Page 601 of 3368 results (0.021 seconds)

CVSS: 5.8EPSS: 0%CPEs: 59EXPL: 0

Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. Google Chrome en versiones anteriors a la 4.0.211.0 no restringe apropiadamente las modificaciones a las cookies establecidas en las sesiones HTTPS, lo que facilita a atacantes "man-in-the-middle" sobreescribir o borrar cookies arbitrarias a través de una cabecera Set-Cookie en una respuesta HTTP, relacionado con una fallo en la funcionalidad HTTP Strict Transport Security (HSTS) includeSubDomains. También conocido como un problema "cookie forcing". • http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/1148.html http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html https://bugzilla.mozilla.org/show_bug.cgi?id=660053 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media selectors. Vulnerabilidad de tipo "usar después de liberar" en Google Chrome en versiones anteriores a la 13.0.782.107 ermite a atacantes remotos provocar una denegación de servicio o tener otro impacto sin especificar a través de vectores relacionados con selectores de contenido multimedia ("media selectors"). • http://code.google.com/p/chromium/issues/detail?id=87227 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://osvdb.org/74243 https://exchange.xforce.ibmcloud.com/vulnerabilities/68955 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14554 • CWE-416: Use After Free •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension. Google Chrome en versiones anteriores a la 13.0.782.107 no se asegura de que las instalaciones de extensiones son confirmadas por una ventana de diálogo, lo que facilita a atacantes remotos modificar la funcionalidad de una producto a través de una extensión maliciosa que contiene un troyano. • http://code.google.com/p/chromium/issues/detail?id=75821 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://osvdb.org/74228 https://exchange.xforce.ibmcloud.com/vulnerabilities/68940 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14425 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 4%CPEs: 4EXPL: 0

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal. Vulnerabilidad de uso después de liberación en Google Chrome antes de v13.0.782.107 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con la eliminación de flotación. • http://code.google.com/p/chromium/issues/detail?id=87148 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/74242 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb • CWE-416: Use After Free •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to instantiation of the Pepper plug-in. Vulnerabilidad de tipo "usar después de liberar" en Google Chrome en versiones anteriores a la 13.0.782.107 permite a atacantes remotos provocar una denegación de servicio o tener otro impacto sin especificar a través de vectores relacionados con la instanciación del complemento Pepper. • http://code.google.com/p/chromium/issues/detail?id=85808 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://osvdb.org/74239 https://exchange.xforce.ibmcloud.com/vulnerabilities/68951 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14751 • CWE-416: Use After Free •