CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2014-7926 – ICU: regexp engine incorrect handling of a zero length quantifier
https://notcve.org/view.php?id=CVE-2014-7926
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier. El paquete Regular Expressions en International Components for Unicode (ICU) 52 anterior a la versión SVN 292944, como es usado en Google Chrome anterior a la versión 40.0.2214.91, permite a los atacantes remotos generar una Denegación de Servicio (corrupción de la memoria) o posiblemente tener otros impactos no especificados por medio de vectores relacionados con un cuantificador zero-length. • http://advisories.mageia.org/MGASA-2015-0047.html http://bugs.icu-project.org/trac/ticket/11369 http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.oracle.com/technetwork/t • CWE-17: DEPRECATED: Code CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2014-7942 – chromium-browser: uninitialized-value in Fonts
https://notcve.org/view.php?id=CVE-2014-7942
The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. La implementación Fuentes en Google Chrome anterior a 40.0.2214.91 no inicializa la memoria para una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio o la posibilidad de tener otro impacto sin especificar a través de vectores no conocidos • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 http://www.ubuntu.com/usn/USN-2476-1 https:/& • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2014-7939 – chromium-browser: same-origin-bypass in V8
https://notcve.org/view.php?id=CVE-2014-7939
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header. Google Chrome anterior aq 40.0.2214.91, cuando el proxy Harmony en Google V8 está habilitado, permite a atacantes remotos evadir Same Origin Policy a través de código JavaScript manipulado con llamadas Proxy.create y console.log, relacionado con respuestas HTTP a que les falta una cabecera'X-Content-Type-Options: nosniff'. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 https://code.google.com/p/chromium/issues/detail?id=399951 https://access.redhat.com/ • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2014-7923 – ICU: regexp engine missing look-behind expression range check
https://notcve.org/view.php?id=CVE-2014-7923
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression. El paquete Regular Expressions en International Components for Unicode (ICU) 52 anterior a la versión SVN 292944, como es usada en Google Chrome anterior a la versión 40.0.2214.91, permite a los atacantes remotos generar una Denegación de Servicio (corrupción de la memoria) o posiblemente tener otros impactos no especificados por medio de vectores relacionados con una expresión look-behind. • http://advisories.mageia.org/MGASA-2015-0047.html http://bugs.icu-project.org/trac/ticket/11370 http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.oracle.com/technetwork/t • CWE-17: DEPRECATED: Code CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 7%CPEs: 6EXPL: 0CVE-2014-8158 – jasper: unrestricted stack memory use in jpc_qmfb.c (oCERT-2015-001)
https://notcve.org/view.php?id=CVE-2014-8158
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. Múltiples desbordamientos de buffer basado en pila en jpc_qmfb.c en JasPer 1.900.1 y anteriores permiten a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una imagen JPEG 2000 manipulada. An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. • http://advisories.mageia.org/MGASA-2015-0038.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00014.html http://rhn.redhat.com/errata/RHSA-2015-0074.html http://rhn.redhat.com/errata/RHSA-2015-0698.html http://secunia.com/advisories/62583 http://secunia.com/advisories/62615 http://secunia.com/advisories/62619 http://secunia.com/advisories/62765 http://www.debian.org/security/2015/dsa-3138 http://www.mandriva.com/security/advisories?name=MDVSA-2015:034 http:/&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •