CVE-2011-3895
https://notcve.org/view.php?id=CVE-2011-3895
Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream. Desbordamiento de búfer basado en memoria dinámica en el decodificador de Vorbis en Google Chrome anterior a v15.0.874.120 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de un stream manipulado. • http://code.google.com/p/chromium/issues/detail?id=101458 http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html http://secunia.com/advisories/46933 http://secunia.com/advisories/49089 http://www.debian.org/security/2012/dsa-2471 http://www.mandriva.com/security/advisories?name=MDVSA-2012:074 http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 http://www.mandriva.com/security/advisories?name=MDVSA-2012:076 https://oval.cisecurity.org/repository/search/de • CWE-787: Out-of-bounds Write •
CVE-2011-2830
https://notcve.org/view.php?id=CVE-2011-2830
Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. Google V8, que se utiliza en Google Chrome anterior a v14.0.835.163, no aplica correctamente envoltorios de escritura de objetos, que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente tener un impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=76771 http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14336 •
CVE-2011-3640
https://notcve.org/view.php?id=CVE-2011-3640
Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." ** CONTROVERTIDO ** Vulnerabilidad de ruta de búsqueda no confiable de Mozilla Network Security Services (NSS), que se utiliza en Google Chrome anterior a v17 en Windows y Mac OS X, puede permitir a usuarios locales conseguir privilegios a través de un archivo troyano pkcs11.txt en un directorio de alto nivel. NOTA: La respuesta del vendedor fue " comportamiento extraño, pero no estamos tratando esto como un fallo de seguridad" • http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html http://code.google.com/p/chromium/issues/detail?id=97426 http://securityreason.com/securityalert/8483 https://bugzilla.mozilla.org/show_bug.cgi?id=641052 https://hermes.opensuse.org/messages/13154861 https://hermes.opensuse.org/messages/13155432 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414 • CWE-426: Untrusted Search Path •
CVE-2011-3887
https://notcve.org/view.php?id=CVE-2011-3887
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. Google Chrome en versiones anteriores a la 15.0.874.102 no maneja apropiadamente javascript: URLs, lo que permite a atacantes remotos evitar las restricciones previstas de acceso y leer cookies a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=98407 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/48288 http://secunia.com/advisories/48377 http://www.securitytracker.com/id?1026774 https://exchange.xforce.ibmcloud.com/vulnerabilities/70965 https://oval.cisecurity.org/repository/search/d • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVE-2011-3886
https://notcve.org/view.php?id=CVE-2011-3886
Google V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-of-bounds write operations. Google V8, tal como se utiliza en Google Chrome en versiones anteriores a la 15.0.874.102, permite a atacantes remotos provocar una denegación de servicio o posiblemente realizar otras acciones sin especificar a través de código JavaScript modificado que provoca operaciones de escritura fuera de los límites. • http://code.google.com/p/chromium/issues/detail?id=98773 http://code.google.com/p/chromium/issues/detail?id=99167 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html https://exchange.xforce.ibmcloud.com/vulnerabilities/70964 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13201 • CWE-20: Improper Input Validation •