aboutsummaryrefslogtreecommitdiff
path: root/security/vuxml
diff options
context:
space:
mode:
authorRyan Steinmetz <zi@FreeBSD.org>2017-09-29 15:28:54 +0000
committerRyan Steinmetz <zi@FreeBSD.org>2017-09-29 15:28:54 +0000
commitb4d8d0b91f553c3929fd5dceaac1d8ab0bb29c2e (patch)
tree8c5f94680383ff3f39c20dec35b1823130c2db68 /security/vuxml
parentc8170d0aafb766240a64d8079203e90ca8011cea (diff)
- Purge another batch of superceded www/chromium entries to give us additional headroom under the 5M vuln.xml file size limit
Approved by: ports-secteam (with hat)
Notes
Notes: svn path=/head/; revision=450904
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml3088
1 files changed, 0 insertions, 3088 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 45f8fa604bce..d4d4f3e77ef8 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -52385,77 +52385,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="d2bbcc01-4ec3-11e4-ab3f-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <name>chromium-pulse</name> <!-- pcbsd only -->
- <range><lt>38.0.2125.101</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html">
- <p>159 security fixes in this release, including 113 found using
- MemorySanitizer:</p>
- <ul>
- <li>[416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla
- for a combination of V8 and IPC bugs that can lead to remote code
- execution outside of the sandbox.</li>
- <li>[398384] High CVE-2014-3189: Out-of-bounds read in PDFium.
- Credit to cloudfuzzer.</li>
- <li>[400476] High CVE-2014-3190: Use-after-free in Events. Credit
- to cloudfuzzer.</li>
- <li>[402407] High CVE-2014-3191: Use-after-free in Rendering.
- Credit to cloudfuzzer.</li>
- <li>[403276] High CVE-2014-3192: Use-after-free in DOM. Credit to
- cloudfuzzer.</li>
- <li>[399655] High CVE-2014-3193: Type confusion in Session Management.
- Credit to miaubiz.</li>
- <li>[401115] High CVE-2014-3194: Use-after-free in Web Workers.
- Credit to Collin Payne.</li>
- <li>[403409] Medium CVE-2014-3195: Information Leak in V8. Credit
- to Jüri Aedla.</li>
- <li>[338538] Medium CVE-2014-3196: Permissions bypass in Windows
- Sandbox. Credit to James Forshaw.</li>
- <li>[396544] Medium CVE-2014-3197: Information Leak in XSS Auditor.
- Credit to Takeshi Terada.</li>
- <li>[415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium.
- Credit to Atte Kettunen of OUSPG.</li>
- <li>[395411] Low CVE-2014-3199: Release Assert in V8 bindings.
- Credit to Collin Payne.</li>
- <li>[420899] CVE-2014-3200: Various fixes from internal audits,
- fuzzing and other initiatives (Chrome 38).</li>
- <li>Multiple vulnerabilities in V8 fixed at the tip of the 3.28
- branch (currently 3.28.71.15).</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3188</cvename>
- <cvename>CVE-2014-3189</cvename>
- <cvename>CVE-2014-3190</cvename>
- <cvename>CVE-2014-3191</cvename>
- <cvename>CVE-2014-3192</cvename>
- <cvename>CVE-2014-3193</cvename>
- <cvename>CVE-2014-3194</cvename>
- <cvename>CVE-2014-3195</cvename>
- <cvename>CVE-2014-3196</cvename>
- <cvename>CVE-2014-3197</cvename>
- <cvename>CVE-2014-3198</cvename>
- <cvename>CVE-2014-3199</cvename>
- <cvename>CVE-2014-3200</cvename>
- <url>http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html</url>
- </references>
- <dates>
- <discovery>2014-10-07</discovery>
- <entry>2014-10-08</entry>
- </dates>
- </vuln>
-
<vuln vid="b6587341-4d88-11e4-aef9-20cf30e32f6d">
<topic>Bugzilla multiple security issues</topic>
<affects>
@@ -52935,34 +52864,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="bd2ef267-4485-11e4-b0b7-00262d5ed8ee">
- <topic>chromium -- RSA signature malleability in NSS</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>37.0.2062.124</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>[414124] RSA signature malleability in NSS (CVE-2014-1568).
- Thanks to Antoine Delignat-Lavaud of Prosecco/INRIA, Brian Smith
- and Advanced Threat Research team at Intel Security</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1568</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-09-24</discovery>
- <entry>2014-09-25</entry>
- </dates>
- </vuln>
-
<vuln vid="fb25333d-442f-11e4-98f3-5453ed2e2b49">
<topic>krfb -- Multiple security issues in bundled libvncserver</topic>
<affects>
@@ -53258,39 +53159,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="36a415c8-3867-11e4-b522-00262d5ed8ee">
- <topic>www/chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>37.0.2062.120</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>4 security fixes in this release, including:</p>
- <ul>
- <li>[401362] High CVE-2014-3178: Use-after-free in rendering.
- Credit to miaubiz.</li>
- <li>[411014] CVE-2014-3179: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3178</cvename>
- <cvename>CVE-2014-3179</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-09-09</discovery>
- <entry>2014-09-09</entry>
- </dates>
- </vuln>
-
<vuln vid="6318b303-3507-11e4-b76c-0011d823eebd">
<topic>trafficserver -- unspecified vulnerability</topic>
<affects>
@@ -53322,64 +53190,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="fd5f305d-2d3d-11e4-aa3d-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>37.0.2062.94</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>50 security fixes in this release, including:</p>
- <ul>
- <li>[386988] Critical CVE-2014-3176, CVE-2014-3177: A special reward
- to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and
- extensions that can lead to remote code execution outside of the
- sandbox.</li>
- <li>[369860] High CVE-2014-3168: Use-after-free in SVG. Credit to
- cloudfuzzer.</li>
- <li>[387389] High CVE-2014-3169: Use-after-free in DOM. Credit to
- Andrzej Dyjak.</li>
- <li>[390624] High CVE-2014-3170: Extension permission dialog spoofing.
- Credit to Rob Wu.</li>
- <li>[390928] High CVE-2014-3171: Use-after-free in bindings. Credit to
- cloudfuzzer.</li>
- <li>[367567] Medium CVE-2014-3172: Issue related to extension debugging.
- Credit to Eli Grey.</li>
- <li>[376951] Medium CVE-2014-3173: Uninitialized memory read in WebGL.
- Credit to jmuizelaar.</li>
- <li>[389219] Medium CVE-2014-3174: Uninitialized memory read in Web
- Audio. Credit to Atte Kettunen from OUSPG.</li>
- <li>[406143] CVE-2014-3175: Various fixes from internal audits, fuzzing
- and other initiatives (Chrome 37).</li>
-
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3168</cvename>
- <cvename>CVE-2014-3169</cvename>
- <cvename>CVE-2014-3170</cvename>
- <cvename>CVE-2014-3171</cvename>
- <cvename>CVE-2014-3172</cvename>
- <cvename>CVE-2014-3173</cvename>
- <cvename>CVE-2014-3174</cvename>
- <cvename>CVE-2014-3175</cvename>
- <cvename>CVE-2014-3176</cvename>
- <cvename>CVE-2014-3177</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-08-26</discovery>
- <entry>2014-08-26</entry>
- </dates>
- </vuln>
-
<vuln vid="84203724-296b-11e4-bebd-000c2980a9f3">
<topic>file -- buffer overruns and missing buffer size tests</topic>
<affects>
@@ -53571,42 +53381,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="df7754c0-2294-11e4-b505-000c6e25e3e9">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>36.0.1985.143</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl">
- <p>12 security fixes in this release, including</p>
- <ul>
- <li>[390174] High CVE-2014-3165: Use-after-free in web sockets.
- Credit to Collin Payne.</li>
- <li>[398925] High CVE-2014-3166: Information disclosure in SPDY.
- Credit to Antoine Delignat-Lavaud.</li>
- <li>[400950] CVE-2014-3167: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3165</cvename>
- <cvename>CVE-2014-3166</cvename>
- <cvename>CVE-2014-3167</cvename>
- <url>http://googlechromereleases.blogspot.nl</url>
- </references>
- <dates>
- <discovery>2014-08-12</discovery>
- <entry>2014-08-13</entry>
- </dates>
- </vuln>
-
<vuln vid="69048656-2187-11e4-802c-20cf30e32f6d">
<topic>serf -- SSL Certificate Null Byte Poisoning</topic>
<affects>
@@ -54401,39 +54175,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="3718833e-0d27-11e4-89db-000c6e25e3e9">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>36.0.1985.125</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl">
- <p>26 security fixes in this release, including</p>
- <ul>
- <li>[380885] Medium CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit
- to Christian Schneider.</li>
- <li>[393765] CVE-2014-3162: Various fixes from internal audits, fuzzing and
- other initiatives.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3160</cvename>
- <cvename>CVE-2014-3162</cvename>
- <url>http://googlechromereleases.blogspot.nl</url>
- </references>
- <dates>
- <discovery>2014-07-16</discovery>
- <entry>2014-07-16</entry>
- </dates>
- </vuln>
-
<vuln vid="4a114331-0d24-11e4-8dd2-5453ed2e2b49">
<topic>kdelibs4 -- KMail/KIO POP3 SSL Man-in-the-middle Flaw</topic>
<affects>
@@ -54862,44 +54603,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="0b0fb9b0-f0fb-11e3-9bcd-000c6e25e3e9">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>35.0.1916.153</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl">
- <p>4 security fixes in this release, including:</p>
- <ul>
- <li>[369525] High CVE-2014-3154: Use-after-free in filesystem api. Credit
- to Collin Payne.</li>
- <li>[369539] High CVE-2014-3155: Out-if-bounds read in SPDY. Credit
- to James March, Daniel Sommermann and Alan Frindell of Facebook.</li>
- <li>[369621] Medium CVE-2014-3156: Buffer overflow in clipboard. Credit
- to Atte Kettunen of OUSPG.</li>
- <li>[368980] CVE-2014-3157: Heap overflow in media.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3154</cvename>
- <cvename>CVE-2014-3155</cvename>
- <cvename>CVE-2014-3156</cvename>
- <cvename>CVE-2014-3157</cvename>
- <url>http://googlechromereleases.blogspot.nl</url>
- </references>
- <dates>
- <discovery>2014-06-10</discovery>
- <entry>2014-06-10</entry>
- </dates>
- </vuln>
-
<vuln vid="888a0262-f0d9-11e3-ba0c-b4b52fce4ce8">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
@@ -55226,93 +54929,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="64f3872b-e05d-11e3-9dd4-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>35.0.1916.114</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>23 security fixes in this release, including:</p>
- <ul>
- <li>[356653] High CVE-2014-1743: Use-after-free in styles. Credit
- to cloudfuzzer.</li>
- <li>[359454] High CVE-2014-1744: Integer overflow in audio. Credit
- to Aaron Staple.</li>
- <li>[346192] High CVE-2014-1745: Use-after-free in SVG. Credit to
- Atte Kettunen of OUSPG.</li>
- <li>[364065] Medium CVE-2014-1746: Out-of-bounds read in media
- filters. Credit to Holger Fuhrmannek.</li>
- <li>[330663] Medium CVE-2014-1747: UXSS with local MHTML file.
- Credit to packagesu.</li>
- <li>[331168] Medium CVE-2014-1748: UI spoofing with scrollbar.
- Credit to Jordan Milne.</li>
- <li>[374649] CVE-2014-1749: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[358057] CVE-2014-3152: Integer underflow in V8 fixed in
- version 3.25.28.16.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1743</cvename>
- <cvename>CVE-2014-1744</cvename>
- <cvename>CVE-2014-1745</cvename>
- <cvename>CVE-2014-1746</cvename>
- <cvename>CVE-2014-1747</cvename>
- <cvename>CVE-2014-1748</cvename>
- <cvename>CVE-2014-1749</cvename>
- <cvename>CVE-2014-3152</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-05-20</discovery>
- <entry>2014-05-20</entry>
- </dates>
- </vuln>
-
- <vuln vid="cdf450fc-db52-11e3-a9fc-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>34.0.1847.137</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>3 security fixes in this release:</p>
- <ul>
- <li>[358038] High CVE-2014-1740: Use-after-free in WebSockets.
- Credit to Collin Payne.</li>
- <li>[349898] High CVE-2014-1741: Integer overflow in DOM ranges.
- Credit to John Butler.</li>
- <li>[356690] High CVE-2014-1742: Use-after-free in editing. Credit
- to cloudfuzzer.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1740</cvename>
- <cvename>CVE-2014-1741</cvename>
- <cvename>CVE-2014-1742</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-05-13</discovery>
- <entry>2014-05-14</entry>
- </dates>
- </vuln>
-
<vuln vid="b060ee50-daba-11e3-99f2-bcaec565249c">
<topic>libXfont -- X Font Service Protocol and Font metadata file handling issues</topic>
<affects>
@@ -55577,54 +55193,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="7cf25a0c-d031-11e3-947b-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>34.0.1847.132</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports (belatedly):</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>9 security fixes in this release, including:</p>
- <ul>
- <li>[354967] High CVE-2014-1730: Type confusion in V8. Credit to
- Anonymous.</li>
- <li>[349903] High CVE-2014-1731: Type confusion in DOM. Credit to
- John Butler.</li>
- <li>[359802] High CVE-2014-1736: Integer overflow in V8. Credit to
- SkyLined working with HP's Zero Day Initiative.</li>
- <li>[352851] Medium CVE-2014-1732: Use-after-free in Speech
- Recognition. Credit to Khalil Zhani.</li>
- <li>[351103] Medium CVE-2014-1733: Compiler bug in Seccomp-BPF.
- Credit to Jed Davis.</li>
- <li>[367314] CVE-2014-1734: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[359130, 359525, 360429] CVE-2014-1735: Multiple
- vulnerabilities in V8 fixed in version 3.24.35.33.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1730</cvename>
- <cvename>CVE-2014-1731</cvename>
- <cvename>CVE-2014-1732</cvename>
- <cvename>CVE-2014-1733</cvename>
- <cvename>CVE-2014-1734</cvename>
- <cvename>CVE-2014-1735</cvename>
- <cvename>CVE-2014-1736</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-04-24</discovery>
- <entry>2014-04-30</entry>
- </dates>
- </vuln>
-
<vuln vid="985d4d6c-cfbd-11e3-a003-b4b52fce4ce8">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
@@ -56230,76 +55798,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="963413a5-bf50-11e3-a2d6-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>34.0.1847.116</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>31 vulnerabilities fixed in this release, including:</p>
- <ul>
- <li>[354123] High CVE-2014-1716: UXSS in V8. Credit to
- Anonymous.</li>
- <li>[353004] High CVE-2014-1717: OOB access in V8. Credit to
- Anonymous.</li>
- <li>[348332] High CVE-2014-1718: Integer overflow in compositor.
- Credit to Aaron Staple.</li>
- <li>[343661] High CVE-2014-1719: Use-after-free in web workers.
- Credit to Collin Payne.</li>
- <li>[356095] High CVE-2014-1720: Use-after-free in DOM. Credit to
- cloudfuzzer.</li>
- <li>[350434] High CVE-2014-1721: Memory corruption in V8. Credit to
- Christian Holler.</li>
- <li>[330626] High CVE-2014-1722: Use-after-free in rendering.
- Credit to miaubiz.</li>
- <li>[337746] High CVE-2014-1723: Url confusion with RTL characters.
- Credit to George McBay.</li>
- <li>[327295] High CVE-2014-1724: Use-after-free in speech. Credit
- to Atte Kettunen of OUSPG.</li>
- <li>[357332] Medium CVE-2014-1725: OOB read with window property.
- Credit to Anonymous</li>
- <li>[346135] Medium CVE-2014-1726: Local cross-origin bypass.
- Credit to Jann Horn.</li>
- <li>[342735] Medium CVE-2014-1727: Use-after-free in forms. Credit
- to Khalil Zhani.</li>
- <li>[360298] CVE-2014-1728: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[345820, 347262, 348319, 350863, 352982, 355586, 358059]
- CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version
- 3.24.35.22.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1716</cvename>
- <cvename>CVE-2014-1717</cvename>
- <cvename>CVE-2014-1718</cvename>
- <cvename>CVE-2014-1719</cvename>
- <cvename>CVE-2014-1720</cvename>
- <cvename>CVE-2014-1721</cvename>
- <cvename>CVE-2014-1722</cvename>
- <cvename>CVE-2014-1723</cvename>
- <cvename>CVE-2014-1724</cvename>
- <cvename>CVE-2014-1725</cvename>
- <cvename>CVE-2014-1726</cvename>
- <cvename>CVE-2014-1727</cvename>
- <cvename>CVE-2014-1728</cvename>
- <cvename>CVE-2014-1729</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-04-08</discovery>
- <entry>2014-04-08</entry>
- </dates>
- </vuln>
-
<vuln vid="5631ae98-be9e-11e3-b5e3-c80aa9043978">
<topic>OpenSSL -- Remote Information Disclosure</topic>
<affects>
@@ -56793,51 +56291,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="a70966a1-ac22-11e3-8d04-00262d5ed8ee">
- <topic>www/chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>33.0.1750.152</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>New vulnerabilities after the Pwn2Own competition:</p>
- <ul>
- <li>[352369] Code execution outside sandbox. Credit to VUPEN.
- <ul>
- <li>[352374] High CVE-2014-1713: Use-after-free in Blink
- bindings</li>
- <li>[352395] High CVE-2014-1714: Windows clipboard
- vulnerability</li>
- </ul>
- </li>
- <li> [352420] Code execution outside sandbox. Credit to Anonymous.
- <ul>
- <li>[351787] High CVE-2014-1705: Memory corruption in V8</li>
- <li>[352429] High CVE-2014-1715: Directory traversal issue</li>
- </ul>
- </li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1705</cvename>
- <cvename>CVE-2014-1713</cvename>
- <cvename>CVE-2014-1714</cvename>
- <cvename>CVE-2014-1715</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-03-14</discovery>
- <entry>2014-03-15</entry>
- </dates>
- </vuln>
-
<vuln vid="eb426e82-ab68-11e3-9d09-000c2980a9f3">
<topic>mutt -- denial of service, potential remote code execution</topic>
<affects>
@@ -56998,48 +56451,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="24cefa4b-a940-11e3-91f2-00262d5ed8ee">
- <topic>www/chromium --multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>33.0.1750.149</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>7 vulnerabilities fixed in this release, including:</p>
- <ul>
- <li>[344881] High CVE-2014-1700: Use-after-free in speech. Credit
- to Chamal de Silva.</li>
- <li>[342618] High CVE-2014-1701: UXSS in events. Credit to
- aidanhs.</li>
- <li>[333058] High CVE-2014-1702: Use-after-free in web database.
- Credit to Collin Payne.</li>
- <li>[338354] High CVE-2014-1703: Potential sandbox escape due to a
- use-after-free in web sockets.</li>
- <li>[328202, 349079, 345715] CVE-2014-1704: Multiple
- vulnerabilities in V8 fixed in version 3.23.17.18.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1700</cvename>
- <cvename>CVE-2014-1701</cvename>
- <cvename>CVE-2014-1702</cvename>
- <cvename>CVE-2014-1703</cvename>
- <cvename>CVE-2014-1704</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-03-11</discovery>
- <entry>2014-03-11</entry>
- </dates>
- </vuln>
-
<vuln vid="1a0de610-a761-11e3-95fe-bcaec565249c">
<topic>freetype2 -- Out of bounds read/write</topic>
<affects>
@@ -57144,51 +56555,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="b4023753-a4ba-11e3-bec2-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>33.0.1750.146</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>19 vulnerabilities fixed in this release, including:</p>
- <ul>
- <li>[344492] High CVE-2013-6663: Use-after-free in svg images.
- Credit to Atte Kettunen of OUSPG.</li>
- <li>[326854] High CVE-2013-6664: Use-after-free in speech
- recognition. Credit to Khalil Zhani.</li>
- <li>[337882] High CVE-2013-6665: Heap buffer overflow in software
- rendering. Credit to cloudfuzzer.</li>
- <li>[332023] Medium CVE-2013-6666: Chrome allows requests in flash
- header request. Credit to netfuzzerr.</li>
- <li>[348175] CVE-2013-6667: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[343964, 344186, 347909] CVE-2013-6668: Multiple
- vulnerabilities in V8 fixed in version 3.24.35.10.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6663</cvename>
- <cvename>CVE-2013-6664</cvename>
- <cvename>CVE-2013-6665</cvename>
- <cvename>CVE-2013-6666</cvename>
- <cvename>CVE-2013-6667</cvename>
- <cvename>CVE-2013-6668</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-03-03</discovery>
- <entry>2014-03-05</entry>
- </dates>
- </vuln>
-
<vuln vid="f645aa90-a3e8-11e3-a422-3c970e169bc2">
<topic>gnutls -- multiple certificate verification issues</topic>
<affects>
@@ -57393,66 +56759,6 @@ JavaScript code would be executed.</p>
</dates>
</vuln>
- <vuln vid="9dd47fa3-9d53-11e3-b20f-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>33.0.1750.117</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>28 security fixes in this release, including:</p>
- <ul>
- <li>[334897] High CVE-2013-6652: Issue with relative paths in
- Windows sandbox named pipe policy. Credit to tyranid.</li>
- <li>[331790] High CVE-2013-6653: Use-after-free related to web
- contents. Credit to Khalil Zhani.</li>
- <li>[333176] High CVE-2013-6654: Bad cast in SVG. Credit to
- TheShow3511.</li>
- <li>[293534] High CVE-2013-6655: Use-after-free in layout. Credit
- to cloudfuzzer.</li>
- <li>[331725] High CVE-2013-6656: Information leak in XSS auditor.
- Credit to NeexEmil.</li>
- <li>[331060] Medium CVE-2013-6657: Information leak in XSS auditor.
- Credit to NeexEmil.</li>
- <li>[322891] Medium CVE-2013-6658: Use-after-free in layout. Credit
- to cloudfuzzer.</li>
- <li>[306959] Medium CVE-2013-6659: Issue with certificates
- validation in TLS handshake. Credit to Antoine Delignat-Lavaud
- and Karthikeyan Bhargavan from Prosecco, Inria Paris.</li>
- <li>[332579] Low CVE-2013-6660: Information leak in drag and drop.
- Credit to bishopjeffreys.</li>
- <li>[344876] Low-High CVE-2013-6661: Various fixes from internal
- audits, fuzzing and other initiatives. Of these, seven are fixes
- for issues that could have allowed for sandbox escapes from
- compromised renderers.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6652</cvename>
- <cvename>CVE-2013-6653</cvename>
- <cvename>CVE-2013-6654</cvename>
- <cvename>CVE-2013-6655</cvename>
- <cvename>CVE-2013-6656</cvename>
- <cvename>CVE-2013-6657</cvename>
- <cvename>CVE-2013-6658</cvename>
- <cvename>CVE-2013-6659</cvename>
- <cvename>CVE-2013-6660</cvename>
- <cvename>CVE-2013-6661</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-02-20</discovery>
- <entry>2014-02-24</entry>
- </dates>
- </vuln>
-
<vuln vid="42d42090-9a4d-11e3-b029-08002798f6ff">
<topic>PostgreSQL -- multiple privilege issues</topic>
<affects>
@@ -57975,40 +57281,6 @@ JavaScript code would be executed.</p>
<cancelled superseded="c7b5d72b-886a-11e3-9533-60a44c524f57"/>
</vuln>
- <vuln vid="f9810c43-87a5-11e3-9214-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>32.0.1700.102</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>14 security fixes in this release, including:</p>
- <ul>
- <li>[330420] High CVE-2013-6649: Use-after-free in SVG images.
- Credit to Atte Kettunen of OUSPG.</li>
- <li>[331444] High CVE-2013-6650: Memory corruption in V8. This
- issue was fixed in v8 version 3.22.24.16. Credit to Christian
- Holler.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6649</cvename>
- <cvename>CVE-2013-6650</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-01-27</discovery>
- <entry>2014-01-27</entry>
- </dates>
- </vuln>
-
<vuln vid="d1dfc4c7-8791-11e3-a371-6805ca0b3d42">
<topic>rt42 -- denial-of-service attack via the email gateway</topic>
<affects>
@@ -58233,51 +57505,6 @@ JavaScript code would be executed.</p>
</dates>
</vuln>
- <vuln vid="5acf4638-7e2c-11e3-9fba-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>32.0.1700.77</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>11 security fixes in this release, including:</p>
- <ul>
- <li>[249502] High CVE-2013-6646: Use-after-free in web workers.
- Credit to Collin Payne.</li>
- <li>[326854] High CVE-2013-6641: Use-after-free related to forms.
- Credit to Atte Kettunen of OUSPG.</li>
- <li>[324969] High CVE-2013-6642: Address bar spoofing in Chrome for
- Android. Credit to lpilorz.</li>
- <li>[321940] High CVE-2013-6643: Unprompted sync with an attacker’s
- Google account. Credit to Joao Lucas Melo Brasio.</li>
- <li>[318791] Medium CVE-2013-6645 Use-after-free related to speech
- input elements. Credit to Khalil Zhani.</li>
- <li>[333036] CVE-2013-6644: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6641</cvename>
- <cvename>CVE-2013-6642</cvename>
- <cvename>CVE-2013-6643</cvename>
- <cvename>CVE-2013-6644</cvename>
- <cvename>CVE-2013-6645</cvename>
- <cvename>CVE-2013-6646</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-01-14</discovery>
- <entry>2014-01-15</entry>
- </dates>
- </vuln>
-
<vuln vid="3d95c9a7-7d5c-11e3-a8c1-206a8a720317">
<topic>ntpd DRDoS / Amplification Attack using ntpdc monlist command</topic>
<affects>
@@ -59033,57 +58260,6 @@ JavaScript code would be executed.</p>
</dates>
</vuln>
- <vuln vid="79356040-5da4-11e3-829e-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>31.0.1650.63</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>15 security fixes in this release, including:</p>
- <ul>
- <li>[307159] Medium CVE-2013-6634: Session fixation in sync related
- to 302 redirects. Credit to Andrey Labunets.</li>
- <li>[314469] High CVE-2013-6635: Use-after-free in editing. Credit
- to cloudfuzzer.</li>
- <li>[322959] Medium CVE-2013-6636: Address bar spoofing related to
- modal dialogs. Credit to Bas Venis.</li>
- <li>[325501] CVE-2013-6637: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[319722] Medium CVE-2013-6638: Buffer overflow in v8. This
- issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow
- of the Chromium project.</li>
- <li>[319835] High CVE-2013-6639: Out of bounds write in v8. This
- issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow
- of the Chromium project.</li>
- <li>[319860] Medium CVE-2013-6640: Out of bounds read in v8. This
- issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow
- of the Chromium project.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6634</cvename>
- <cvename>CVE-2013-6635</cvename>
- <cvename>CVE-2013-6636</cvename>
- <cvename>CVE-2013-6637</cvename>
- <cvename>CVE-2013-6638</cvename>
- <cvename>CVE-2013-6639</cvename>
- <cvename>CVE-2013-6640</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-12-04</discovery>
- <entry>2013-12-05</entry>
- </dates>
- </vuln>
-
<vuln vid="4158c57e-5d39-11e3-bc1e-6cf0490a8c18">
<topic>Joomla! -- Core XSS Vulnerabilities</topic>
<affects>
@@ -59448,33 +58624,6 @@ JavaScript code would be executed.</p>
</dates>
</vuln>
- <vuln vid="e62ab2af-4df4-11e3-b0cf-00262d5ed8ee">
- <topic>chromium -- multiple memory corruption issues</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>31.0.1650.57</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>[319117] [319125] Critical CVE-2013-6632: Multiple memory
- corruption issues. Credit to Pinkie Pie.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6632</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-11-14</discovery>
- <entry>2013-11-15</entry>
- </dates>
- </vuln>
-
<vuln vid="adcbdba2-4c27-11e3-9848-98fc11cdc4f5">
<topic>linux-flashplugin -- multiple vulnerabilities</topic>
<affects>
@@ -59503,69 +58652,6 @@ JavaScript code would be executed.</p>
</dates>
</vuln>
- <vuln vid="3bfc7016-4bcc-11e3-b0cf-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>31.0.1650.48</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>25 security fixes in this release, including:</p>
- <ul>
- <li>[268565] Medium CVE-2013-6621: Use after free related to speech input elements.
- Credit to Khalil Zhani.</li>
- <li>[272786] High CVE-2013-6622: Use after free related to media elements. Credit
- to cloudfuzzer.</li>
- <li>[282925] High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz.</li>
- <li>[290566] High CVE-2013-6624: Use after free related to “id” attribute strings.
- Credit to Jon Butler.</li>
- <li>[295010] High CVE-2013-6625: Use after free in DOM ranges. Credit to
- cloudfuzzer.</li>
- <li>[295695] Low CVE-2013-6626: Address bar spoofing related to interstitial
- warnings. Credit to Chamal de Silva.</li>
- <li>[299892] High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to
- skylined.</li>
- <li>[306959] Medium CVE-2013-6628: Issue with certificates not being checked
- during TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan
- Bhargavan from Prosecco of INRIA Paris.</li>
- <li>[315823] Medium-Critical CVE-2013-2931: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[258723] Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and
- libjpeg-turbo. Credit to Michal Zalewski of Google.</li>
- <li>[299835] Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
- Credit to Michal Zalewski of Google.</li>
- <li>[296804] High CVE-2013-6631: Use after free in libjingle. Credit to Patrik
- Höglund of the Chromium project.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2931</cvename>
- <cvename>CVE-2013-6621</cvename>
- <cvename>CVE-2013-6622</cvename>
- <cvename>CVE-2013-6623</cvename>
- <cvename>CVE-2013-6624</cvename>
- <cvename>CVE-2013-6625</cvename>
- <cvename>CVE-2013-6626</cvename>
- <cvename>CVE-2013-6627</cvename>
- <cvename>CVE-2013-6628</cvename>
- <cvename>CVE-2013-6629</cvename>
- <cvename>CVE-2013-6630</cvename>
- <cvename>CVE-2013-6631</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-11-12</discovery>
- <entry>2013-11-12</entry>
- </dates>
- </vuln>
-
<vuln vid="5709d244-4873-11e3-8a46-000d601460a4">
<topic>OpenSSH -- Memory corruption in sshd</topic>
<affects>
@@ -60051,45 +59137,6 @@ JavaScript code would be executed.</p>
</dates>
</vuln>
- <vuln vid="710cd5d5-35cb-11e3-85f9-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>30.0.1599.101</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>5 security fixes in this release, including:</p>
- <ul>
- <li>[292422] High CVE-2013-2925: Use after free in XHR. Credit to
- Atte Kettunen of OUSPG.</li>
- <li>[294456] High CVE-2013-2926: Use after free in editing. Credit
- to cloudfuzzer.</li>
- <li>[297478] High CVE-2013-2927: Use after free in forms. Credit
- to cloudfuzzer.</li>
- <li>[305790] High CVE-2013-2928: Various fixes from internal
- audits, fuzzing and other initiatives.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2925</cvename>
- <cvename>CVE-2013-2926</cvename>
- <cvename>CVE-2013-2927</cvename>
- <cvename>CVE-2013-2928</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-10-15</discovery>
- <entry>2013-10-15</entry>
- </dates>
- </vuln>
-
<vuln vid="9003b500-31e3-11e3-b0d0-20cf30e32f6d">
<topic>mod_fcgid -- possible heap buffer overwrite</topic>
<affects>
@@ -60214,94 +59261,6 @@ affected..</p>
</dates>
</vuln>
- <vuln vid="e5414d0c-2ade-11e3-821d-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>30.0.1599.66</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>50 security fixes in this release, including:</p>
- <ul>
- <li>[223962][270758][271161][284785][284786] Medium CVE-2013-2906:
- Races in Web Audio. Credit to Atte Kettunen of OUSPG.</li>
- <li>[260667] Medium CVE-2013-2907: Out of bounds read in
- Window.prototype object. Credit to Boris Zbarsky.</li>
- <li>[265221] Medium CVE-2013-2908: Address bar spoofing related to
- the “204 No Content” status code. Credit to Chamal de Silva.</li>
- <li>[265838][279277] High CVE-2013-2909: Use after free in
- inline-block rendering. Credit to Atte Kettunen of OUSPG.</li>
- <li>[269753] Medium CVE-2013-2910: Use-after-free in Web Audio.
- Credit to Byoungyoung Lee of Georgia Tech Information Security
- Center (GTISC).</li>
- <li>[271939] High CVE-2013-2911: Use-after-free in XSLT. Credit to
- Atte Kettunen of OUSPG.</li>
- <li>[276368] High CVE-2013-2912: Use-after-free in PPAPI. Credit to
- Chamal de Silva and 41.w4r10r(at)garage4hackers.com.</li>
- <li>[278908] High CVE-2013-2913: Use-after-free in XML document
- parsing. Credit to cloudfuzzer.</li>
- <li>[279263] High CVE-2013-2914: Use after free in the Windows
- color chooser dialog. Credit to Khalil Zhani.</li>
- <li>[280512] Low CVE-2013-2915: Address bar spoofing via a
- malformed scheme. Credit to Wander Groeneveld. </li>
- <li>[281256] High CVE-2013-2916: Address bar spoofing related to
- the “204 No Content” status code. Credit to Masato Kinugawa.</li>
- <li>[281480] Medium CVE-2013-2917: Out of bounds read in Web Audio.
- Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech
- Information Security Center (GTISC).</li>
- <li>[282088] High CVE-2013-2918: Use-after-free in DOM. Credit to
- Byoungyoung Lee of Georgia Tech Information Security Center
- (GTISC).</li>
- <li>[282736] High CVE-2013-2919: Memory corruption in V8. Credit to
- Adam Haile of Concrete Data.</li>
- <li>[285742] Medium CVE-2013-2920: Out of bounds read in URL
- parsing. Credit to Atte Kettunen of OUSPG.</li>
- <li>[286414] High CVE-2013-2921: Use-after-free in resource loader.
- Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech
- Information Security Center (GTISC).</li>
- <li>[286975] High CVE-2013-2922: Use-after-free in template
- element. Credit to Jon Butler.</li>
- <li>[299016] CVE-2013-2923: Various fixes from internal audits,
- fuzzing and other initiatives (Chrome 30).</li>
- <li>[275803] Medium CVE-2013-2924: Use-after-free in ICU. Upstream
- bug here.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2906</cvename>
- <cvename>CVE-2013-2907</cvename>
- <cvename>CVE-2013-2908</cvename>
- <cvename>CVE-2013-2909</cvename>
- <cvename>CVE-2013-2910</cvename>
- <cvename>CVE-2013-2911</cvename>
- <cvename>CVE-2013-2912</cvename>
- <cvename>CVE-2013-2913</cvename>
- <cvename>CVE-2013-2914</cvename>
- <cvename>CVE-2013-2915</cvename>
- <cvename>CVE-2013-2916</cvename>
- <cvename>CVE-2013-2917</cvename>
- <cvename>CVE-2013-2918</cvename>
- <cvename>CVE-2013-2919</cvename>
- <cvename>CVE-2013-2920</cvename>
- <cvename>CVE-2013-2921</cvename>
- <cvename>CVE-2013-2922</cvename>
- <cvename>CVE-2013-2923</cvename>
- <cvename>CVE-2013-2924</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-10-01</discovery>
- <entry>2013-10-01</entry>
- </dates>
- </vuln>
-
<vuln vid="e1f99d59-81aa-4662-bf62-c1076f5016c8">
<topic>py-graphite-web -- Multiple vulnerabilities</topic>
<affects>
@@ -60764,55 +59723,6 @@ affected..</p>
</dates>
</vuln>
- <vuln vid="ae651a4b-0a42-11e3-ba52-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>29.0.1547.57</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>25 security fixes in this release, including:</p>
- <ul>
- <li>[181617] High CVE-2013-2900: Incomplete path sanitization in
- file handling. Credit to Krystian Bigaj.</li>
- <li> [254159] Low CVE-2013-2905: Information leak via overly broad
- permissions on shared memory files. Credit to Christian
- Jaeger.</li>
- <li>[257363] High CVE-2013-2901: Integer overflow in ANGLE. Credit
- to Alex Chapman.</li>
- <li>[260105] High CVE-2013-2902: Use after free in XSLT. Credit to
- cloudfuzzer.</li>
- <li>[260156] High CVE-2013-2903: Use after free in media element.
- Credit to cloudfuzzer.</li>
- <li>[260428] High CVE-2013-2904: Use after free in document
- parsing. Credit to cloudfuzzer.</li>
- <li>[274602] CVE-2013-2887: Various fixes from internal audits,
- fuzzing and other initiatives (Chrome 29).</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2887</cvename>
- <cvename>CVE-2013-2900</cvename>
- <cvename>CVE-2013-2901</cvename>
- <cvename>CVE-2013-2902</cvename>
- <cvename>CVE-2013-2903</cvename>
- <cvename>CVE-2013-2904</cvename>
- <cvename>CVE-2013-2905</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-08-20</discovery>
- <entry>2013-08-21</entry>
- </dates>
- </vuln>
-
<vuln vid="4d087b35-0990-11e3-a9f4-bcaec565249c">
<topic>gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav</topic>
<affects>
@@ -61276,49 +60186,6 @@ affected..</p>
</dates>
</vuln>
- <vuln vid="69098c5c-fc4b-11e2-8ad0-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>28.0.1500.95</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>Eleven vulnerabilities, including:</p>
- <p>[257748] Medium CVE-2013-2881: Origin bypass in frame handling.
- Credit to Karthik Bhargavan.</p>
- <p>[260106] High CVE-2013-2882: Type confusion in V8. Credit to
- Cloudfuzzer.</p>
- <p>[260165] High CVE-2013-2883: Use-after-free in MutationObserver.
- Credit to Cloudfuzzer.</p>
- <p>[248950] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan
- Fratric of Google Security Team.</p>
- <p>[249640] [257353] High CVE-2013-2885: Use-after-free in input
- handling. Credit to Ivan Fratric of Google Security Team.</p>
- <p>[261701] High CVE-2013-2886: Various fixes from internal audits,
- fuzzing and other initiatives.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2881</cvename>
- <cvename>CVE-2013-2882</cvename>
- <cvename>CVE-2013-2883</cvename>
- <cvename>CVE-2013-2884</cvename>
- <cvename>CVE-2013-2885</cvename>
- <cvename>CVE-2013-2886</cvename>
- <url>http://www.googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-07-30</discovery>
- <entry>2013-08-03</entry>
- </dates>
- </vuln>
-
<vuln vid="f4a0212f-f797-11e2-9bb9-6805ca0b3d42">
<topic>phpMyAdmin -- multiple vulnerabilities</topic>
<affects>
@@ -61993,75 +60860,6 @@ affected..</p>
</dates>
</vuln>
- <vuln vid="3b80104f-e96c-11e2-8bac-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>28.0.1500.71</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>A special reward for Andrey Labunets for his combination of
- CVE-2013-2879 and CVE-2013-2868 along with some (since fixed)
- server-side bugs.</p>
- <p>[252216] Low CVE-2013-2867: Block pop-unders in various
- scenarios.</p>
- <p>[252062] High CVE-2013-2879: Confusion setting up sign-in and sync.
- Credit to Andrey Labunets.</p>
- <p>[252034] Medium CVE-2013-2868: Incorrect sync of NPAPI extension
- component. Credit to Andrey Labunets.</p>
- <p>[245153] Medium CVE-2013-2869: Out-of-bounds read in JPEG2000
- handling. Credit to Felix Groebert of Google Security Team.</p>
- <p>[244746] [242762] Critical CVE-2013-2870: Use-after-free with
- network sockets. Credit to Collin Payne.</p>
- <p>[244260] Medium CVE-2013-2853: Man-in-the-middle attack against
- HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan
- Bhargavan from Prosecco at INRIA Paris.</p>
- <p>[243991] [243818] High CVE-2013-2871: Use-after-free in input
- handling. Credit to miaubiz.</p>
- <p>[Mac only] [242702] Low CVE-2013-2872: Possible lack of entropy in
- renderers. Credit to Eric Rescorla.</p>
- <p>[241139] High CVE-2013-2873: Use-after-free in resource loading.
- Credit to miaubiz.</p>
- <p>[233848] Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit
- to miaubiz.</p>
- <p>[229504] Medium CVE-2013-2876: Extensions permissions confusion
- with interstitials. Credit to Dev Akhawe.</p>
- <p>[229019] Low CVE-2013-2877: Out-of-bounds read in XML parsing.
- Credit to Aki Helin of OUSPG.</p>
- <p>[196636] None: Remove the "viewsource" attribute on iframes.
- Credit to Collin Jackson.</p>
- <p>[177197] Medium CVE-2013-2878: Out-of-bounds read in text
- handling. Credit to Atte Kettunen of OUSPG.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2853</cvename>
- <cvename>CVE-2013-2867</cvename>
- <cvename>CVE-2013-2868</cvename>
- <cvename>CVE-2013-2869</cvename>
- <cvename>CVE-2013-2870</cvename>
- <cvename>CVE-2013-2871</cvename>
- <cvename>CVE-2013-2872</cvename>
- <cvename>CVE-2013-2873</cvename>
- <cvename>CVE-2013-2875</cvename>
- <cvename>CVE-2013-2876</cvename>
- <cvename>CVE-2013-2877</cvename>
- <cvename>CVE-2013-2878</cvename>
- <cvename>CVE-2013-2879</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-07-09</discovery>
- <entry>2013-07-10</entry>
- </dates>
- </vuln>
-
<vuln vid="f3d24aee-e5ad-11e2-b183-20cf30e32f6d">
<topic>apache22 -- several vulnerabilities</topic>
<affects>
@@ -62734,65 +61532,6 @@ affected..</p>
</dates>
</vuln>
- <vuln vid="4865d189-cd62-11e2-ae11-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>27.0.1453.110</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>[242322] Medium CVE-2013-2855: Memory corruption in dev tools API.
- Credit to "daniel.zulla".</p>
- <p>[242224] High CVE-2013-2856: Use-after-free in input handling.
- Credit to miaubiz.</p>
- <p>[240124] High CVE-2013-2857: Use-after-free in image handling.
- Credit to miaubiz.</p>
- <p>[239897] High CVE-2013-2858: Use-after-free in HTML5 Audio. Credit
- to "cdel921".</p>
- <p>[237022] High CVE-2013-2859: Cross-origin namespace pollution.
- to "bobbyholley".</p>
- <p>[225546] High CVE-2013-2860: Use-after-free with workers accessing
- database APIs. Credit to Collin Payne.</p>
- <p>[209604] High CVE-2013-2861: Use-after-free with SVG. Credit to
- miaubiz.</p>
- <p>[161077] High CVE-2013-2862: Memory corruption in Skia GPU
- handling. Credit to Atte Kettunen of OUSPG.</p>
- <p>[232633] Critical CVE-2013-2863: Memory corruption in SSL socket
- handling. Credit to Sebastian Marchand of the Chromium development
- community.</p>
- <p>[239134] High CVE-2013-2864: Bad free in PDF viewer. Credit to
- Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from
- Google Security Team.</p>
- <p>[246389] High CVE-2013-2865: Various fixes from internal audits,
- fuzzing and other initiatives.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2855</cvename>
- <cvename>CVE-2013-2856</cvename>
- <cvename>CVE-2013-2857</cvename>
- <cvename>CVE-2013-2858</cvename>
- <cvename>CVE-2013-2859</cvename>
- <cvename>CVE-2013-2860</cvename>
- <cvename>CVE-2013-2861</cvename>
- <cvename>CVE-2013-2862</cvename>
- <cvename>CVE-2013-2863</cvename>
- <cvename>CVE-2013-2864</cvename>
- <cvename>CVE-2013-2865</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-06-04</discovery>
- <entry>2013-06-04</entry>
- </dates>
- </vuln>
-
<vuln vid="2eebebff-cd3b-11e2-8f09-001b38c3836c">
<topic>xorg -- protocol handling issues in X Window System client libraries</topic>
<affects>
@@ -63475,72 +62214,6 @@ affected..</p>
</dates>
</vuln>
- <vuln vid="358133b5-c2b9-11e2-a738-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>27.0.1453.93</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/Stable%20Updates">
- <p>[235638] High CVE-2013-2837: Use-after-free in SVG. Credit to
- Slawomir Blazek.</p>
- <p>[235311] Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to
- Christian Holler.</p>
- <p>[230176] High CVE-2013-2839: Bad cast in clipboard handling.
- Credit to Jon of MWR InfoSecurity.</p>
- <p>[230117] High CVE-2013-2840: Use-after-free in media loader.
