Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Chromium: Multiple vulnerabilities
Informations
Name GLSA-201208-03 First vendor Publication 2012-08-14
Vendor Gentoo Last vendor Modification 2012-08-14
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code.

Background

Chromium is an open source web browser project.

Description

Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, disclosure of sensitive information, or other unspecified impact.

Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-21.0.1180.57"

References

[ 1 ] CVE-2012-2815 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2815
[ 2 ] CVE-2012-2817 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2817
[ 3 ] CVE-2012-2818 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2818
[ 4 ] CVE-2012-2819 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2819
[ 5 ] CVE-2012-2820 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2820
[ 6 ] CVE-2012-2821 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2821
[ 7 ] CVE-2012-2823 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2823
[ 8 ] CVE-2012-2824 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2824
[ 9 ] CVE-2012-2825 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2825
[ 10 ] CVE-2012-2826 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2826
[ 11 ] CVE-2012-2829 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2829
[ 12 ] CVE-2012-2830 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2830
[ 13 ] CVE-2012-2831 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2831
[ 14 ] CVE-2012-2834 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2834
[ 15 ] CVE-2012-2842 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2842
[ 16 ] CVE-2012-2843 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2843
[ 17 ] CVE-2012-2846 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2846
[ 18 ] CVE-2012-2847 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2847
[ 19 ] CVE-2012-2848 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2848
[ 20 ] CVE-2012-2849 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2849
[ 21 ] CVE-2012-2853 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2853
[ 22 ] CVE-2012-2854 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2854
[ 23 ] CVE-2012-2857 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2857
[ 24 ] CVE-2012-2858 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2858
[ 25 ] CVE-2012-2859 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859
[ 26 ] CVE-2012-2860 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860
[ 27 ] Release Notes 20.0.1132.43

http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
[ 28 ] Release Notes 20.0.1132.57

http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.html
[ 29 ] Release Notes 21.0.1180.57

http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201208-03.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201208-03.xml

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-399 Resource Management Errors
15 % CWE-20 Improper Input Validation
10 % CWE-200 Information Exposure
10 % CWE-189 Numeric Errors (CWE/SANS Top 25)
10 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
5 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14708
 
Oval ID: oval:org.mitre.oval:def:14708
Title: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 via vectors related to SVG references
Description: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2831
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14771
 
Oval ID: oval:org.mitre.oval:def:14771
Title: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 via vectors related to the layout of documents that use the Cascading Style Sheets (CSS) counters feature
Description: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the layout of documents that use the Cascading Style Sheets (CSS) counters feature.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2818
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14938
 
Oval ID: oval:org.mitre.oval:def:14938
Title: The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures
Description: The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures, which allows remote attackers to cause a denial of service (assertion failure and application crash) or possibly have unspecified other impact via a crafted web page, as demonstrated by certain WebGL performance tests, aka rdar problem 11520387.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2819
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15144
 
Oval ID: oval:org.mitre.oval:def:15144
Title: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 via vectors related to the :first-letter pseudo-element
Description: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2829
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15204
 
Oval ID: oval:org.mitre.oval:def:15204
Title: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 via vectors related to SVG resources
Description: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG resources.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2823
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15264
 
Oval ID: oval:org.mitre.oval:def:15264
Title: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 via vectors related to tables that have sections
Description: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2817
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15336
 
Oval ID: oval:org.mitre.oval:def:15336
Title: Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame
Description: Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2857
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15439
 
Oval ID: oval:org.mitre.oval:def:15439
Title: The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store
Description: The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2853
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15444
 
Oval ID: oval:org.mitre.oval:def:15444
Title: Integer overflow in Google Chrome before 20.0.1132.43 via crafted data in the Matroska container format
Description: Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2834
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15468
 
Oval ID: oval:org.mitre.oval:def:15468
Title: Google Chrome before 20.0.1132.43 does not properly implement SVG filters
Description: Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2820
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15483
 
Oval ID: oval:org.mitre.oval:def:15483
Title: Google Chrome before 20.0.1132.43 does not properly set array values
Description: Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers to cause a denial of service (incorrect pointer use) or possibly have unspecified other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2830
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15511
 
Oval ID: oval:org.mitre.oval:def:15511
Title: Google Chrome before 20.0.1132.43 does not properly implement texture conversion
Description: Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2826
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15565
 
Oval ID: oval:org.mitre.oval:def:15565
Title: The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text
Description: The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, which has unspecified impact and remote attack vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2821
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15569
 
Oval ID: oval:org.mitre.oval:def:15569
Title: Use-after-free vulnerability in Google Chrome before 20.0.1132.57 via vectors related to layout height tracking
Description: Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout height tracking.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2843
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15653
 
Oval ID: oval:org.mitre.oval:def:15653
Title: Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame
Description: Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2849
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15658
 
Oval ID: oval:org.mitre.oval:def:15658
Title: The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site
Description: The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2848
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15662
 
Oval ID: oval:org.mitre.oval:def:15662
Title: Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain
Description: Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2815
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15664
 
Oval ID: oval:org.mitre.oval:def:15664
Title: Use-after-free vulnerability in Google Chrome before 20.0.1132.57 via vectors related to counter handling
Description: Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2842
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15666
 
Oval ID: oval:org.mitre.oval:def:15666
Title: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 via vectors related to SVG painting
Description: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2824
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15679
 
Oval ID: oval:org.mitre.oval:def:15679
Title: Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image
Description: Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2858
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15698
 
Oval ID: oval:org.mitre.oval:def:15698
Title: Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process
Description: Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2854
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15709
 
Oval ID: oval:org.mitre.oval:def:15709
Title: The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site
Description: The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2860
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15735
 
Oval ID: oval:org.mitre.oval:def:15735
Title: Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads
Description: Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a denial of service (resource consumption) via a crafted web site.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2847
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20609
 
Oval ID: oval:org.mitre.oval:def:20609
Title: VMware vSphere security updates for the authentication service and third party libraries
Description: The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2012-2825
 Version: 4
Platform(s): VMWare ESX Server 4.1
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26863
 
Oval ID: oval:org.mitre.oval:def:26863
Title: Allows remote attackers to cause a denial of service (incorrect read operation)
Description: The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2825
 Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
 Product(s): Google Chrome
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2408
Os 125
Os 105

OpenVAS Exploits

Date Description
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:0993-1 (update)
File : nvt/gb_suse_2012_0993_1.nasl
2012-10-22 Name : Gentoo Security Advisory GLSA 201210-07 (chromium)
File : nvt/glsa_201210_07.nasl
2012-10-05 Name : Ubuntu Update for libxslt USN-1595-1
File : nvt/gb_ubuntu_USN_1595_1.nasl
2012-10-03 Name : Fedora Update for libxslt FEDORA-2012-14048
File : nvt/gb_fedora_2012_14048_libxslt_fc16.nasl
2012-10-01 Name : Apple Safari Multiple Vulnerabilities - Oct 2012 (Mac OS X)
File : nvt/gb_apple_safari_mult_vuln_oct12_macosx.nasl
2012-09-27 Name : Fedora Update for libxslt FEDORA-2012-14083
File : nvt/gb_fedora_2012_14083_libxslt_fc17.nasl
2012-09-17 Name : CentOS Update for libxslt CESA-2012:1265 centos5
File : nvt/gb_CESA-2012_1265_libxslt_centos5.nasl
2012-09-17 Name : CentOS Update for libxslt CESA-2012:1265 centos6
File : nvt/gb_CESA-2012_1265_libxslt_centos6.nasl
2012-09-17 Name : RedHat Update for libxslt RHSA-2012:1265-01
File : nvt/gb_RHSA-2012_1265-01_libxslt.nasl
2012-09-17 Name : Apple iTunes Multiple Vulnerabilities - Sep 12 (Windows)
File : nvt/gb_apple_itunes_mult_vuln_sep12_win.nasl
2012-08-30 Name : Gentoo Security Advisory GLSA 201208-03 (chromium)
File : nvt/glsa_201208_03.nasl
2012-08-10 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium16.nasl
2012-08-10 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium17.nasl
2012-08-10 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium15.nasl
2012-08-09 Name : Google Chrome Multiple Vulnerabilities - August 12 (Linux)
File : nvt/gb_google_chrome_mult_vuln_aug12_lin.nasl
2012-08-08 Name : Google Chrome Multiple Vulnerabilities - August 12 (Mac OS X)
File : nvt/gb_google_chrome_mult_vuln_aug12_macosx.nasl
2012-08-08 Name : Google Chrome Multiple Vulnerabilities - August 12 (Windows)
File : nvt/gb_google_chrome_mult_vuln_aug12_win.nasl
2012-08-01 Name : Apple Safari Multiple Vulnerabilities - Aug 2012 (Windows)
File : nvt/gb_apple_safari_mult_vuln_aug12_win.nasl
2012-07-30 Name : Apple Safari Multiple Vulnerabilities - July 2012 (Mac OS X)
File : nvt/gb_apple_safari_mult_vuln_jul12_macosx.nasl
2012-07-26 Name : Mandriva Update for libxslt MDVSA-2012:109 (libxslt)
File : nvt/gb_mandriva_MDVSA_2012_109.nasl
2012-07-24 Name : Google Chrome Multiple Vulnerabilities(01) - July 12 (Linux)
File : nvt/gb_google_chrome_mult_vuln01_jul12_lin.nasl
2012-07-24 Name : Google Chrome Multiple Vulnerabilities(01) - July 12 (Mac OS X)
File : nvt/gb_google_chrome_mult_vuln01_jul12_macosx.nasl
2012-07-24 Name : Google Chrome Multiple Vulnerabilities(01) - July 12 (Windows)
File : nvt/gb_google_chrome_mult_vuln01_jul12_win.nasl
2012-07-04 Name : Google Chrome Multiple Vulnerabilities - July 12 (Linux)
File : nvt/gb_google_chrome_mult_vuln_jul12_lin.nasl
2012-07-04 Name : Google Chrome Multiple Vulnerabilities - July 12 (Mac OS X)
File : nvt/gb_google_chrome_mult_vuln_jul12_macosx.nasl
2012-07-04 Name : Google Chrome Multiple Vulnerabilities - July 12 (Windows)
File : nvt/gb_google_chrome_mult_vuln_jul12_win.nasl

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-02-07 IAVM : 2013-A-0031 - Multiple Security Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity : Category I - VMSKEY : V0036787

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_esx_VMSA-2013-0001_remote.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_libxslt_20140114_2.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2012-1325.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-516.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-393.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-355.nasl - Type : ACT_GATHER_INFO
2014-01-23 Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_11_1_4_banner.nasl - Type : ACT_GATHER_INFO
2014-01-23 Name : The remote host contains an application that has multiple vulnerabilities.
File : itunes_11_1_4.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_1_build_1063671_remote.nasl - Type : ACT_GATHER_INFO
2013-11-12 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libxslt-131106.nasl - Type : ACT_GATHER_INFO
2013-10-24 Name : The remote host contains an application that has multiple vulnerabilities.
File : itunes_11_1_2.nasl - Type : ACT_GATHER_INFO
2013-10-24 Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_11_1_2_banner.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote device is affected by multiple vulnerabilities.
File : appletv_6_0.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-123.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1265.nasl - Type : ACT_GATHER_INFO
2013-05-17 Name : The remote host contains an application that has multiple vulnerabilities.
File : itunes_11_0_3.nasl - Type : ACT_GATHER_INFO
2013-05-17 Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_11_0_3_banner.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-047.nasl - Type : ACT_GATHER_INFO
2013-03-15 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : macosx_Safari6_0_3.nasl - Type : ACT_GATHER_INFO
2013-02-16 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2013-0001.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libxslt-120629.nasl - Type : ACT_GATHER_INFO
2012-12-10 Name : The remote Fedora host is missing a security update.
File : fedora_2012-15716.nasl - Type : ACT_GATHER_INFO
2012-10-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201210-07.nasl - Type : ACT_GATHER_INFO
2012-10-05 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1595-1.nasl - Type : ACT_GATHER_INFO
2012-09-27 Name : The remote Fedora host is missing a security update.
File : fedora_2012-14083.nasl - Type : ACT_GATHER_INFO
2012-09-27 Name : The remote Fedora host is missing a security update.
File : fedora_2012-14048.nasl - Type : ACT_GATHER_INFO
2012-09-20 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : macosx_Safari6_0_1.nasl - Type : ACT_GATHER_INFO
2012-09-15 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120913_libxslt_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-09-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1265.nasl - Type : ACT_GATHER_INFO
2012-09-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1265.nasl - Type : ACT_GATHER_INFO
2012-09-13 Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_10_7_banner.nasl - Type : ACT_GATHER_INFO
2012-09-13 Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_10_7.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-109.nasl - Type : ACT_GATHER_INFO
2012-08-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201208-03.nasl - Type : ACT_GATHER_INFO
2012-08-13 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_2092a45be2f611e1a8ca00262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2012-08-13 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_ce84e136e2f611e1a8ca00262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_21_0_1180_60.nasl - Type : ACT_GATHER_INFO
2012-07-26 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : macosx_Safari6_0.nasl - Type : ACT_GATHER_INFO
2012-07-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libxslt-8207.nasl - Type : ACT_GATHER_INFO
2012-07-12 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_20_0_1132_57.nasl - Type : ACT_GATHER_INFO
2012-06-28 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_ff922811c09611e1b0f400262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2012-06-27 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_20_0_1132_43.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:37:31
  • Multiple Updates