Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Chromium, V8: Multiple vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | GLSA-201111-01 | First vendor Publication | 2011-11-01 |
| Vendor | Gentoo | Last vendor Modification | 2011-11-01 |
| Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Synopsis Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code and local root privilege escalation. Background Description Impact A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker also could obtain cookies and other sensitive information, conduct man-in-the-middle attacks, perform address bar spoofing, bypass the same origin policy, perform Cross-Site Scripting attacks, or bypass pop-up blocks. Workaround Resolution All V8 users should upgrade to the latest version: References Availability http://security.gentoo.org/glsa/glsa-201111-01.xml |
Original Source
| Url : http://security.gentoo.org/glsa/glsa-201111-01.xml |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 27 % | CWE-416 | Use After Free |
| 22 % | CWE-20 | Improper Input Validation |
| 16 % | CWE-125 | Out-of-bounds Read |
| 6 % | CWE-362 | Race Condition |
| 6 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 4 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 2 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
| 2 % | CWE-565 | Reliance on Cookies without Validation and Integrity Checking |
| 2 % | CWE-476 | NULL Pointer Dereference |
| 2 % | CWE-415 | Double Free |
| 2 % | CWE-346 | Origin Validation Error |
| 2 % | CWE-295 | Certificate Issues |
| 2 % | CWE-276 | Incorrect Default Permissions |
| 2 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 2 % | CWE-193 | Off-by-one Error |
| 2 % | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12275 | |||
| Oval ID: | oval:org.mitre.oval:def:12275 | ||
| Title: | Vulnerability in Google Chrome before 15.0.874.102 involving drag and drop operations allows URL bar spoofing via unspecified vectors | ||
| Description: | Google Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3875 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12286 | |||
| Oval ID: | oval:org.mitre.oval:def:12286 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 15.0.874.102 related to video source handling | ||
| Description: | Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video source handling. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3890 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12672 | |||
| Oval ID: | oval:org.mitre.oval:def:12672 | ||
| Title: | Google Chrome before 15.0.874.102 does not prevent use of an unspecified special character as a delimiter in HTTP headers | ||
| Description: | Google Chrome before 15.0.874.102 does not prevent use of an unspecified special character as a delimiter in HTTP headers, which has unknown impact and remote attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3880 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12763 | |||
| Oval ID: | oval:org.mitre.oval:def:12763 | ||
| Title: | Cross-site scripting (XSS) vulnerability in the appcache internals page in Google Chrome before 15.0.874.102 | ||
| Description: | Cross-site scripting (XSS) vulnerability in the appcache internals page in Google Chrome before 15.0.874.102 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3877 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12811 | |||
| Oval ID: | oval:org.mitre.oval:def:12811 | ||
| Title: | Race condition in Google Chrome before 15.0.874.102 allows remote denial of service | ||
| Description: | Race condition in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker process initialization. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3878 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12860 | |||
| Oval ID: | oval:org.mitre.oval:def:12860 | ||
| Title: | Heap-based buffer overflow in the Web Audio implementation in Google Chrome before 15.0.874.102 | ||
| Description: | Heap-based buffer overflow in the Web Audio implementation in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3889 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12940 | |||
| Oval ID: | oval:org.mitre.oval:def:12940 | ||
| Title: | Google Chrome before 15.0.874.102 allows remote attackers to bypass the Same Origin Policy | ||
| Description: | WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3881 | Version: | 12 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13042 | |||
| Oval ID: | oval:org.mitre.oval:def:13042 | ||
| Title: | Vulnerability in Google Chrome before 15.0.874.102 involving file downloads allows remote attack vectors | ||
| Description: | Google Chrome before 15.0.874.102 does not properly handle downloading files that have whitespace characters at the end of a filename, which has unspecified impact and user-assisted remote attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3876 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13044 | |||
| Oval ID: | oval:org.mitre.oval:def:13044 | ||
| Title: | Vulnerability in Google Chrome before 15.0.874.102 involving history data allows URL bar spoofing via unspecified vectors | ||
| Description: | Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2845 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13091 | |||
| Oval ID: | oval:org.mitre.oval:def:13091 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 15.0.874.102 related to counters | ||
| Description: | Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counters. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3883 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13107 | |||
| Oval ID: | oval:org.mitre.oval:def:13107 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 15.0.874.102 related to editing operations in conjunction with an unknown plug-in. | ||
| Description: | Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3888 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13172 | |||
| Oval ID: | oval:org.mitre.oval:def:13172 | ||
| Title: | Google Chrome before 15.0.874.102 does not properly restrict access to internal Google V8 functions | ||
| Description: | Google Chrome before 15.0.874.102 does not properly restrict access to internal Google V8 functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3891 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13179 | |||
| Oval ID: | oval:org.mitre.oval:def:13179 | ||
| Title: | Google Chrome before 15.0.874.102 does not properly handle javascript: URLs | ||
| Description: | Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3887 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13196 | |||
| Oval ID: | oval:org.mitre.oval:def:13196 | ||
| Title: | Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal | ||
| Description: | Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3884 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13201 | |||
| Oval ID: | oval:org.mitre.oval:def:13201 | ||
| Title: | Google V8 out-of-bounds write operations vulnerability | ||
| Description: | Google V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-of-bounds write operations. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3886 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13216 | |||
| Oval ID: | oval:org.mitre.oval:def:13216 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 15.0.874.102 related to stale Cascading Style Sheets (CSS) token-sequence data | ||
| Description: | Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3885 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13246 | |||
| Oval ID: | oval:org.mitre.oval:def:13246 | ||
| Title: | Google Chrome before 15.0.874.102 does not prevent redirects to chrome: URLs | ||
| Description: | Google Chrome before 15.0.874.102 does not prevent redirects to chrome: URLs, which has unspecified impact and remote attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3879 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13266 | |||
| Oval ID: | oval:org.mitre.oval:def:13266 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 15.0.874.102 related to media buffers | ||
| Description: | Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media buffers. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3882 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13915 | |||
| Oval ID: | oval:org.mitre.oval:def:13915 | ||
| Title: | Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button. | ||
| Description: | Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2848 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14019 | |||
| Oval ID: | oval:org.mitre.oval:def:14019 | ||
| Title: | Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | ||
| Description: | Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2841 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14040 | |||
| Oval ID: | oval:org.mitre.oval:def:14040 | ||
| Title: | Google Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Description: | Google Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2851 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14047 | |||
| Oval ID: | oval:org.mitre.oval:def:14047 | ||
| Title: | The WebSockets implementation in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | ||
| Description: | The WebSockets implementation in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2849 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14053 | |||
| Oval ID: | oval:org.mitre.oval:def:14053 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements. | ||
| Description: | Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2351 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14103 | |||
| Oval ID: | oval:org.mitre.oval:def:14103 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG fonts. | ||
| Description: | Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG fonts. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2346 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14139 | |||
| Oval ID: | oval:org.mitre.oval:def:14139 | ||
| Title: | DEPRECATED: Google Chrome before 14.0.835.163 on Linux does not use the PIC and PIE compiler options for position-independent code, which has unspecified impact and attack vectors. | ||
| Description: | Google Chrome before 14.0.835.163 on Linux does not use the PIC and PIE compiler options for position-independent code, which has unspecified impact and attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2837 | Version: | 13 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14224 | |||
| Oval ID: | oval:org.mitre.oval:def:14224 | ||
| Title: | Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Description: | Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3234 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14234 | |||
| Oval ID: | oval:org.mitre.oval:def:14234 | ||
| Title: | Race condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache. | ||
| Description: | Race condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2835 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14261 | |||
| Oval ID: | oval:org.mitre.oval:def:14261 | ||
| Title: | Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors. | ||
| Description: | Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2838 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14262 | |||
| Oval ID: | oval:org.mitre.oval:def:14262 | ||
| Title: | Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||
| Description: | Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2856 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14296 | |||
| Oval ID: | oval:org.mitre.oval:def:14296 | ||
| Title: | Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Description: | Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2864 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14324 | |||
| Oval ID: | oval:org.mitre.oval:def:14324 | ||
| Title: | Google V8, as used in Google Chrome before 12.0.742.112, performs an incorrect bounds check, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Description: | Google V8, as used in Google Chrome before 12.0.742.112, performs an incorrect bounds check, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2348 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14371 | |||
| Oval ID: | oval:org.mitre.oval:def:14371 | ||
| Title: | DEPRECATED: The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Description: | The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2839 | Version: | 13 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14372 | |||
| Oval ID: | oval:org.mitre.oval:def:14372 | ||
| Title: | DEPRECATED: Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Description: | Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-1444 | Version: | 13 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14395 | |||
| Oval ID: | oval:org.mitre.oval:def:14395 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling. | ||
| Description: | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2853 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14410 | |||
| Oval ID: | oval:org.mitre.oval:def:14410 | ||
| Title: | Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | ||
| Description: | Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2834 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14411 | |||
| Oval ID: | oval:org.mitre.oval:def:14411 | ||
| Title: | The NPAPI implementation in Google Chrome before 12.0.742.112 does not properly handle strings, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Description: | The NPAPI implementation in Google Chrome before 12.0.742.112 does not properly handle strings, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2345 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14431 | |||
| Oval ID: | oval:org.mitre.oval:def:14431 | ||
| Title: | Google V8, as used in Google Chrome before 14.0.835.163, does not properly restrict access to built-in objects, which has unspecified impact and remote attack vectors. | ||
| Description: | Google V8, as used in Google Chrome before 14.0.835.163, does not properly restrict access to built-in objects, which has unspecified impact and remote attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2862 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14451 | |||
| Oval ID: | oval:org.mitre.oval:def:14451 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling. | ||
| Description: | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2846 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14454 | |||
| Oval ID: | oval:org.mitre.oval:def:14454 | ||
| Title: | Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors. | ||
| Description: | Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2874 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14479 | |||
| Oval ID: | oval:org.mitre.oval:def:14479 | ||
| Title: | The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Description: | The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2350 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14485 | |||
| Oval ID: | oval:org.mitre.oval:def:14485 | ||
| Title: | Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | ||
| Description: | Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2855 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14491 | |||
| Oval ID: | oval:org.mitre.oval:def:14491 | ||
| Title: | Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction." | ||
| Description: | Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2840 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14499 | |||
| Oval ID: | oval:org.mitre.oval:def:14499 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles. | ||
| Description: | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2860 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14537 | |||
| Oval ID: | oval:org.mitre.oval:def:14537 | ||
| Title: | Google Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||
| Description: | Google Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3873 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14547 | |||
| Oval ID: | oval:org.mitre.oval:def:14547 | ||
| Title: | Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Description: | Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2843 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14551 | |||
| Oval ID: | oval:org.mitre.oval:def:14551 | ||
| Title: | Off-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Description: | Off-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2852 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14592 | |||
| Oval ID: | oval:org.mitre.oval:def:14592 | ||
| Title: | Google Chrome before 14.0.835.163 does not properly handle triangle arrays, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Description: | Google Chrome before 14.0.835.163 does not properly handle triangle arrays, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2858 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14593 | |||
| Oval ID: | oval:org.mitre.oval:def:14593 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller. | ||
| Description: | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2857 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14594 | |||
| Oval ID: | oval:org.mitre.oval:def:14594 | ||
| Title: | Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors. | ||
| Description: | Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2859 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14649 | |||
| Oval ID: | oval:org.mitre.oval:def:14649 | ||
| Title: | Google Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| Description: | Google Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2347 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14677 | |||
| Oval ID: | oval:org.mitre.oval:def:14677 | ||
| Title: | Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation. | ||
| Description: | Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2861 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14691 | |||
| Oval ID: | oval:org.mitre.oval:def:14691 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing." | ||
| Description: | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2854 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14695 | |||
| Oval ID: | oval:org.mitre.oval:def:14695 | ||
| Title: | Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | ||
| Description: | Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2847 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14696 | |||
| Oval ID: | oval:org.mitre.oval:def:14696 | ||
| Title: | Google Chrome before 14.0.835.163 does not properly process MP3 files, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Description: | Google Chrome before 14.0.835.163 does not properly process MP3 files, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2844 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14710 | |||
| Oval ID: | oval:org.mitre.oval:def:14710 | ||
| Title: | Google Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Description: | Google Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2850 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14712 | |||
| Oval ID: | oval:org.mitre.oval:def:14712 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text selection. | ||
| Description: | Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text selection. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2349 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27147 | |||
| Oval ID: | oval:org.mitre.oval:def:27147 | ||
| Title: | RHSA-2011:1749 -- libxml2 security and bug fix update (Low) | ||
| Description: | The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) Multiple flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. This update also fixes the following bugs: * A number of patches have been applied to harden the XPath processing code in libxml2, such as fixing memory leaks, rounding errors, XPath numbers evaluations, and a potential error in encoding conversion. (BZ#732335) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:1749 CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27925 | |||
| Oval ID: | oval:org.mitre.oval:def:27925 | ||
| Title: | DEPRECATED: ELSA-2012-0017 -- libxml2 security update (important) | ||
