NotCVE - vendor:"Google" product:"Chrome" version:" <= 54.0.2840.99"

Page 671 of 3367 results (0.015 seconds)

CVSS: 9.3EPSS: 0%CPEs: 24EXPL: 1

CVE-2009-2121

https://notcve.org/view.php?id=CVE-2009-2121

Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted response. Desbordamiento de búfer en el núcleo del navegador en Google Chrome en versiones anteriores a la v2.0.172.33 permite a los servidores HTTP remotos causar una denegación de servicio (mediante caida de la aplicación) o posiblemente ejecutar código arbitrario a través de una respuesta HTTP modificada. • http://code.google.com/p/chromium/issues/detail?id=14508 http://googlechromereleases.blogspot.com/2009/06/stable-beta-update-security-fix.html http://osvdb.org/55278 http://secunia.com/advisories/35548 http://www.securityfocus.com/bid/35462 http://www.securitytracker.com/id?1022429 http://www.vupen.com/english/advisories/2009/1656 https://exchange.xforce.ibmcloud.com/vulnerabilities/51307 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.8EPSS: 0%CPEs: 16EXPL: 0

CVE-2009-2060

https://notcve.org/view.php?id=CVE-2009-2060

src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. src/net/http/http_transaction_winhttp.cc en Google Chrome anteriores a v1.0.154.53 utiliza una cabecera Host HTTP para determinar el contexto de un documento proporcionado en una respuesta de CONEXIÓN (1) 4xx o (2) 5xx desde un servidor proxy, lo que permite a los atacantes "hombre en el medio" ejecutar arbitrariamente una secuencia de comando web modificando esta respuesta de CONEXIÓN, también conocida como un ataque "forzado SSL" • http://code.google.com/p/chromium/issues/detail?id=7338 http://code.google.com/p/chromium/issues/detail?id=8473 http://research.microsoft.com/apps/pubs/default.aspx?id=79323 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes/releasenotes1015453 http://src.chromium.org/viewvc/chrome/branches/release_154.next/src/net/http/http_transaction_winhttp.cc?r1=11621&r2=11669&pathrev=11669 http:&# • CWE-287: Improper Authentication •

CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0

CVE-2009-2071

https://notcve.org/view.php?id=CVE-2009-2071

Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. Google Chrome anteriores a v1.0.154.53 muestra un certificado cacheado para una página de respuesta de CONEXIÓN (1) 4xx o (2) 5xx a través de un servidor proxy, lo que permite a un atacante "hombre en el medio" suplantar un sitio https permitiendo a un navegador obtener certificados válidos desde este sitio durante una petición, y enviando al navegador una página de respuesta 502 manipulada sobre una subsiguiente petición. • http://code.google.com/p/chromium/issues/detail?id=7338 http://code.google.com/p/chromium/issues/detail?id=8473 http://research.microsoft.com/apps/pubs/default.aspx?id=79323 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes/releasenotes1015453 http://src.chromium.org/viewvc/chrome/branches/release_154.next/src/net/http/http_transaction_winhttp.cc?r1=11621&r2=11669&pathrev=11669 http:&# • CWE-287: Improper Authentication •

CVSS: 9.3EPSS: 5%CPEs: 76EXPL: 1

CVE-2009-1690 – kdelibs: KHTML Incorrect handling <head> element content once the <head> element was removed (DoS, ACE)

https://notcve.org/view.php?id=CVE-2009-1690

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." Una vulnerabilidad de uso de memoria previamente liberada en WebKit, como es usado en Safari de Apple anterior a versión 4.0, iPhone OS versiones 1.0 hasta 2.2.1, iPhone OS para iPod touch versiones 1.1 hasta 2.2.1, Chrome de Google versión 1.0.154.53, y posiblemente otros productos, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) mediante el establecimiento de una propiedad no especificada de una etiqueta HTML que causa que los elementos secundarios se liberen y más adelante se tenga acceso cuando se produce un error HTML, relacionado con "recursion in certain DOM event handlers". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=803 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54990 http://secunia.com/advisories/35379 http://secunia.com/advisories/36057 http://secunia.com/advisories/36062 http://secunia.com/advisories/36790 http://secunia.com/advisories • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 3%CPEs: 22EXPL: 1

CVE-2009-1442

https://notcve.org/view.php?id=CVE-2009-1442

Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas. Múltiples desbodamientos de enteros en Skia, utilizado en Google Chrome v1.x anteriores a v1.0.154.64 y v2.x, y posiblemente Android, debería permitir a los atacantes remotos ejecutar arbitrariamente código en el proceso de renderizado a través de (1) imagenes o (2) canvas manipulados. • http://code.google.com/p/chromium/issues/detail?id=10736 http://code.google.com/p/skia/source/detail?r=159 http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html http://osvdb.org/54248 http://secunia.com/advisories/35014 http://www.securityfocus.com/bid/34859 http://www.securitytracker.com/id?1022175 http://www.vupen.com/english/advisories/2009/1266 • CWE-189: Numeric Errors •

1...669 670 671 672 673