Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Chromium: Multiple vulnerabilities
Informations
Name GLSA-201408-16 First vendor Publication 2014-08-30
Vendor Gentoo Last vendor Modification 2014-08-30
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code.

Background

Chromium is an open-source web browser project.

Description

Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could conduct a number of attacks which include:
cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94"

References

[ 1 ] CVE-2014-1741 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741
[ 2 ] CVE-2014-0538 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538
[ 3 ] CVE-2014-1700 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700
[ 4 ] CVE-2014-1701 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701
[ 5 ] CVE-2014-1702 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702
[ 6 ] CVE-2014-1703 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703
[ 7 ] CVE-2014-1704 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704
[ 8 ] CVE-2014-1705 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705
[ 9 ] CVE-2014-1713 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713
[ 10 ] CVE-2014-1714 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714
[ 11 ] CVE-2014-1715 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715
[ 12 ] CVE-2014-1716 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716
[ 13 ] CVE-2014-1717 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717
[ 14 ] CVE-2014-1718 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718
[ 15 ] CVE-2014-1719 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719
[ 16 ] CVE-2014-1720 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720
[ 17 ] CVE-2014-1721 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721
[ 18 ] CVE-2014-1722 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722
[ 19 ] CVE-2014-1723 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723
[ 20 ] CVE-2014-1724 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724
[ 21 ] CVE-2014-1725 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725
[ 22 ] CVE-2014-1726 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726
[ 23 ] CVE-2014-1727 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727
[ 24 ] CVE-2014-1728 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728
[ 25 ] CVE-2014-1729 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729
[ 26 ] CVE-2014-1730 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730
[ 27 ] CVE-2014-1731 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731
[ 28 ] CVE-2014-1732 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732
[ 29 ] CVE-2014-1733 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733
[ 30 ] CVE-2014-1734 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734
[ 31 ] CVE-2014-1735 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735
[ 32 ] CVE-2014-1740 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740
[ 33 ] CVE-2014-1742 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742
[ 34 ] CVE-2014-1743 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743
[ 35 ] CVE-2014-1744 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744
[ 36 ] CVE-2014-1745 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745
[ 37 ] CVE-2014-1746 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746
[ 38 ] CVE-2014-1747 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747
[ 39 ] CVE-2014-1748 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748
[ 40 ] CVE-2014-1749 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749
[ 41 ] CVE-2014-3154 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154
[ 42 ] CVE-2014-3155 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155
[ 43 ] CVE-2014-3156 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156
[ 44 ] CVE-2014-3157 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157
[ 45 ] CVE-2014-3160 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160
[ 46 ] CVE-2014-3162 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162
[ 47 ] CVE-2014-3165 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165
[ 48 ] CVE-2014-3166 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166
[ 49 ] CVE-2014-3167 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167
[ 50 ] CVE-2014-3168 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168
[ 51 ] CVE-2014-3169 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169
[ 52 ] CVE-2014-3170 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170
[ 53 ] CVE-2014-3171 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171
[ 54 ] CVE-2014-3172 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172
[ 55 ] CVE-2014-3173 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173
[ 56 ] CVE-2014-3174 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174
[ 57 ] CVE-2014-3175 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175
[ 58 ] CVE-2014-3176 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176
[ 59 ] CVE-2014-3177 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201408-16.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201408-16.xml

CWE : Common Weakness Enumeration

% Id Name
32 % CWE-399 Resource Management Errors
13 % CWE-189 Numeric Errors (CWE/SANS Top 25)
13 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11 % CWE-20 Improper Input Validation
8 % CWE-264 Permissions, Privileges, and Access Controls
8 % CWE-94 Failure to Control Generation of Code ('Code Injection')
5 % CWE-416 Use After Free
5 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
3 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
3 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22007
 
Oval ID: oval:org.mitre.oval:def:22007
Title: A use-after-free issue in web database
Description: Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of scheduled tasks during shutdown of a thread.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1702
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22190
 
Oval ID: oval:org.mitre.oval:def:22190
Title: Multiple security vulnerabilities in the V8
Description: Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1704
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22444
 
Oval ID: oval:org.mitre.oval:def:22444
Title: Use-after-free in speech
Description: Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data structure.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1700
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22625
 
Oval ID: oval:org.mitre.oval:def:22625
Title: A sandbox-bypass issue exists due to a use-after-free in web sockets
Description: Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1703
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22690
 
Oval ID: oval:org.mitre.oval:def:22690
Title: A cross-site scripting issue in events
Description: The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1701
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23458
 
Oval ID: oval:org.mitre.oval:def:23458
Title: Directory traversal issue in Google Chrome before 33.0.1750.154 on Windows
Description: Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1715
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23718
 
Oval ID: oval:org.mitre.oval:def:23718
Title: Multiple unspecified vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1729)
Description: Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1729
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23760
 
Oval ID: oval:org.mitre.oval:def:23760
Title: Windows clipboard vulnerability in Google Chrome before 33.0.1750.154
Description: The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1714
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23829
 
Oval ID: oval:org.mitre.oval:def:23829
Title: Multiple unspecified vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1728)
Description: Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1728
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23895
 
Oval ID: oval:org.mitre.oval:def:23895
Title: Vulnerability in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer
Description: The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1746
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23944
 
Oval ID: oval:org.mitre.oval:def:23944
Title: Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1726)
Description: The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1726
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23988
 
Oval ID: oval:org.mitre.oval:def:23988
Title: Use-after-free vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1720)
Description: Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1720
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24003
 
Oval ID: oval:org.mitre.oval:def:24003
Title: Memory corruption in V8 in Google Chrome before 33.0.1750.154 on Windows
Description: Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1705
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24105
 
Oval ID: oval:org.mitre.oval:def:24105
Title: Use-after-free in Blink bindings in Google Chrome before 33.0.1750.154 on Windows
Description: Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1713
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24125
 
Oval ID: oval:org.mitre.oval:def:24125
Title: Vulnerability in Google Chrome before 35.0.1916.114 allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame
Description: The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1748
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24130
 
Oval ID: oval:org.mitre.oval:def:24130
Title: Cross-site scripting vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1716)
Description: Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
Family: windows Class: vulnerability
Reference(s): CVE-2014-1716
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24207
 
Oval ID: oval:org.mitre.oval:def:24207
Title: Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1725)
Description: The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1725
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24243
 
Oval ID: oval:org.mitre.oval:def:24243
Title: Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1717)
Description: Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1717
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24278
 
Oval ID: oval:org.mitre.oval:def:24278
Title: Use-after-free vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1722)
Description: Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving addition of a child node.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1722
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24361
 
Oval ID: oval:org.mitre.oval:def:24361
Title: DSA-2883-1 chromium-browser - security update
Description: Several vulnerabilities have been discovered in the chromium web browser.
Family: unix Class: patch
Reference(s): DSA-2883-1
CVE-2013-6653
CVE-2013-6654
CVE-2013-6655
CVE-2013-6656
CVE-2013-6657
CVE-2013-6658
CVE-2013-6659
CVE-2013-6660
CVE-2013-6661
CVE-2013-6663
CVE-2013-6664
CVE-2013-6665
CVE-2013-6666
CVE-2013-6667
CVE-2013-6668
CVE-2014-1700
CVE-2014-1701
CVE-2014-1702
CVE-2014-1703
CVE-2014-1704
CVE-2014-1705
CVE-2014-1713
CVE-2014-1715
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): chromium-browser
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24516
 
Oval ID: oval:org.mitre.oval:def:24516
Title: Vulnerability in Google Chrome before 35.0.1916.114 allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content
Description: Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)."
Family: windows Class: vulnerability
Reference(s): CVE-2014-1747
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24525
 
Oval ID: oval:org.mitre.oval:def:24525
Title: Use-after-free vulnerability in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact
Description: Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1743
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24532
 
Oval ID: oval:org.mitre.oval:def:24532
Title: Use-after-free vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1724)
Description: Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1724
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24546
 
Oval ID: oval:org.mitre.oval:def:24546
Title: Use-after-free vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1727)
Description: Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1727
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24578
 
Oval ID: oval:org.mitre.oval:def:24578
Title: Use-after-free vulnerability in Google Chrome before 34.0.1847.137 on Windows (CVE-2014-1742)
Description: Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper RenderObject handling.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1742
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24583
 
Oval ID: oval:org.mitre.oval:def:24583
Title: Integer overflow vulnerability in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact
Description: Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1744
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24594
 
Oval ID: oval:org.mitre.oval:def:24594
Title: Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1723)
Description: The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1723
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24602
 
Oval ID: oval:org.mitre.oval:def:24602
Title: Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1721)
Description: Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1721
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24608
 
Oval ID: oval:org.mitre.oval:def:24608
Title: Use-after-free vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1719)
Description: Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1719
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24669
 
Oval ID: oval:org.mitre.oval:def:24669
Title: Vulnerability in Google Chrome before 34.0.1847.116 on Windows (CVE-2014-1718)
Description: Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1718
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24693
 
Oval ID: oval:org.mitre.oval:def:24693
Title: Use-after-free vulnerability in Google Chrome before 34.0.1847.137 on Windows (CVE-2014-1740)
Description: Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1740
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24715
 
Oval ID: oval:org.mitre.oval:def:24715
Title: Multiple integer overflow vulnerability in Google Chrome before 34.0.1847.137 on Windows
Description: Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to ranges.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1741
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24746
 
Oval ID: oval:org.mitre.oval:def:24746
Title: Use-after-free vulnerability in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact
Description: Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1745
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24782
 
Oval ID: oval:org.mitre.oval:def:24782
Title: Vulnerability in Google Chrome before 36.0.1985.125, allow attackers to cause a denial of service or possibly have other impact
Description: Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3162
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24791
 
Oval ID: oval:org.mitre.oval:def:24791
Title: Vulnerability in Google Chrome before 35.0.1916.153, allows remote attackers to cause a denial of service or possibly have unspecified other impact
Description: Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_client.cc and content/renderer/webclipboard_impl.cc.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3156
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24831
 
Oval ID: oval:org.mitre.oval:def:24831
Title: Heap-based buffer overflow vulnerability in Google Chrome before 35.0.1916.153, allows remote attackers to cause a denial of service or possibly have unspecified other impact
Description: Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3157
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24855
 
Oval ID: oval:org.mitre.oval:def:24855
Title: Vulnerability in Google Chrome before 36.0.1985.125, allows remote attackers to bypass the Same Origin Policy via a crafted file
Description: The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3160
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25017
 
Oval ID: oval:org.mitre.oval:def:25017
Title: Vulnerability in Google Chrome before 35.0.1916.153, allows remote attackers to cause a denial of service (out-of-bounds read)
Description: net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3155
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25028
 
Oval ID: oval:org.mitre.oval:def:25028
Title: Use-after-free vulnerability in Google Chrome before 35.0.1916.153, allows remote attackers to cause a denial of service or possibly have unspecified other impact
Description: Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3154
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25078
 
Oval ID: oval:org.mitre.oval:def:25078
Title: DSA-2959-1 chromium-browser - security update
Description: Several vulnerabilities have been discovered in the chromium web browser.
Family: unix Class: patch
Reference(s): DSA-2959-1
CVE-2014-3154
CVE-2014-3155
CVE-2014-3156
CVE-2014-3157
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): chromium-browser
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25510
 
Oval ID: oval:org.mitre.oval:def:25510
Title: Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143
Description: Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3165
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25735
 
Oval ID: oval:org.mitre.oval:def:25735
Title: The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation
Description: The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3172
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25970
 
Oval ID: oval:org.mitre.oval:def:25970
Title: Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors
Description: Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3167
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26033
 
Oval ID: oval:org.mitre.oval:def:26033
Title: The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer
Description: The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3173
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26114
 
Oval ID: oval:org.mitre.oval:def:26114
Title: Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8
Description: Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3177
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26311
 
Oval ID: oval:org.mitre.oval:def:26311
Title: The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows does not correctly consider the properties of SPDY connections
Description: The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3166
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26339
 
Oval ID: oval:org.mitre.oval:def:26339
Title: extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name
Description: extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3170
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26403
 
Oval ID: oval:org.mitre.oval:def:26403
Title: Allows attackers to cause a denial of service or possibly have other impact
Description: Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1735
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26543
 
Oval ID: oval:org.mitre.oval:def:26543
Title: Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94
Description: Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3169
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26585
 
Oval ID: oval:org.mitre.oval:def:26585
Title: modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients
Description: modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3174
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26624
 
Oval ID: oval:org.mitre.oval:def:26624
Title: USN-2320-1 -- oxide-qt vulnerabilities
Description: Several security issues were fixed in Oxide.
Family: unix Class: patch
Reference(s): USN-2320-1
CVE-2014-3165
CVE-2014-3166
CVE-2014-3167
Version: 3
Platform(s): Ubuntu 14.04
Product(s): oxide-qt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26628
 
Oval ID: oval:org.mitre.oval:def:26628
Title: DEPRECATED: SUSE-SU-2014:1035-1 -- Security update for flash-player
Description: This flash-player update fixes the several security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1035-1
CVE-2014-0540
CVE-2014-0542
CVE-2014-0543
CVE-2014-0544
CVE-2014-0545
CVE-2014-0541
CVE-2014-0538
Version: 4
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): flash-player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26639
 
Oval ID: oval:org.mitre.oval:def:26639
Title: Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors
Description: Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3175
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26647
 
Oval ID: oval:org.mitre.oval:def:26647
Title: Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8
Description: Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3176
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26658
 
Oval ID: oval:org.mitre.oval:def:26658
Title: Allows attackers to cause a denial of service or possibly have other impact
Description: Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1734
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26672
 
Oval ID: oval:org.mitre.oval:def:26672
Title: Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94
Description: Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3168
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26678
 
Oval ID: oval:org.mitre.oval:def:26678
Title: USN-2326-1 -- oxide-qt vulnerabilities
Description: Several security issues were fixed in Oxide.
Family: unix Class: patch
Reference(s): USN-2326-1
CVE-2014-3168
CVE-2014-3169
CVE-2014-3171
CVE-2014-3173
CVE-2014-3174
CVE-2014-3175
Version: 3
Platform(s): Ubuntu 14.04
Product(s): oxide-qt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26727
 
Oval ID: oval:org.mitre.oval:def:26727
Title: Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94
Description: Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3171
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26738
 
Oval ID: oval:org.mitre.oval:def:26738
Title: Allows remote attackers to cause a denial of service or possibly have unspecified other impact
Description: core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1731
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26766
 
Oval ID: oval:org.mitre.oval:def:26766
Title: Allows remote attackers to bypass intended sandbox restrictions
Description: The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1733
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26790
 
Oval ID: oval:org.mitre.oval:def:26790
Title: Allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values
Description: Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1730
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26793
 
Oval ID: oval:org.mitre.oval:def:26793
Title: Allows attackers to cause a denial of service or possibly have other impact
Description: Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1749
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26835
 
Oval ID: oval:org.mitre.oval:def:26835
Title: Allows remote attackers to cause a denial of service or possibly have unspecified other impact
Description: Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1732
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26859
 
Oval ID: oval:org.mitre.oval:def:26859
Title: SUSE-SU-2014:1035-1 -- Security update for flash-player
Description: This flash-player update fixes the several security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1035-1
CVE-2014-0540
CVE-2014-0542
CVE-2014-0543
CVE-2014-0544
CVE-2014-0545
CVE-2014-0541
CVE-2014-0538
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): flash-player
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 64
Application 317
Application 3897
Application 259
Os 2
Os 3
Os 2

Information Assurance Vulnerability Management (IAVM)

Date Description
2014-07-24 IAVM : 2014-B-0100 - Multiple Security Vulnerabilities in Google Chrome
Severity : Category I - VMSKEY : V0053311
2014-06-12 IAVM : 2014-B-0071 - Multiple Vulnerabilities in Google Chrome
Severity : Category I - VMSKEY : V0052483
2014-05-22 IAVM : 2014-B-0060 - Multiple Vulnerabilities in Google Chrome
Severity : Category I - VMSKEY : V0050897
2014-05-15 IAVM : 2014-B-0056 - Multiple Vulnerabilities in Google Chrome
Severity : Category I - VMSKEY : V0050433
2014-05-01 IAVM : 2014-B-0048 - Multiple Security Vulnerabilities in Apple iOS
Severity : Category I - VMSKEY : V0050015
2014-05-01 IAVM : 2014-B-0049 - Multiple Vulnerabilities in Google Chrome
Severity : Category I - VMSKEY : V0050017
2014-04-10 IAVM : 2014-B-0039 - Multiple Vulnerabilities in Google Chrome
Severity : Category I - VMSKEY : V0048683
2014-03-20 IAVM : 2014-B-0031 - Multiple Security Vulnerabilities in Google Chrome
Severity : Category I - VMSKEY : V0046767
2014-03-13 IAVM : 2014-B-0026 - Multiple Security Vulnerabilities in Google Chrome
Severity : Category I - VMSKEY : V0046159

Snort® IPS/IDS

Date Description
2018-07-26 Google Chrome V8 __defineGetter__ memory corruption attempt
RuleID : 47019 - Revision : 3 - Type : BROWSER-CHROME
2018-07-26 Google Chrome V8 __defineGetter__ memory corruption attempt
RuleID : 47018 - Revision : 3 - Type : BROWSER-CHROME
2014-11-25 Google Chrome Blink locationAttributeSetter use after free attempt
RuleID : 32320 - Revision : 4 - Type : BROWSER-CHROME
2014-11-25 Google Chrome Blink locationAttributeSetter use after free attempt
RuleID : 32319 - Revision : 4 - Type : BROWSER-CHROME
2014-11-16 Adobe Flash Player MMgc use-after-free attempt
RuleID : 31733 - Revision : 3 - Type : FILE-FLASH
2014-11-16 Adobe Flash Player MMgc use-after-free attempt
RuleID : 31732 - Revision : 3 - Type : FILE-FLASH
2014-01-10 MHTML XSS attempt
RuleID : 20133 - Revision : 10 - Type : FILE-OTHER

Nessus® Vulnerability Scanner

Date Description
2016-04-01 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-412.nasl - Type : ACT_GATHER_INFO
2016-04-01 Name : The remote Fedora host is missing a security update.
File : fedora_2016-9ec1850fff.nasl - Type : ACT_GATHER_INFO
2016-03-28 Name : The remote Fedora host is missing a security update.
File : fedora_2016-fde7ffcb77.nasl - Type : ACT_GATHER_INFO
2016-03-28 Name : The remote Fedora host is missing a security update.
File : fedora_2016-a4fcb02d6b.nasl - Type : ACT_GATHER_INFO
2016-03-23 Name : The remote Fedora host is missing a security update.
File : fedora_2016-5d6d75dbea.nasl - Type : ACT_GATHER_INFO
2016-03-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2937-1.nasl - Type : ACT_GATHER_INFO
2016-03-21 Name : The remote Fedora host is missing a security update.
File : fedora_2016-1a7f7ffb58.nasl - Type : ACT_GATHER_INFO
2016-02-05 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_1091d2d1cb2e11e5b14bbcaec565249c.nasl - Type : ACT_GATHER_INFO
2014-12-16 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : macosx_Safari8_0_2.nasl - Type : ACT_GATHER_INFO
2014-10-21 Name : The remote host contains an application that is affected by multiple vulnerab...
File : itunes_12_0_1_banner.nasl - Type : ACT_GATHER_INFO
2014-10-21 Name : The remote host contains an application that is affected by multiple vulnerab...
File : itunes_12_0_1.nasl - Type : ACT_GATHER_INFO
2014-09-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3039.nasl - Type : ACT_GATHER_INFO
2014-09-23 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-550.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2326-1.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-16.nasl - Type : ACT_GATHER_INFO
2014-08-27 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_fd5f305d2d3d11e4aa3d00262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2014-08-27 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_37_0_2062_94.nasl - Type : ACT_GATHER_INFO
2014-08-27 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_google_chrome_37_0_2062_94.nasl - Type : ACT_GATHER_INFO
2014-08-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2320-1.nasl - Type : ACT_GATHER_INFO
2014-08-19 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_flash-player-140814.nasl - Type : ACT_GATHER_INFO
2014-08-15 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-494.nasl - Type : ACT_GATHER_INFO
2014-08-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-05.nasl - Type : ACT_GATHER_INFO
2014-08-14 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-1051.nasl - Type : ACT_GATHER_INFO
2014-08-14 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_df7754c0229411e4b505000c6e25e3e9.nasl - Type : ACT_GATHER_INFO
2014-08-13 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_36_0_1985_143.nasl - Type : ACT_GATHER_INFO
2014-08-13 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_google_chrome_36_0_1985_143.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote host has an ActiveX control installed that is affected by multiple...
File : smb_kb2982794.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-483.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote Mac OS X host has a browser plugin that is affected by multiple vu...
File : macosx_flash_player_14_0_0_176.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote Mac OS X host contains a version of Adobe AIR that is affected by ...
File : macosx_adobe_air_14_0_0_178.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote Windows host has a browser plugin that is affected by multiple vul...
File : flash_player_apsb14-18.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote Windows host contains a version of Adobe AIR that is affected by m...
File : adobe_air_apsb14-18.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2298-1.nasl - Type : ACT_GATHER_INFO
2014-07-18 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_3718833e0d2711e489db000c6e25e3e9.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_36_0_1985_125.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_google_chrome_36_0_1985_125.nasl - Type : ACT_GATHER_INFO
2014-06-16 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2959.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-420.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-371.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-370.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-330.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-280.nasl - Type : ACT_GATHER_INFO
2014-06-12 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_0b0fb9b0f0fb11e39bcd000c6e25e3e9.nasl - Type : ACT_GATHER_INFO
2014-06-11 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_35_0_1916_153.nasl - Type : ACT_GATHER_INFO
2014-06-11 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_google_chrome_35_0_1916_153.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : opera_2200.nasl - Type : ACT_GATHER_INFO
2014-06-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2939.nasl - Type : ACT_GATHER_INFO
2014-05-22 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : macosx_Safari7_0_4.nasl - Type : ACT_GATHER_INFO
2014-05-21 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_google_chrome_35_0_1916_114.nasl - Type : ACT_GATHER_INFO
2014-05-21 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_35_0_1916_114.nasl - Type : ACT_GATHER_INFO
2014-05-21 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_64f3872be05d11e39dd400262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2014-05-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2930.nasl - Type : ACT_GATHER_INFO
2014-05-15 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_cdf450fcdb5211e3a9fc00262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2014-05-14 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_34_0_1847_137.nasl - Type : ACT_GATHER_INFO
2014-05-14 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_google_chrome_34_0_1847_137.nasl - Type : ACT_GATHER_INFO
2014-05-05 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2920.nasl - Type : ACT_GATHER_INFO
2014-05-01 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_7cf25a0cd03111e3947b00262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2014-04-25 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_google_chrome_34_0_1847_131.nasl - Type : ACT_GATHER_INFO
2014-04-25 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_34_0_1847_131.nasl - Type : ACT_GATHER_INFO
2014-04-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2905.nasl - Type : ACT_GATHER_INFO
2014-04-16 Name : The remote Fedora host is missing a security update.
File : fedora_2014-4625.nasl - Type : ACT_GATHER_INFO
2014-04-09 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_963413a5bf5011e3a2d600262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_google_chrome_34_0_1847_116.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_34_0_1847_116.nasl - Type : ACT_GATHER_INFO
2014-04-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-4081.nasl - Type : ACT_GATHER_INFO
2014-04-02 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : macosx_Safari7_0_3.nasl - Type : ACT_GATHER_INFO
2014-03-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2883.nasl - Type : ACT_GATHER_INFO
2014-03-18 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_google_chrome_33_0_1750_152.nasl - Type : ACT_GATHER_INFO
2014-03-18 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_33_0_1750_154.nasl - Type : ACT_GATHER_INFO
2014-03-17 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_a70966a1ac2211e38d0400262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2014-03-12 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_24cefa4ba94011e391f200262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2014-03-11 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_google_chrome_33_0_1750_149.nasl - Type : ACT_GATHER_INFO
2014-03-11 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_33_0_1750_149.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-08-31 13:25:15
  • Multiple Updates
2014-08-30 05:23:30
  • First insertion