CVSS: 10.0EPSS: 2%CPEs: 31EXPL: 0CVE-2015-0358 – flash-plugin: multiple code execution issues fixed in APSB15-06
https://notcve.org/view.php?id=CVE-2015-0358
14 Apr 2015 — Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-3039. Vulnerabilidad de uso después de liberación en Adobe Flash Player anterior a 13.0.0.281 y 14.x hasta 17.x anterior a 17.0.0.169 en Windows y OS X y anterior a 11.2.202.457 en Linux permite a atacantes e... • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html •
CVSS: 10.0EPSS: 8%CPEs: 31EXPL: 0CVE-2015-0360 – flash-plugin: multiple code execution issues fixed in APSB15-06
https://notcve.org/view.php?id=CVE-2015-0360
14 Apr 2015 — Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. Adobe Flash Player anterior a 13.0.0.281 y 14.x hasta 17.x anterior a 17.0.0.169... • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html •
CVSS: 10.0EPSS: 48%CPEs: 160EXPL: 0CVE-2015-2808 – SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
https://notcve.org/view.php?id=CVE-2015-2808
01 Apr 2015 — The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. El algoritmo RC4, utilizado en el protocolo TLS y el prot... • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-1229 – chromium-browser: Cookie injection in proxies
https://notcve.org/view.php?id=CVE-2015-1229
05 Mar 2015 — net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. net/http/proxy_client_socket.cc en Google Chrome anterior a 41.0.2272.76 no maneja correctamente un código de estatus HTTP 407 (también conocido como Proxy Authentication Required) acompañado de una cabecera Set-Cookie, lo que pe... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1216 – chromium-browser: Use-after-free in v8 bindings
https://notcve.org/view.php?id=CVE-2015-1216
05 Mar 2015 — Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment. Vulnerabilidad de uso después de liberación en la función V8Window::namedPropertyGetterCustom en bindings/core/v8/custom/V8WindowCustom.cpp en los enlaces V8 en Blink, ut... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1214 – chromium-browser: Out-of-bounds write in skia filters
https://notcve.org/view.php?id=CVE-2015-1214
05 Mar 2015 — Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation. Desbordamiento de enteros en la implementación SkAutoSTArray en include/core/SkTemplates.h en la implementación de filtrado en Skia, utili... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1217 – chromium-browser: Type confusion in v8 bindings
https://notcve.org/view.php?id=CVE-2015-1217
05 Mar 2015 — The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." La función V8LazyEventListener::prepareListenerObject en bindings/core/v8/V8LazyEventListener.cpp en los enlaces V8 en Blink, utilizado en Google Chrome an... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-17: DEPRECATED: Code CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1228 – chromium-browser: Uninitialized value in rendering
https://notcve.org/view.php?id=CVE-2015-1228
05 Mar 2015 — The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence. La función RenderCounter::updateCounter en core/rendering/RenderCounter.cpp en Blink, utilizado ... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1218 – chromium-browser: Use-after-free in dom
https://notcve.org/view.php?id=CVE-2015-1218
05 Mar 2015 — Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents, related to (1) the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp and (2) the SVGScriptElement::didMoveToNewDocument function in core/svg/SVGScriptElement.cpp. Múltiples vulnerabili... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1215 – chromium-browser: Out-of-bounds write in skia filters
https://notcve.org/view.php?id=CVE-2015-1215
05 Mar 2015 — The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation. La implementación de filtrado en Skia, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que provocan una operación de escritura fuera de ran... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •