Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Chromium, V8: Multiple vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | GLSA-201309-16 | First vendor Publication | 2013-09-24 |
| Vendor | Gentoo | Last vendor Modification | 2013-09-24 |
| Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Synopsis Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background Description Impact Workaround Resolution All V8 users should upgrade to the latest version: References http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability http://security.gentoo.org/glsa/glsa-201309-16.xml |
Original Source
| Url : http://security.gentoo.org/glsa/glsa-201309-16.xml |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 24 % | CWE-399 | Resource Management Errors |
| 19 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 13 % | CWE-416 | Use After Free |
| 10 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 6 % | CWE-20 | Improper Input Validation |
| 4 % | CWE-362 | Race Condition |
| 4 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 3 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
| 3 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
| 2 % | CWE-200 | Information Exposure |
| 2 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
| 2 % | CWE-732 | Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25) |
| 2 % | CWE-125 | Out-of-bounds Read |
| 2 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 1 % | CWE-287 | Improper Authentication |
| 1 % | CWE-193 | Off-by-one Error |
| 1 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
| 1 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:14994 | |||
| Oval ID: | oval:org.mitre.oval:def:14994 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 via vectors related to the handling of SVG filters | ||
| Description: | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG filters. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5116 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15040 | |||
| Oval ID: | oval:org.mitre.oval:def:15040 | ||
| Title: | Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service (application crash) via a response with chunked transfer coding | ||
| Description: | Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service (application crash) via a response with chunked transfer coding. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5132 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15221 | |||
| Oval ID: | oval:org.mitre.oval:def:15221 | ||
| Title: | Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform write operations | ||
| Description: | Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform write operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5128 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15301 | |||
| Oval ID: | oval:org.mitre.oval:def:15301 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 23.0.1271.97 via vectors related to the URL loader | ||
| Description: | Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5140 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15341 | |||
| Oval ID: | oval:org.mitre.oval:def:15341 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 via vectors related to the handling of extension tabs | ||
| Description: | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5125 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15428 | |||
| Oval ID: | oval:org.mitre.oval:def:15428 | ||
| Title: | Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in | ||
| Description: | Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in, which has unspecified impact and attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5141 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15586 | |||
| Oval ID: | oval:org.mitre.oval:def:15586 | ||
| Title: | Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors | ||
| Description: | Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0892 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15631 | |||
| Oval ID: | oval:org.mitre.oval:def:15631 | ||
| Title: | Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors | ||
| Description: | Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5123 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15638 | |||
| Oval ID: | oval:org.mitre.oval:def:15638 | ||
| Title: | Google Chrome before 23.0.1271.95 does not properly handle file paths | ||
| Description: | Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5138 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15660 | |||
| Oval ID: | oval:org.mitre.oval:def:15660 | ||
| Title: | Google Chrome before 23.0.1271.64 does not properly handle textures | ||
| Description: | Google Chrome before 23.0.1271.64 does not properly handle textures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5124 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15682 | |||
| Oval ID: | oval:org.mitre.oval:def:15682 | ||
| Title: | Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media | ||
| Description: | Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0893 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15695 | |||
| Oval ID: | oval:org.mitre.oval:def:15695 | ||
| Title: | Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input | ||
| Description: | Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5122 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15726 | |||
| Oval ID: | oval:org.mitre.oval:def:15726 | ||
| Title: | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing | ||
| Description: | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0833 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15734 | |||
| Oval ID: | oval:org.mitre.oval:def:15734 | ||
| Title: | Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors | ||
| Description: | Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5130 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15746 | |||
| Oval ID: | oval:org.mitre.oval:def:15746 | ||
| Title: | The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names | ||
| Description: | The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5148 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15768 | |||
| Oval ID: | oval:org.mitre.oval:def:15768 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 23.0.1271.91 via vectors related to printing | ||
| Description: | Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5135 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15788 | |||
| Oval ID: | oval:org.mitre.oval:def:15788 | ||
| Title: | The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server | ||
| Description: | The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0887 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15805 | |||
| Oval ID: | oval:org.mitre.oval:def:15805 | ||
| Title: | Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93, a different vulnerability than CVE-2013-2840 | ||
| Description: | Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2846 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15819 | |||
| Oval ID: | oval:org.mitre.oval:def:15819 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 23.0.1271.95 via vectors related to the Media Source API | ||
| Description: | Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Media Source API. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5137 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15849 | |||
| Oval ID: | oval:org.mitre.oval:def:15849 | ||
| Title: | The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors | ||
| Description: | The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2848 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15865 | |||
| Oval ID: | oval:org.mitre.oval:def:15865 | ||
| Title: | Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 via unknown vectors | ||
| Description: | Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5149 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15868 | |||
| Oval ID: | oval:org.mitre.oval:def:15868 | ||
| Title: | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs | ||
| Description: | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0837 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15891 | |||
| Oval ID: | oval:org.mitre.oval:def:15891 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 via vectors related to the handling of plug-in placeholders | ||
| Description: | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of plug-in placeholders. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5126 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15892 | |||
| Oval ID: | oval:org.mitre.oval:def:15892 | ||
| Title: | The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors | ||
| Description: | The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0917 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15907 | |||
| Oval ID: | oval:org.mitre.oval:def:15907 | ||
| Title: | The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure | ||
| Description: | The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0830 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15909 | |||
| Oval ID: | oval:org.mitre.oval:def:15909 | ||
| Title: | Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 | ||
| Description: | Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2858 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15912 | |||
| Oval ID: | oval:org.mitre.oval:def:15912 | ||
| Title: | Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element | ||
| Description: | Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5117 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15914 | |||
| Oval ID: | oval:org.mitre.oval:def:15914 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 via vectors related to the handling of widgets | ||
| Description: | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2842 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15917 | |||
| Oval ID: | oval:org.mitre.oval:def:15917 | ||
| Title: | Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process | ||
| Description: | Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0831 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15929 | |||
| Oval ID: | oval:org.mitre.oval:def:15929 | ||
| Title: | Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element | ||
| Description: | Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5136 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15943 | |||
| Oval ID: | oval:org.mitre.oval:def:15943 | ||
| Title: | Integer overflow in Google Chrome before 23.0.1271.64 via a crafted WebP image | ||
| Description: | Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5127 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15954 | |||
| Oval ID: | oval:org.mitre.oval:def:15954 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 23.0.1271.91 via vectors related to SVG filters | ||
| Description: | Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5133 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15957 | |||
| Oval ID: | oval:org.mitre.oval:def:15957 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 via vectors related to video layout | ||
| Description: | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5121 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15977 | |||
| Oval ID: | oval:org.mitre.oval:def:15977 | ||
| Title: | Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, via vectors related to buffers | ||
| Description: | Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to buffers. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5119 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16000 | |||
| Oval ID: | oval:org.mitre.oval:def:16000 | ||
| Title: | Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 | ||
| Description: | Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0841 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16007 | |||
| Oval ID: | oval:org.mitre.oval:def:16007 | ||
| Title: | Google Chrome before 23.0.1271.97 does not properly perform AAC decoding | ||
| Description: | Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5144 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16027 | |||
| Oval ID: | oval:org.mitre.oval:def:16027 | ||
| Title: | Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet | ||
| Description: | Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0899 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16042 | |||
| Oval ID: | oval:org.mitre.oval:def:16042 | ||
| Title: | The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors | ||
| Description: | The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0904 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16064 | |||
| Oval ID: | oval:org.mitre.oval:def:16064 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 23.0.1271.97 via vectors related to visibility events. | ||
| Description: | Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to visibility events. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5139 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16081 | |||
| Oval ID: | oval:org.mitre.oval:def:16081 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, via vectors related to databases | ||
| Description: | Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0880 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16101 | |||
| Oval ID: | oval:org.mitre.oval:def:16101 | ||
| Title: | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code | ||
| Description: | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0884 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16132 | |||
| Oval ID: | oval:org.mitre.oval:def:16132 | ||
| Title: | The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors | ||
| Description: | The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0909 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16153 | |||
| Oval ID: | oval:org.mitre.oval:def:16153 | ||
| Title: | Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document | ||
| Description: | Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0897 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16173 | |||
| Oval ID: | oval:org.mitre.oval:def:16173 | ||
| Title: | Google Chrome before 23.0.1271.97 does not properly handle history navigation | ||
| Description: | Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5142 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16185 | |||
| Oval ID: | oval:org.mitre.oval:def:16185 | ||
| Title: | Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to stack memory | ||
| Description: | Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to stack memory. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5153 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16187 | |||
| Oval ID: | oval:org.mitre.oval:def:16187 | ||
| Title: | Integer overflow in Google Chrome before 23.0.1271.97 via vectors related to PPAPI image buffers | ||
| Description: | Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5143 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16206 | |||
| Oval ID: | oval:org.mitre.oval:def:16206 | ||
| Title: | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data | ||
| Description: | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5152 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16207 | |||
| Oval ID: | oval:org.mitre.oval:def:16207 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 via vectors related to SVG layout | ||
| Description: | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5145 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16208 | |||
| Oval ID: | oval:org.mitre.oval:def:16208 | ||
| Title: | Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors | ||
| Description: | Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0890 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16215 | |||
| Oval ID: | oval:org.mitre.oval:def:16215 | ||
| Title: | Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication | ||
| Description: | Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0922 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16233 | |||
| Oval ID: | oval:org.mitre.oval:def:16233 | ||
| Title: | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file | ||
| Description: | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0889 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16250 | |||
| Oval ID: | oval:org.mitre.oval:def:16250 | ||
| Title: | Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 | ||
| Description: | Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2837 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16255 | |||
| Oval ID: | oval:org.mitre.oval:def:16255 | ||
| Title: | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store | ||
| Description: | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0885 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16263 | |||
| Oval ID: | oval:org.mitre.oval:def:16263 | ||
| Title: | Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors | ||
| Description: | Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0835 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16269 | |||
| Oval ID: | oval:org.mitre.oval:def:16269 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 via vectors related to DOM handling. | ||
| Description: | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5147 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16272 | |||
| Oval ID: | oval:org.mitre.oval:def:16272 | ||
| Title: | The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document | ||
| Description: | The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0828 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16274 | |||
| Oval ID: | oval:org.mitre.oval:def:16274 | ||
| Title: | WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion." | ||
| Description: | WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0912 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16303 | |||
| Oval ID: | oval:org.mitre.oval:def:16303 | ||
| Title: | Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors | ||
| Description: | Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0888 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16307 | |||
| Oval ID: | oval:org.mitre.oval:def:16307 | ||
| Title: | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs | ||
| Description: | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0834 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16310 | |||
| Oval ID: | oval:org.mitre.oval:def:16310 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 via vectors related to printing | ||
| Description: | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0832 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16318 | |||
| Oval ID: | oval:org.mitre.oval:def:16318 | ||
| Title: | Integer overflow in Google Chrome before 24.0.1312.52 on Windows via vectors related to allocation of shared memory | ||
| Description: | Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5154 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16322 | |||
| Oval ID: | oval:org.mitre.oval:def:16322 | ||
| Title: | Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors | ||
| Description: | Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0829 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16327 | |||
| Oval ID: | oval:org.mitre.oval:def:16327 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 24.0.1312.56 via vectors related to the handling of fonts in CANVAS elements | ||
| Description: | Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts in CANVAS elements. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0839 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16335 | |||
| Oval ID: | oval:org.mitre.oval:def:16335 | ||
| Title: | Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows | ||
| Description: | Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0840 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16354 | |||
| Oval ID: | oval:org.mitre.oval:def:16354 | ||
| Title: | The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors | ||
| Description: | The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2845 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16356 | |||
| Oval ID: | oval:org.mitre.oval:def:16356 | ||
| Title: | Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob | ||
| Description: | Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0891 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16363 | |||
| Oval ID: | oval:org.mitre.oval:def:16363 | ||
| Title: | Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension | ||
| Description: | Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0925 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16369 | |||
| Oval ID: | oval:org.mitre.oval:def:16369 | ||
| Title: | Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes | ||
| Description: | Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0908 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16372 | |||
| Oval ID: | oval:org.mitre.oval:def:16372 | ||
| Title: | Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL | ||
| Description: | Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5146 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16377 | |||
| Oval ID: | oval:org.mitre.oval:def:16377 | ||
| Title: | Directory traversal vulnerability in Google Chrome before 25.0.1364.152 via vectors related to databases | ||
| Description: | Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0911 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16404 | |||
| Oval ID: | oval:org.mitre.oval:def:16404 | ||
| Title: | Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X | ||
| Description: | Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0900 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16439 | |||
| Oval ID: | oval:org.mitre.oval:def:16439 | ||
| Title: | Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 25.0.1364.152 | ||
| Description: | Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0902 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16440 | |||
| Oval ID: | oval:org.mitre.oval:def:16440 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 via vectors involving seek operations on video data | ||
| Description: | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5150 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16453 | |||
| Oval ID: | oval:org.mitre.oval:def:16453 | ||
| Title: | Integer overflow in Google Chrome before 24.0.1312.52 via crafted JavaScript code in a PDF document | ||
| Description: | Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5151 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16456 | |||
| Oval ID: | oval:org.mitre.oval:def:16456 | ||
| Title: | Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames | ||
| Description: | Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0842 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16459 | |||
| Oval ID: | oval:org.mitre.oval:def:16459 | ||
| Title: | Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code | ||
| Description: | Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0836 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16468 | |||
| Oval ID: | oval:org.mitre.oval:def:16468 | ||
| Title: | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters | ||
| Description: | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0882 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16473 | |||
| Oval ID: | oval:org.mitre.oval:def:16473 | ||
| Title: | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format | ||
| Description: | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0881 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16495 | |||
| Oval ID: | oval:org.mitre.oval:def:16495 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 25.0.1364.152 via vectors involving an SVG animation | ||
| Description: | Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0905 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16499 | |||
| Oval ID: | oval:org.mitre.oval:def:16499 | ||
| Title: | Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors | ||
| Description: | Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0883 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16505 | |||
| Oval ID: | oval:org.mitre.oval:def:16505 | ||
| Title: | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes | ||
| Description: | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0879 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16520 | |||
| Oval ID: | oval:org.mitre.oval:def:16520 | ||
| Title: | Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation | ||
| Description: | Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0918 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16534 | |||
| Oval ID: | oval:org.mitre.oval:def:16534 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 via vectors related to the handling of Pepper resources | ||
| Description: | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2841 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16541 | |||
| Oval ID: | oval:org.mitre.oval:def:16541 | ||
| Title: | Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 | ||
| Description: | Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2865 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16547 | |||
| Oval ID: | oval:org.mitre.oval:def:16547 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 via vectors related to the handling of speech data | ||
| Description: | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2843 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16552 | |||
| Oval ID: | oval:org.mitre.oval:def:16552 | ||
| Title: | Use-after-free vulnerability in the extension bookmarks API in Google Chrome before 26.0.1410.43 | ||
| Description: | Use-after-free vulnerability in the extension bookmarks API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0920 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16569 | |||
| Oval ID: | oval:org.mitre.oval:def:16569 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL | ||
| Description: | Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0898 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16574 | |||
| Oval ID: | oval:org.mitre.oval:def:16574 | ||
| Title: | Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in | ||
| Description: | Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0910 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16601 | |||
| Oval ID: | oval:org.mitre.oval:def:16601 | ||
| Title: | Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation | ||
| Description: | Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0926 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16608 | |||
| Oval ID: | oval:org.mitre.oval:def:16608 | ||
| Title: | Google Chrome before 27.0.1453.110 does not properly handle SSL sockets | ||
| Description: | Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2863 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16609 | |||
| Oval ID: | oval:org.mitre.oval:def:16609 | ||
| Title: | Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.93 | ||
| Description: | Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.93 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2836 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16624 | |||
| Oval ID: | oval:org.mitre.oval:def:16624 | ||
| Title: | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 | ||
| Description: | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2844 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16625 | |||
| Oval ID: | oval:org.mitre.oval:def:16625 | ||
| Title: | Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors | ||
| Description: | Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2838 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16633 | |||
| Oval ID: | oval:org.mitre.oval:def:16633 | ||
| Title: | Race condition in Google Chrome before 25.0.1364.152 via vectors related to the handling of media threads | ||
| Description: | Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media threads. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0907 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16640 | |||
| Oval ID: | oval:org.mitre.oval:def:16640 | ||
| Title: | Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors | ||
| Description: | Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2859 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16653 | |||
| Oval ID: | oval:org.mitre.oval:def:16653 | ||
| Title: | The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors | ||
| Description: | The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0906 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16656 | |||
| Oval ID: | oval:org.mitre.oval:def:16656 | ||
| Title: | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins | ||
| Description: | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0896 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16661 | |||
| Oval ID: | oval:org.mitre.oval:def:16661 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 25.0.1364.152 via vectors related to the handling of browser navigation | ||
| Description: | Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of browser navigation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0903 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16665 | |||
| Oval ID: | oval:org.mitre.oval:def:16665 | ||
| Title: | Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43 | ||
| Description: | Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0916 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16670 | |||
| Oval ID: | oval:org.mitre.oval:def:16670 | ||
| Title: | The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes | ||
| Description: | The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0921 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16671 | |||
| Oval ID: | oval:org.mitre.oval:def:16671 | ||
| Title: | The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors | ||
| Description: | The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0923 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16674 | |||
| Oval ID: | oval:org.mitre.oval:def:16674 | ||
| Title: | The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions | ||
| Description: | The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0924 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16706 | |||
| Oval ID: | oval:org.mitre.oval:def:16706 | ||
| Title: | Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93, a different vulnerability than CVE-2013-2846 | ||
| Description: | Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2840 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16710 | |||
| Oval ID: | oval:org.mitre.oval:def:16710 | ||
| Title: | Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration | ||
| Description: | Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2862 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16716 | |||
| Oval ID: | oval:org.mitre.oval:def:16716 | ||
| Title: | Race condition in the workers implementation in Google Chrome before 27.0.1453.93 | ||
| Description: | Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2847 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16721 | |||
| Oval ID: | oval:org.mitre.oval:def:16721 | ||
| Title: | Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 | ||
| Description: | Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2861 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16723 | |||
| Oval ID: | oval:org.mitre.oval:def:16723 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request | ||
| Description: | Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2870 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16753 | |||
| Oval ID: | oval:org.mitre.oval:def:16753 | ||
| Title: | Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation | ||
| Description: | Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2849 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16760 | |||
| Oval ID: | oval:org.mitre.oval:def:16760 | ||
| Title: | Google Chrome before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data | ||
| Description: | Google Chrome before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2839 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16793 | |||
| Oval ID: | oval:org.mitre.oval:def:16793 | ||
| Title: | The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors | ||
| Description: | The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2855 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16811 | |||
| Oval ID: | oval:org.mitre.oval:def:16811 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 via vectors related to the handling of input | ||
| Description: | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2856 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16816 | |||
| Oval ID: | oval:org.mitre.oval:def:16816 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 via vectors related to the handling of images | ||
| Description: | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2857 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16890 | |||
| Oval ID: | oval:org.mitre.oval:def:16890 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 via vectors involving access to a database API by a worker process | ||
| Description: | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2860 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17033 | |||
| Oval ID: | oval:org.mitre.oval:def:17033 | ||
| Title: | The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation | ||
| Description: | The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2853 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17142 | |||
| Oval ID: | oval:org.mitre.oval:def:17142 | ||
| Title: | Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures | ||
| Description: | Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2874 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17177 | |||
| Oval ID: | oval:org.mitre.oval:def:17177 | ||
| Title: | Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations | ||
| Description: | Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2879 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17216 | |||
| Oval ID: | oval:org.mitre.oval:def:17216 | ||
| Title: | Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows | ||
| Description: | Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2867 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17227 | |||
| Oval ID: | oval:org.mitre.oval:def:17227 | ||
| Title: | core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors | ||
| Description: | core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2875 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17275 | |||
| Oval ID: | oval:org.mitre.oval:def:17275 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input | ||
| Description: | Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2871 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17278 | |||
| Oval ID: | oval:org.mitre.oval:def:17278 | ||
| Title: | Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted JPEG2000 image | ||
| Description: | Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted JPEG2000 image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2869 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17281 | |||
| Oval ID: | oval:org.mitre.oval:def:17281 | ||
| Title: | Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors | ||
| Description: | Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2880 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17318 | |||
| Oval ID: | oval:org.mitre.oval:def:17318 | ||
| Title: | Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the handling of text | ||
| Description: | Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the handling of text. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2878 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17329 | |||
| Oval ID: | oval:org.mitre.oval:def:17329 | ||
| Title: | Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion. | ||
| Description: | Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2882 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17347 | |||
| Oval ID: | oval:org.mitre.oval:def:17347 | ||
| Title: | common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting | ||
| Description: | common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2868 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17348 | |||
| Oval ID: | oval:org.mitre.oval:def:17348 | ||
| Title: | Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site | ||
| Description: | Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2881 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17350 | |||
| Oval ID: | oval:org.mitre.oval:def:17350 | ||
| Title: | browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1500.71 does not properly enforce restrictions on the capture of screenshots by extensions | ||
| Description: | browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1500.71 does not properly enforce restrictions on the capture of screenshots by extensions, which allows remote attackers to obtain sensitive information about the content of a previous page via vectors involving an interstitial page. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2876 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17525 | |||
| Oval ID: | oval:org.mitre.oval:def:17525 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 28.0.1500.95 via vectors related to deleting the registration of a MutationObserver object | ||
| Description: | Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2883 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17571 | |||
| Oval ID: | oval:org.mitre.oval:def:17571 | ||
| Title: | Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving moving a (1) AUDIO or (2) VIDEO element between documents. | ||
| Description: | Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving moving a (1) AUDIO or (2) VIDEO element between documents. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2903 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17583 | |||
| Oval ID: | oval:org.mitre.oval:def:17583 | ||
| Title: | The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file. | ||
| Description: | The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2905 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17597 | |||
| Oval ID: | oval:org.mitre.oval:def:17597 | ||
| Title: | Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 via vectors related to improper tracking of which document owns an Attr object | ||
| Description: | Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2884 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17672 | |||
| Oval ID: | oval:org.mitre.oval:def:17672 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 28.0.1500.95 via vectors related to not properly considering focus during the processing of JavaScript events in the presence of a multiple-fields input type | ||
| Description: | Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to not properly considering focus during the processing of JavaScript events in the presence of a multiple-fields input type. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2885 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17704 | |||
| Oval ID: | oval:org.mitre.oval:def:17704 | ||
| Title: | Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 | ||
| Description: | Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2886 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17741 | |||
| Oval ID: | oval:org.mitre.oval:def:17741 | ||
| Title: | Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2887 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18070 | |||
| Oval ID: | oval:org.mitre.oval:def:18070 | ||
| Title: | USN-1705-1 -- libav vulnerabilities | ||
| Description: | Libav could be made to crash or run programs as your login if it opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1705-1 CVE-2012-2783 CVE-2012-2791 CVE-2012-2797 CVE-2012-2798 CVE-2012-2801 CVE-2012-2802 CVE-2012-2803 CVE-2012-2804 CVE-2012-5144 | Version: | 5 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 | Product(s): | libav |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18313 | |||
| Oval ID: | oval:org.mitre.oval:def:18313 | ||
| Title: | Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading. | ||
| Description: | Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2902 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18320 | |||
| Oval ID: | oval:org.mitre.oval:def:18320 | ||
| Title: | USN-1904-2 -- libxml2 regression | ||
| Description: | USN-1904-1 introduced a regression in libxml2. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1904-2 CVE-2013-0339 CVE-2013-2877 | Version: | 7 |
| Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18347 | |||
| Oval ID: | oval:org.mitre.oval:def:18347 | ||
| Title: | USN-1904-1 -- libxml2 vulnerabilities | ||
| Description: | Several security issues were fixed in libxml2. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1904-1 CVE-2013-0339 CVE-2013-2877 | Version: | 7 |
| Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18381 | |||
| Oval ID: | oval:org.mitre.oval:def:18381 | ||
| Title: | The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name. | ||
| Description: | The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2900 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18508 | |||
| Oval ID: | oval:org.mitre.oval:def:18508 | ||
| Title: | Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Description: | Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2901 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18550 | |||
| Oval ID: | oval:org.mitre.oval:def:18550 | ||
| Title: | Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document. | ||
| Description: | Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2904 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18556 | |||
| Oval ID: | oval:org.mitre.oval:def:18556 | ||
| Title: | DSA-2695-1 chromium-browser - several | ||
| Description: | Several vulnerabilities have been discovered in the Chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2695-1 CVE-2013-2837 CVE-2013-2838 CVE-2013-2839 CVE-2013-2840 CVE-2013-2841 CVE-2013-2842 CVE-2013-2843 CVE-2013-2844 CVE-2013-2845 CVE-2013-2846 CVE-2013-2847 CVE-2013-2848 CVE-2013-2849 | Version: | 8 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | chromium-browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18734 | |||
| Oval ID: | oval:org.mitre.oval:def:18734 | ||
| Title: | DSA-2732-1 chromium-browser - several | ||
| Description: | Several vulnerabilities have been discovered in the Chromium web browser. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2732-1 CVE-2013-2881 CVE-2013-2882 CVE-2013-2883 CVE-2013-2884 CVE-2013-2885 CVE-2013-2886 | Version: | 8 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | chromium-browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:19973 | |||
| Oval ID: | oval:org.mitre.oval:def:19973 | ||
| Title: | DSA-2741-1 chromium-browser - several | ||
| Description: | Several vulnerabilities have been discovered in the Chromium web browser. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2741-1 CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902 CVE-2013-2903 CVE-2013-2904 CVE-2013-2905 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | chromium-browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20048 | |||
| Oval ID: | oval:org.mitre.oval:def:20048 | ||
| Title: | DSA-2724-1 chromium-browser - several | ||
| Description: | Several vulnerabilities have been discovered in the Chromium web browser. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2724-1 CVE-2013-2853 CVE-2013-2867 CVE-2013-2868 CVE-2013-2869 CVE-2013-2870 CVE-2013-2871 CVE-2013-2873 CVE-2013-2875 CVE-2013-2876 CVE-2013-2877 CVE-2013-2878 CVE-2013-2879 CVE-2013-2880 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | chromium-browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20088 | |||
| Oval ID: | oval:org.mitre.oval:def:20088 | ||
| Title: | DSA-2779-1 libxml2 - denial of service | ||
| Description: | Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project's XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2779-1 CVE-2013-2877 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20129 | |||
| Oval ID: | oval:org.mitre.oval:def:20129 | ||
| Title: | DSA-2706-1 chromium-browser - several | ||
| Description: | Several vulnerabilities have been discovered in the Chromium web browser. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2706-1 CVE-2013-2855 CVE-2013-2856 CVE-2013-2857 CVE-2013-2858 CVE-2013-2859 CVE-2013-2860 CVE-2013-2861 CVE-2013-2862 CVE-2013-2863 CVE-2013-2865 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | chromium-browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25431 | |||
| Oval ID: | oval:org.mitre.oval:def:25431 | ||
| Title: | SUSE-SU-2014:0150-1 -- Security update for libxml2 | ||
| Description: | This update fixes a DoS vulnerability in libxml2. CVE-2013-2877 has been assigned to this issue. Security Issue reference: * CVE-2013-2877 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877 > | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0150-1 CVE-2013-2877 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25457 | |||
| Oval ID: | oval:org.mitre.oval:def:25457 | ||
| Title: | SUSE-SU-2013:1627-1 -- Security update for libxml2 | ||
| Description: | libxml2 has been updated to fix the following security issue: * CVE-2013-0338: libxml2 allowed context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1627-1 CVE-2013-0338 CVE-2013-0339 CVE-2012-5134 CVE-2012-2807 CVE-2011-3102 CVE-2012-0841 CVE-2011-3919 CVE-2013-2877 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 10 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26401 | |||
| Oval ID: | oval:org.mitre.oval:def:26401 | ||
| Title: | Allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact | ||
| Description: | Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0894 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26734 | |||
| Oval ID: | oval:org.mitre.oval:def:26734 | ||
| Title: | Allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly | ||
| Description: | parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2877 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-12-31 | Name : Fedora Update for v8 FEDORA-2012-20103 File : nvt/gb_fedora_2012_20103_v8_fc17.nasl |
| 2012-12-14 | Name : SuSE Update for Chromium openSUSE-SU-2012:1637-1 (Chromium) File : nvt/gb_suse_2012_1637_1.nasl |
| 2012-12-14 | Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows) File : nvt/gb_google_chrome_mult_vuln03_dec12_win.nasl |
| 2012-12-14 | Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln03_dec12_macosx.nasl |
| 2012-12-14 | Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Linux) File : nvt/gb_google_chrome_mult_vuln03_dec12_lin.nasl |
| 2012-12-04 | Name : Google Chrome Multiple Vulnerabilities-02 Dec2012 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln02_dec12_macosx.nasl |
| 2012-12-04 | Name : Google Chrome Multiple Vulnerabilities-02 Dec2012 (Windows) File : nvt/gb_google_chrome_mult_vuln02_dec12_win.nasl |
| 2012-12-04 | Name : Google Chrome Multiple Vulnerabilities-02 Dec2012 (Linux) File : nvt/gb_google_chrome_mult_vuln02_dec12_lin.nasl |
| 2012-12-04 | Name : Google Chrome Multiple Vulnerabilities-01 Dec2012 (Windows) File : nvt/gb_google_chrome_mult_vuln01_dec12_win.nasl |
| 2012-12-04 | Name : Google Chrome Multiple Vulnerabilities-01 Dec2012 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln01_dec12_macosx.nasl |
| 2012-12-04 | Name : Google Chrome Multiple Vulnerabilities-01 Dec2012 (Linux) File : nvt/gb_google_chrome_mult_vuln01_dec12_lin.nasl |
| 2012-12-04 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium24.nasl |
| 2012-12-04 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium23.nasl |
| 2012-11-26 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium22.nasl |
| 2012-11-09 | Name : Google Chrome Multiple Vulnerabilities - Nov2012 (Linux) File : nvt/gb_google_chrome_mult_vuln_nov12_lin.nasl |
| 2012-11-09 | Name : Google Chrome Multiple Vulnerabilities - Nov2012 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln_nov12_macosx.nasl |
| 2012-11-09 | Name : Google Chrome Multiple Vulnerabilities - Nov2012 (Windows) File : nvt/gb_google_chrome_mult_vuln_nov12_win.nasl |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2014-12-11 | IAVM : 2014-B-0161 - Multiple Vulnerabilities in VMware ESXi 5.1 Severity : Category I - VMSKEY : V0057717 |
| 2014-05-01 | IAVM : 2014-B-0048 - Multiple Security Vulnerabilities in Apple iOS Severity : Category I - VMSKEY : V0050015 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT |
| 2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2015-12-30 | Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2014-0012_remote.nasl - Type : ACT_GATHER_INFO |
| 2015-06-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_65b14d39d01f419cb0b85df60b929973.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1627-1.nasl - Type : ACT_GATHER_INFO |
| 2015-01-27 | Name : The remote web server is affected by multiple vulnerabilities. File : oracle_http_server_cpu_jan_2015.nasl - Type : ACT_GATHER_INFO |
| 2015-01-23 | Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10669.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_icu_20140819.nasl - Type : ACT_GATHER_INFO |
| 2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO |
| 2014-12-12 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_2323236_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-12-06 | Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2014-0012.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0031.nasl - Type : ACT_GATHER_INFO |
| 2014-10-21 | Name : The remote host contains an application that is affected by multiple vulnerab... File : itunes_12_0_1.nasl - Type : ACT_GATHER_INFO |
| 2014-10-21 | Name : The remote host contains an application that is affected by multiple vulnerab... File : itunes_12_0_1_banner.nasl - Type : ACT_GATHER_INFO |
| 2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-340.nasl - Type : ACT_GATHER_INFO |
| 2014-07-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-129.nasl - Type : ACT_GATHER_INFO |
| 2014-06-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-28.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-845.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-867.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-203.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-579.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-586.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-592.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-72.nasl - Type : ACT_GATHER_INFO |
| 2014-05-22 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : macosx_Safari7_0_4.nasl - Type : ACT_GATHER_INFO |
| 2014-05-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0513.nasl - Type : ACT_GATHER_INFO |
| 2014-05-20 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0513.nasl - Type : ACT_GATHER_INFO |
| 2014-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0513.nasl - Type : ACT_GATHER_INFO |
| 2014-05-20 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140519_libxml2_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e7bb3885da4011e39ecb2c4138874f7d.nasl - Type : ACT_GATHER_INFO |
| 2014-04-02 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : macosx_Safari7_0_3.nasl - Type : ACT_GATHER_INFO |
| 2014-02-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201402-14.nasl - Type : ACT_GATHER_INFO |
| 2014-01-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libxml2-140106.nasl - Type : ACT_GATHER_INFO |
| 2014-01-23 | Name : The remote host contains an application that has multiple vulnerabilities. File : itunes_11_1_4.nasl - Type : ACT_GATHER_INFO |
| 2014-01-23 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_11_1_4_banner.nasl - Type : ACT_GATHER_INFO |
| 2013-12-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-08.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_google_chrome_29_0_1547_57.nasl - Type : ACT_GATHER_INFO |
| 2013-11-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-06.nasl - Type : ACT_GATHER_INFO |
| 2013-10-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2786.nasl - Type : ACT_GATHER_INFO |
| 2013-10-29 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-258.nasl - Type : ACT_GATHER_INFO |
| 2013-10-24 | Name : The remote host contains an application that has multiple vulnerabilities. File : itunes_11_1_2.nasl - Type : ACT_GATHER_INFO |
| 2013-10-24 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_11_1_2_banner.nasl - Type : ACT_GATHER_INFO |
| 2013-10-23 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari6_1.nasl - Type : ACT_GATHER_INFO |
| 2013-10-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1989-1.nasl - Type : ACT_GATHER_INFO |
| 2013-10-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2779.nasl - Type : ACT_GATHER_INFO |
| 2013-10-01 | Name : The remote device is affected by multiple vulnerabilities. File : appletv_6_0.nasl - Type : ACT_GATHER_INFO |
| 2013-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-16.nasl - Type : ACT_GATHER_INFO |
| 2013-09-11 | Name : The remote host is affected by multiple vulnerabilities. File : smb_nt_ms13-067.nasl - Type : ACT_GATHER_INFO |
| 2013-08-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2741.nasl - Type : ACT_GATHER_INFO |
| 2013-08-22 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ae651a4b0a4211e3ba5200262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2013-08-21 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4d087b35099011e3a9f4bcaec565249c.nasl - Type : ACT_GATHER_INFO |
| 2013-08-20 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_29_0_1547_57.nasl - Type : ACT_GATHER_INFO |
| 2013-08-15 | Name : The remote Fedora host is missing a security update. File : fedora_2013-14176.nasl - Type : ACT_GATHER_INFO |
| 2013-08-15 | Name : The remote Fedora host is missing a security update. File : fedora_2013-14205.nasl - Type : ACT_GATHER_INFO |
| 2013-08-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2732.nasl - Type : ACT_GATHER_INFO |
| 2013-08-05 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_69098c5cfc4b11e28ad000262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2013-07-30 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_28_0_1500_95.nasl - Type : ACT_GATHER_INFO |
| 2013-07-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-198.nasl - Type : ACT_GATHER_INFO |
| 2013-07-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2724.nasl - Type : ACT_GATHER_INFO |
| 2013-07-18 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1904-2.nasl - Type : ACT_GATHER_INFO |
| 2013-07-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1904-1.nasl - Type : ACT_GATHER_INFO |
| 2013-07-11 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_3b80104fe96c11e28bac00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2013-07-10 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_28_0_1500_71.nasl - Type : ACT_GATHER_INFO |
| 2013-06-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2706.nasl - Type : ACT_GATHER_INFO |
| 2013-06-05 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4865d189cd6211e2ae1100262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2013-06-05 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_27_0_1453_110.nasl - Type : ACT_GATHER_INFO |
| 2013-06-05 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari6_0_5.nasl - Type : ACT_GATHER_INFO |
| 2013-05-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2695.nasl - Type : ACT_GATHER_INFO |
| 2013-05-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_358133b5c2b911e2a73800262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2013-05-23 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_27_0_1453_93.nasl - Type : ACT_GATHER_INFO |
| 2013-05-17 | Name : The remote host contains an application that has multiple vulnerabilities. File : itunes_11_0_3.nasl - Type : ACT_GATHER_INFO |
| 2013-05-17 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_11_0_3_banner.nasl - Type : ACT_GATHER_INFO |
| 2013-04-17 | Name : The remote host contains a web browser that is affected by a remote code exec... File : macosx_Safari6_0_4.nasl - Type : ACT_GATHER_INFO |
| 2013-04-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_bdd48858965611e2a9a800262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2013-04-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-20578.nasl - Type : ACT_GATHER_INFO |
| 2013-04-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1790-1.nasl - Type : ACT_GATHER_INFO |
| 2013-03-26 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_26_0_1410_43.nasl - Type : ACT_GATHER_INFO |
| 2013-03-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-3538.nasl - Type : ACT_GATHER_INFO |
| 2013-03-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-3546.nasl - Type : ACT_GATHER_INFO |
| 2013-03-10 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_54bed67687ce11e2b52800262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote host contains a web browser that is affected by a code execution v... File : google_chrome_25_0_1364_160.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_40d5ab3785f211e2b52800262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2013-03-05 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_25_0_1364_152.nasl - Type : ACT_GATHER_INFO |
| 2013-02-24 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_dfd92cb27d4811e2ad4800262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_25_0_1364_97.nasl - Type : ACT_GATHER_INFO |
| 2013-02-04 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-1473.nasl - Type : ACT_GATHER_INFO |
| 2013-02-04 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-1490.nasl - Type : ACT_GATHER_INFO |
| 2013-02-04 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-1494.nasl - Type : ACT_GATHER_INFO |
| 2013-01-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1705-1.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_8d03202c655911e2a38900262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2013-01-22 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_24_0_1312_56.nasl - Type : ACT_GATHER_INFO |
| 2013-01-14 | Name : The remote Fedora host is missing a security update. File : fedora_2012-20117.nasl - Type : ACT_GATHER_INFO |
| 2013-01-14 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-20125.nasl - Type : ACT_GATHER_INFO |
| 2013-01-11 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_46bd747b5b8411e2b06d00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2013-01-10 | Name : The remote Fedora host is missing a security update. File : fedora_2012-20159.nasl - Type : ACT_GATHER_INFO |
| 2013-01-10 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_24_0_1312_52.nasl - Type : ACT_GATHER_INFO |
| 2012-12-31 | Name : The remote Fedora host is missing a security update. File : fedora_2012-20103.nasl - Type : ACT_GATHER_INFO |
| 2012-12-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_51f84e28444e11e2830600262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2012-12-12 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_23_0_1271_97.nasl - Type : ACT_GATHER_INFO |
| 2012-12-02 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_5af51ae93acd11e2a4eb00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2012-11-30 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_23_0_1271_95.nasl - Type : ACT_GATHER_INFO |
| 2012-11-28 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4d64fc61387811e2a4eb00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2012-11-27 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_23_0_1271_91.nasl - Type : ACT_GATHER_INFO |
| 2012-11-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_209c068d28be11e2916000262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2012-11-08 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_23_0_1271_64.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:37:45 |
|
| 2013-09-25 05:19:04 |
|