| Description: | [2.6.26-2.1.12.0.1.el5_7.2] - Add libxml2-enterprise.patch - Replaced docs/redhat.gif in tarball with updated image [2.6.26-2.1.12.el5_7.2] - Fix the semantic of XPath axis for namespace/attribute nodes CVE-2010-4008 - Fix an off by one error in encoding CVE-2011-0216 - Fix some potential problems on reallocation failures CVE-2011-1944 - Fix missing error status in XPath evaluation CVE-2011-2834 - Make sure the parser returns when getting a Stop order CVE-2011-3905 - Fix an allocation error when copying entities CVE-2011-3919.patch - Resolves: rhbz#771906 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0017 CVE-2011-3905 CVE-2011-3919 CVE-2010-4008 CVE-2011-0216 CVE-2011-1944 CVE-2011-2834 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27942 | |||
| Oval ID: | oval:org.mitre.oval:def:27942 | ||
| Title: | ELSA-2011-1749 -- libxml2 security and bug fix update (low) | ||
| Description: | [2.7.6-4.0.1.el6] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.7.6-4] - Fixes another XPath problem CVE-2011-2834 - Resolves: rhbz#732335 [2.7.6-3] - Fixes various other issues in 2.7.6 XPath evaluation - Resolves: rhbz#732335 [2.7.6-2] - Fix a potential crasher in XPath or XSLT, CVE-2011-1944 - Resolves: rhbz#710397 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-1749 CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 | Version: | 3 |
| Platform(s): | Oracle Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2011-10-04 | Google Chrome < 14.0.835.163 PDF File Handling Memory Corruption |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-10-03 | Name : Fedora Update for libxml2 FEDORA-2012-13824 File : nvt/gb_fedora_2012_13824_libxml2_fc16.nasl |
| 2012-09-27 | Name : Fedora Update for libxml2 FEDORA-2012-13820 File : nvt/gb_fedora_2012_13820_libxml2_fc17.nasl |
| 2012-07-30 | Name : CentOS Update for libxml2 CESA-2012:0016 centos4 File : nvt/gb_CESA-2012_0016_libxml2_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for libxml2 CESA-2012:0017 centos5 File : nvt/gb_CESA-2012_0017_libxml2_centos5.nasl |
| 2012-07-30 | Name : Apple Safari Multiple Vulnerabilities - July 2012 (Mac OS X) File : nvt/gb_apple_safari_mult_vuln_jul12_macosx.nasl |
| 2012-07-13 | Name : VMSA-2012-0012 VMware ESXi update addresses several security issues. File : nvt/gb_VMSA-2012-0012.nasl |
| 2012-07-09 | Name : RedHat Update for libxml2 RHSA-2011:1749-03 File : nvt/gb_RHSA-2011_1749-03_libxml2.nasl |
| 2012-05-24 | Name : Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows) File : nvt/secpod_apple_safari_mult_vuln_win_oct11.nasl |
| 2012-05-18 | Name : Mac OS X Multiple Vulnerabilities (2012-002) File : nvt/gb_macosx_su12-002.nasl |
| 2012-03-20 | Name : Apple iTunes Multiple Vulnerabilities - Mar12 (Win) File : nvt/gb_apple_itunes_mult_vuln_mar12_win.nasl |
| 2012-03-13 | Name : Apple Safari Webkit Multiple Vulnerabilities - March12 (Mac OS X) File : nvt/gb_apple_safari_webkit_mult_vuln_mar12_macosx.nasl |
| 2012-03-13 | Name : Apple Safari Webkit Multiple Vulnerabilities - March12 (Win) File : nvt/gb_apple_safari_webkit_mult_vuln_mar12_win.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-26 (libxml2) File : nvt/glsa_201110_26.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-01 (chromium v8) File : nvt/glsa_201111_01.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2394-1 (libxml2) File : nvt/deb_2394_1.nasl |
| 2012-01-20 | Name : Ubuntu Update for libxml2 USN-1334-1 File : nvt/gb_ubuntu_USN_1334_1.nasl |
| 2012-01-13 | Name : RedHat Update for libxml2 RHSA-2012:0017-01 File : nvt/gb_RHSA-2012_0017-01_libxml2.nasl |
| 2012-01-13 | Name : RedHat Update for libxml2 RHSA-2012:0016-01 File : nvt/gb_RHSA-2012_0016-01_libxml2.nasl |
| 2011-10-28 | Name : Google Chrome multiple vulnerabilities - October11 (Linux) File : nvt/gb_google_chrome_mult_vuln_oct11_lin01.nasl |
| 2011-10-28 | Name : Google Chrome Multiple Vulnerabilities - October11 (Windows) File : nvt/gb_google_chrome_mult_vuln_oct11_win01.nasl |
| 2011-10-28 | Name : Google Chrome multiple vulnerabilities - October11 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln_oct11_macosx01.nasl |
| 2011-10-20 | Name : Apple MAC OS X v10.6.8 Safari Multiple Vulnerabilities File : nvt/gb_safari_mult_vuln_macosx.nasl |
| 2011-10-20 | Name : Apple iTunes Multiple Vulnerabilities - Oct 11 File : nvt/gb_apple_itunes_mult_vuln_oct11_win.nasl |
| 2011-10-18 | Name : Google Chrome Multiple Vulnerabilities - October11 (Windows) File : nvt/gb_google_chrome_mult_vuln_oct11_win.nasl |
| 2011-10-18 | Name : Google Chrome multiple vulnerabilities - October11 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln_oct11_macosx.nasl |
| 2011-10-18 | Name : Google Chrome multiple vulnerabilities - October11 (Linux) File : nvt/gb_google_chrome_mult_vuln_oct11_lin.nasl |
| 2011-10-10 | Name : Mandriva Update for libxml2 MDVSA-2011:145 (libxml2) File : nvt/gb_mandriva_MDVSA_2011_145.nasl |
| 2011-09-23 | Name : Google Chrome Multiple Vulnerabilities - Sep11 (Lin) File : nvt/secpod_google_chrome_mult_vuln_sep11_lin.nasl |
| 2011-09-23 | Name : Google Chrome Multiple Vulnerabilities - Sep11 (Mac OS X) File : nvt/secpod_google_chrome_mult_vuln_sep11_macosx.nasl |
| 2011-09-23 | Name : Google Chrome Multiple Vulnerabilities - Sep11 (Win) File : nvt/secpod_google_chrome_mult_vuln_sep11_win.nasl |
| 2011-09-07 | Name : Google Chrome multiple vulnerabilities - September11 (Linux) File : nvt/gb_google_chrome_mult_vuln_sep11_lin.nasl |
| 2011-08-03 | Name : Debian Security Advisory DSA 2245-1 (chromium-browser) File : nvt/deb_2245_1.nasl |
| 2011-07-01 | Name : Google Chrome Multiple Vulnerabilities (Linux) - June 11 File : nvt/secpod_google_chrome_mult_vuln_lin_jun11.nasl |
| 2011-07-01 | Name : Google Chrome Multiple Vulnerabilities (Windows) - June 11 File : nvt/secpod_google_chrome_mult_vuln_win_jun11.nasl |
| 2011-05-11 | Name : Google Chrome multiple vulnerabilities - May11 (Linux) File : nvt/gb_google_chrome_mult_vuln_may11_lin.nasl |
| 2011-01-24 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 76562 | Google Chrome Internal v8 Function Exposure |
| 76561 | Google Chrome Use-after-free Video Source Handling Remote Code Execution |
| 76560 | Google Chrome Web Audio Overflow |
| 76559 | Google Chrome Use-after-free Plug-ins and Editing Remote Code Execution |
| 76558 | Google Chrome Javascript URI Cookie Disclosure |
| 76557 | Google Chrome v8 Out-of-bounds Write Remote Code Execution |
| 76556 | Google Chrome Multiple Use-after-free Stale Style Sheet Handling Remote Code ... |
| 76555 | Google Chrome Unspecified DOM Traversal Timing Issue |
| 76554 | Google Chrome Use-after-free Counter Handling Remote Code Execution |
| 76553 | Google Chrome Use-after-free Media Buffer Handling Remote Code Execution |
| 76552 | Google Chrome Multiple Unspecified Same Origin Policy Bypass |
| 76551 | Google Chrome HTTP Header Delimiter Unspecified Character Prevention Weakness |
| 76550 | Google Chrome Chrome Scheme URI Redirection |
| 76549 | Google Chrome Worker Process Initialization Unspecified Race Condition Issue |
| 76548 | Google Chrome Appcache Internals Page XSS |
| 76547 | Google Chrome Download Filename Whitespace Stripping Issue |
| 76546 | Google Chrome Drag and Drop URL Bar Spoofing |
| 76545 | Google Chrome History Handling URL Bar Spoofing |
| 76067 | Google Chrome Shader Translator Remote Memory Corruption |
| 75567 | Google Chrome Self-signed Certificate Pin Operation Unspecified Issue |
| 75566 | Google Chrome Out-of-bounds Read Triangle Array Handling Remote DoS |
| 75565 | Google Chrome Out-of-bounds Read Tibetan Character Handling Remote DoS |
| 75564 | Google Chrome v8 Built-in Object Access Restriction Bypass |
| 75563 | Google Chrome String Reading Weakness PDF Handling Unspecified Issue |
| 75562 | Google Chrome Use-after-free Table Style Handling Remote Code Execution |
| 75561 | Google Chrome Non-Gallery Page Permission Weakness |
| 75560 | Google Chrome Double-free libxml XPath Handling Remote Code Execution |
| 75559 | Google Chrome Use-after-free Focus Controller Remote Code Execution |
| 75558 | Google Chrome v8 Unspecified Same-origin Policy Bypass |
| 75557 | Google Chrome Stale Node Stylesheet Handling Remote Code Execution |
| 75556 | Google Chrome Use-after-free ruby / table Style Handling Remote Code Execution |
| 75555 | Google Chrome Use-after-free Plugin Handling Remote Code Execution |
| 75553 | Google Chrome v8 Off-by-one Unspecified Issue |
| 75552 | Google Chrome Out-of-bounds Read Video Handling Remote DoS |
| 75551 | Google Chrome Out-of-bounds Read Khmer Character Handling Remote DoS |
| 75550 | Google Chrome Out-of-bounds Read Box Handling Remote DoS |
| 75549 | Google Chrome WebSockets Unspecified Remote DoS |
| 75548 | Google Chrome Forward Button URL Bar Spoofing Weakness |
| 75547 | Google Chrome Use-after-free Document Loader Remote Code Execution |
| 75546 | Google Chrome Unspecified URL Bar Spoofing Weakness |
| 75545 | Google Chrome Use-after-free Unload Event Handling Remote Code Execution |
| 75544 | Google Chrome Out-of-bounds Read mp3 File Handling Remote DoS |
| 75543 | Google Chrome Out-of-bounds Read Media Buffer Handling Remote DoS |
| 75541 | Google Chrome Unspecified Garbage Collection PDF Handling Weakness |
| 75539 | Google Chrome Unspecified Plugin Loading MIME-Type Consideration Weakness |
| 75538 | Google Chrome Unspecified PIC / PIE Compiler Option Weakness |
| 75536 | Google Chrome Race Condition Unspecified Certificate Cache Issue |
| 74701 | Google Chrome memset() Unspecified PDF File Handling Issue |
| 73511 | Google Chrome SVG Use Element Unspecified Use-after-free Issue |
| 73510 | Google Chrome HTML Parser Unspecified Lifetime / Re-entrancy Issue |
| 73509 | Google Chrome Text Selection Unspecified Use-after-free Issue |
| 73508 | Google Chrome V8 Incorrect Bounds Check Unspecified DoS |
| 73507 | Google Chrome CSS Parsing Memory Corruption |
| 73506 | Google Chrome SVG Font Handling Unspecified Use-after-free Issue |
| 73504 | Google Chrome NPAPI String Handling Out-of-bounds Read Remote DoS |
| 72209 | Google Chrome Sandbox Launcher Race Condition Unspecified DoS Google Chrome contains a race condition flaw in the sandbox launcher that may allow a remote attacker to cause a denial of service or have other unspecified impact. No further details have been provided. |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2012-09-27 | IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity : Category I - VMSKEY : V0033884 |
| 2012-05-03 | IAVM : 2012-A-0073 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0032171 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-03 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2012-0008_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-02-29 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0012_remote.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libxml2_20121120.nasl - Type : ACT_GATHER_INFO |
| 2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libxml2-111201.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libxml2-111201.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_764879_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0016.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0217.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0017.nasl - Type : ACT_GATHER_INFO |
| 2013-02-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130131_mingw32_libxml2_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-02-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0217.nasl - Type : ACT_GATHER_INFO |
| 2013-02-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0217.nasl - Type : ACT_GATHER_INFO |
| 2012-09-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13824.nasl - Type : ACT_GATHER_INFO |
| 2012-09-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13820.nasl - Type : ACT_GATHER_INFO |
| 2012-09-27 | Name : The remote device is affected by multiple vulnerabilities. File : appletv_5_1.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120111_libxml2_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120111_libxml2_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111206_libxml2_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-07-26 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari6_0.nasl - Type : ACT_GATHER_INFO |
| 2012-07-13 | Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0012.nasl - Type : ACT_GATHER_INFO |
| 2012-07-05 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_1_1_1.nasl - Type : ACT_GATHER_INFO |
| 2012-05-10 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-002.nasl - Type : ACT_GATHER_INFO |
| 2012-05-10 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_7_4.nasl - Type : ACT_GATHER_INFO |
| 2012-04-28 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2012-0008.nasl - Type : ACT_GATHER_INFO |
| 2012-03-12 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari5_1_4.nasl - Type : ACT_GATHER_INFO |
| 2012-03-12 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_6_banner.nasl - Type : ACT_GATHER_INFO |
| 2012-03-12 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_6.nasl - Type : ACT_GATHER_INFO |
| 2012-03-12 | Name : The remote host contains a web browser that is affected by several issues. File : safari_5_1_4.nasl - Type : ACT_GATHER_INFO |
| 2012-01-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2394.nasl - Type : ACT_GATHER_INFO |
| 2012-01-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1334-1.nasl - Type : ACT_GATHER_INFO |
| 2012-01-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libxml2-111201.nasl - Type : ACT_GATHER_INFO |
| 2012-01-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0017.nasl - Type : ACT_GATHER_INFO |
| 2012-01-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0016.nasl - Type : ACT_GATHER_INFO |
| 2012-01-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0017.nasl - Type : ACT_GATHER_INFO |
| 2012-01-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0016.nasl - Type : ACT_GATHER_INFO |
| 2011-12-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1749.nasl - Type : ACT_GATHER_INFO |
| 2011-11-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201111-01.nasl - Type : ACT_GATHER_INFO |
| 2011-10-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-26.nasl - Type : ACT_GATHER_INFO |
| 2011-10-26 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_15_0_874_102.nasl - Type : ACT_GATHER_INFO |
| 2011-10-13 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari5_1_1.nasl - Type : ACT_GATHER_INFO |
| 2011-10-13 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_5_1_1.nasl - Type : ACT_GATHER_INFO |
| 2011-10-12 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_5.nasl - Type : ACT_GATHER_INFO |
| 2011-10-12 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_5_banner.nasl - Type : ACT_GATHER_INFO |
| 2011-10-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-145.nasl - Type : ACT_GATHER_INFO |
| 2011-10-05 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_14_0_835_202.nasl - Type : ACT_GATHER_INFO |
| 2011-09-19 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_14_0_835_163.nasl - Type : ACT_GATHER_INFO |
| 2011-08-23 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_13_0_782_215.nasl - Type : ACT_GATHER_INFO |
| 2011-06-29 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_12_0_742_112.nasl - Type : ACT_GATHER_INFO |
| 2011-06-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2245.nasl - Type : ACT_GATHER_INFO |
| 2010-12-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_6887828f022911e0b84d00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:37:04 |
|
