Page 587 of 3367 results (0.012 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. Google V8, que se utiliza en Google Chrome anterior a v14.0.835.163, no aplica correctamente envoltorios de escritura de objetos, que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente tener un impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=76771 http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14336 •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 2

Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." ** CONTROVERTIDO ** Vulnerabilidad de ruta de búsqueda no confiable de Mozilla Network Security Services (NSS), que se utiliza en Google Chrome anterior a v17 en Windows y Mac OS X, puede permitir a usuarios locales conseguir privilegios a través de un archivo troyano pkcs11.txt en un directorio de alto nivel. NOTA: La respuesta del vendedor fue " comportamiento extraño, pero no estamos tratando esto como un fallo de seguridad" • http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html http://code.google.com/p/chromium/issues/detail?id=97426 http://securityreason.com/securityalert/8483 https://bugzilla.mozilla.org/show_bug.cgi?id=641052 https://hermes.opensuse.org/messages/13154861 https://hermes.opensuse.org/messages/13155432 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414 • CWE-426: Untrusted Search Path •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. Google Chrome en versiones anteriores a la 15.0.874.102 no maneja apropiadamente javascript: URLs, lo que permite a atacantes remotos evitar las restricciones previstas de acceso y leer cookies a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=98407 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/48288 http://secunia.com/advisories/48377 http://www.securitytracker.com/id?1026774 https://exchange.xforce.ibmcloud.com/vulnerabilities/70965 https://oval.cisecurity.org/repository/search/d • CWE-565: Reliance on Cookies without Validation and Integrity Checking •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. Google Chrome antes de v15.0.874.102 no maneja adecuadamente los datos del historial, lo que permite a atacantes remotos asistidos por el usuario falsificar la barra de URL a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=86758 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5400 http://support.apple.com/kb/HT5503 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13044 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0

Google V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-of-bounds write operations. Google V8, tal como se utiliza en Google Chrome en versiones anteriores a la 15.0.874.102, permite a atacantes remotos provocar una denegación de servicio o posiblemente realizar otras acciones sin especificar a través de código JavaScript modificado que provoca operaciones de escritura fuera de los límites. • http://code.google.com/p/chromium/issues/detail?id=98773 http://code.google.com/p/chromium/issues/detail?id=99167 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html https://exchange.xforce.ibmcloud.com/vulnerabilities/70964 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13201 • CWE-20: Improper Input Validation •