html http://secunia.com/advisories/46933 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14266 • CWE-269: Improper Privilege Management •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Google Chrome anterior a v15.0.874.120 no implementa correctamente el MKV y los gestores Vorbis, lo que permite a atacantes remotos provocar una denegación de servicio (leer fuera del límite) a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=100492 http://code.google.com/p/chromium/issues/detail?id=100543 http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html http://secunia.com/advisories/46933 http://secunia.com/advisories/49089 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14267 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Buffer overflow in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to shader variable mapping. Desbordamiento de búfer en Google Chrome anterior a v15.0.874.120 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con el sombreado de la cartografía variable. • http://code.google.com/p/chromium/issues/detail?id=101624 http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html http://secunia.com/advisories/46933 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14423 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •