CVSS: 4.3EPSS: 4%CPEs: 1EXPL: 2CVE-2008-6997 – Google Chrome 0.2.149.27 - Inspect Element Denial of Service
https://notcve.org/view.php?id=CVE-2008-6997
Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action. Google Chrome v0.2.149.27 permite a atacantes asistidos remotamente causar una denegación de servicio (caída buscador) a través de la etiqueta IMG con un atributo largo src, que deriva en la caída cuando la victima realiza una acción "Inspect Element" • https://www.exploit-db.com/exploits/6386 http://badzmanaois.blogspot.com/2008/09/google-chrome-inspect-element-denial-of.html http://osvdb.org/48260 http://www.securityfocus.com/bid/31038 https://exchange.xforce.ibmcloud.com/vulnerabilities/44941 •
CVSS: 5.0EPSS: 14%CPEs: 1EXPL: 2CVE-2008-6996 – Google Chrome 0.2.149.27 - Automatic File Download
https://notcve.org/view.php?id=CVE-2008-6996
Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that references an executable file, possibly related to the "ask where to save each file before downloading" setting. Google Chrome BETA (v0.2.149.27) no pide confirmacion al usuario antes de descargar un fichero ejecutable, lo cual facilita a atacantes remotos o malware producir una denegacion de servicio (consumo del espacio de disco) o explotar otras vulnerabilidades a traves de una URL que haga referencia a un fichero ejecutable, posiblemente relacionado con la caracteristica "preguntar donde guardar antes de iniciar descarga" • https://www.exploit-db.com/exploits/6355 http://codereview.chromium.org/472/diff/1/2 http://src.chromium.org/viewvc/chrome?view=rev&revision=1793 http://www.osvdb.org/48261 http://www.securityfocus.com/archive/1/495942/100/0/threaded http://www.securityfocus.com/archive/1/495951/100/100/threaded http://www.securityfocus.com/archive/1/495954/100/100/threaded http://www.securityfocus.com/archive/1/495959/100/100/threaded http://www.securityfocus.com/archive/1/495987&# •
CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-2416 – mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
https://notcve.org/view.php?id=CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Múltiples vulnerabilidades de uso anterior a la liberación en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto producir una denegación de servicio (caída de aplicación) a través de una ,manipulación de (1) una notación o (2) tipos de atributo de enumeración en un fichero XML como se demostró en Codenomicon XML fuzzing framework. • http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://secunia.com/advisories/35036 http://secunia.com/advisories/36207 http://secunia.com/advisories/36338 http://secunia • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2009-2578
https://notcve.org/view.php?id=CVE-2009-2578
Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. Google Chrome v2.x a 2.0.172 permite a atacantes remotos causar una denegación de servicios (caída de aplicación)a través de un argumento de cadena de caracteres Unicode larga para el método de escritura, siendo un asunto relacionado con CVE-2009-2479. • http://websecurity.com.ua/3338 http://www.securityfocus.com/archive/1/505092/100/0/threaded • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 28EXPL: 0CVE-2009-2556
https://notcve.org/view.php?id=CVE-2009-2556
Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation. Google Chrome anterior a v2.0.172.37, permite a atacantes remotos el aprovechar el acceso "renderer" para provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código de su elección a través de vectores no especificados que provocan una excesiva reserva de memoria. • http://googlechromereleases.blogspot.com/2009/07/stable-beta-update-bug-fixes.html http://secunia.com/advisories/35844 http://www.securityfocus.com/bid/35723 http://www.vupen.com/english/advisories/2009/1924 https://exchange.xforce.ibmcloud.com/vulnerabilities/51802 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •