CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3195 – v8: information leak fixed in Google Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3195
08 Oct 2014 — Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_Array... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3197 – chromium: information leak in XSS Auditor fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3197
08 Oct 2014 — The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site. La función NavigationScheduler::schedulePageBlock en core/loader/NavigationScheduler.cpp en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, no proporciona debidamente los datos de sustit... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3198 – chromium: OOB reads in PDFium fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3198
08 Oct 2014 — The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. La función Instance::HandleInputEvent en pdf/instance.cc en el componente PDFium en Google Chrome anterior a 38.0.2125.101 interpreta cierto valor -1 como un indice en lugar de un código de error de pági... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3199 – chromium: multiple security fixes in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3199
08 Oct 2014 — The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of service via vectors that trigger stopping a worker process that had been handling an Event object. La función wrap en bindings/core/v8/custom/V8EventCustom.cpp en los enlaces V8 en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, tiene un result... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2014-3200 – chromium: multiple unspecified issues fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3200
08 Oct 2014 — Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificados en Google Chrome anterior a 38.0.2125.101 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. Multiple use-after-free issues were discovered in Blink. If a user were tricked in to opening a specially crafted w... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html •
CVSS: 9.8EPSS: 2%CPEs: 15EXPL: 0CVE-2014-0418 – JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
https://notcve.org/view.php?id=CVE-2014-0418
15 Jan 2014 — Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0424. Vulnerabilidad no especificada en Oracle Java SE 6u65 y 7u45 que permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con el despliegue, una vu... • http://marc.info/?l=bugtraq&m=139402697611681&w=2 •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 0CVE-2013-5904 – JDK: unspecified vulnerability fixed in 7u51 (Deployment)
https://notcve.org/view.php?id=CVE-2013-5904
15 Jan 2014 — Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en Oracle Java SE 7u45 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Deployment. Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. ... • http://marc.info/?l=bugtraq&m=139402697611681&w=2 •
CVSS: 9.8EPSS: 2%CPEs: 17EXPL: 0CVE-2013-5906 – JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install)
https://notcve.org/view.php?id=CVE-2013-5906
15 Jan 2014 — Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5905. Vulnerabilidad no especificada en Oracle Java SE 5.0u55, 6u65 y 7u45 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Install, una vulnerabilidad diferente a CVE-2013-5905. Oracle Java SE ver... • http://marc.info/?l=bugtraq&m=139402697611681&w=2 •
CVSS: 9.1EPSS: 1%CPEs: 14EXPL: 0CVE-2013-5895 – JDK: multiple unspecified vulnerabilities fixed in 7u51 (JavaFX)
https://notcve.org/view.php?id=CVE-2013-5895
15 Jan 2014 — Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX. Vulnerabilidad no especificada en Oracle Java SE 7u45 y JavaFX 2.2.45 permite a atacantes remotos afectar a la confidencialidad a través de vectores desconocidos relacionados con JavaFX. Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allo... • http://marc.info/?l=bugtraq&m=139402697611681&w=2 •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2014-0382 – JDK: multiple unspecified vulnerabilities fixed in 7u51 (JavaFX)
https://notcve.org/view.php?id=CVE-2014-0382
15 Jan 2014 — Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX. Vulnerabilidad no especificada en Oracle Java SE 7u45 y Java FX 2.2.45 permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos relacionados con JavaFX. Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remo... • http://marc.info/?l=bugtraq&m=139402697611681&w=2 •