- Credit to Nils of MWR InfoSecurity.</p>
- <p>[227350] High CVE-2013-2841: Use-after-free in Pepper resource
- handling. Credit to Chamal de Silva.</p>
- <p>[226696] High CVE-2013-2842: Use-after-free in widget handling.
- Credit to Cyril Cattiaux.</p>
- <p>[222000] High CVE-2013-2843: Use-after-free in speech handling.
- Credit to Khalil Zhani.</p>
- <p>[196393] High CVE-2013-2844: Use-after-free in style resolution.
- Credit to Sachin Shinde (@cons0ul).</p>
- <p>[188092] [179522] [222136] [188092] High CVE-2013-2845: Memory
- safety issues in Web Audio. Credit to Atte Kettunen of OUSPG.</p>
- <p>[177620] High CVE-2013-2846: Use-after-free in media loader.
- Credit to Chamal de Silva.</p>
- <p>[176692] High CVE-2013-2847: Use-after-free race condition with
- workers. Credit to Collin Payne.</p>
- <p>[176137] Medium CVE-2013-2848: Possible data extraction with XSS
- Auditor. Credit to Egor Homakov.</p>
- <p>[171392] Low CVE-2013-2849: Possible XSS with drag+drop or
- copy+paste. Credit to Mario Heiderich.</p>
- <p>[241595] High CVE-2013-2836: Various fixes from internal audits,
- fuzzing and other initiatives.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-2836</cvename>
- <cvename>CVE-2013-2837</cvename>
- <cvename>CVE-2013-2838</cvename>
- <cvename>CVE-2013-2839</cvename>
- <cvename>CVE-2013-2840</cvename>
- <cvename>CVE-2013-2841</cvename>
- <cvename>CVE-2013-2842</cvename>
- <cvename>CVE-2013-2843</cvename>
- <cvename>CVE-2013-2844</cvename>
- <cvename>CVE-2013-2845</cvename>
- <cvename>CVE-2013-2846</cvename>
- <cvename>CVE-2013-2847</cvename>
- <cvename>CVE-2013-2848</cvename>
- <cvename>CVE-2013-2849</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/Stable%20Updates</url>
- </references>
- <dates>
- <discovery>2013-05-21</discovery>
- <entry>2013-05-22</entry>
- </dates>
- </vuln>
-
<vuln vid="c72a2494-c08b-11e2-bb21-083e8ed0f47b">
<topic>plib -- stack-based buffer overflow</topic>
<affects>
@@ -64770,70 +63443,6 @@ affected..</p>
</dates>
</vuln>
- <vuln vid="bdd48858-9656-11e2-a9a8-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>26.0.1410.43</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/Stable%20Updates">
- <p>[172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit
- to Atte Kettunen of OUSPG.</p>
- <p>[180909] Low CVE-2013-0917: Out-of-bounds read in URL loader.
- Credit to Google Chrome Security Team (Cris Neckar).</p>
- <p>[180555] Low CVE-2013-0918: Do not navigate dev tools upon drag
- and drop. Credit to Vsevolod Vlasov of the Chromium development
- community.</p>
- <p>[Linux only] [178760] Medium CVE-2013-0919: Use-after-free with
- pop-up windows in extensions. Credit to Google Chrome Security Team
- (Mustafa Emre Acer).</p>
- <p>[177410] Medium CVE-2013-0920: Use-after-free in extension
- bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre
- Acer).</p>
- <p>[174943] High CVE-2013-0921: Ensure isolated web sites run in
- their own processes.</p>
- <p>[174129] Low CVE-2013-0922: Avoid HTTP basic auth brute force
- attempts. Credit to "t3553r".</p>
- <p>[169981] [169972] [169765] Medium CVE-2013-0923: Memory safety
- issues in the USB Apps API. Credit to Google Chrome Security Team
- (Mustafa Emre Acer).</p>
- <p>[169632] Low CVE-2013-0924: Check an extension's permissions API
- usage again file permissions. Credit to Benjamin Kalman of the
- Chromium development community.</p>
- <p>[168442] Low CVE-2013-0925: Avoid leaking URLs to extensions
- without the tabs permissions. Credit to Michael Vrable of
- Google.</p>
- <p>[112325] Medium CVE-2013-0926: Avoid pasting active tags in
- certain situations. Credit to Subho Halder, Aditya Gupta, and Dev
- Kar of xys3c (xysec.com).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-0916</cvename>
- <cvename>CVE-2013-0917</cvename>
- <cvename>CVE-2013-0918</cvename>
- <cvename>CVE-2013-0919</cvename>
- <cvename>CVE-2013-0920</cvename>
- <cvename>CVE-2013-0921</cvename>
- <cvename>CVE-2013-0922</cvename>
- <cvename>CVE-2013-0923</cvename>
- <cvename>CVE-2013-0924</cvename>
- <cvename>CVE-2013-0925</cvename>
- <cvename>CVE-2013-0926</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/Stable%20Updates</url>
- </references>
- <dates>
- <discovery>2013-03-26</discovery>
- <entry>2013-03-26</entry>
- </dates>
- </vuln>
-
<vuln vid="6adca5e9-95d2-11e2-8549-68b599b52a02">
<topic>firebird -- Remote Stack Buffer Overflow</topic>
<affects>
@@ -65326,33 +63935,6 @@ affected..</p>
</dates>
</vuln>
- <vuln vid="54bed676-87ce-11e2-b528-00262d5ed8ee">
- <topic>chromium -- WebKit vulnerability</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>25.0.1364.160</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/Stable%20Updates">
- <p>[180763] High CVE-2013-0912: Type confusion in WebKit. Credit to
- Nils and Jon of MWR Labs.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-0912</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/Stable%20Updates</url>
- </references>
- <dates>
- <discovery>2013-03-07</discovery>
- <entry>2013-03-08</entry>
- </dates>
- </vuln>
-
<vuln vid="b9a347ac-8671-11e2-b73c-0019d18c446a">
<topic>typo3 -- Multiple vulnerabilities in TYPO3 Core</topic>
<affects>
@@ -65395,62 +63977,6 @@ affected..</p>
</dates>
</vuln>
- <vuln vid="40d5ab37-85f2-11e2-b528-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>25.0.1364.152</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/Stable%20Updates">
- <p>[176882] High CVE-2013-0902: Use-after-free in frame loader.
- Credit to Chamal de Silva.</p>
- <p>[176252] High CVE-2013-0903: Use-after-free in browser navigation
- handling. Credit to "chromium.khalil".</p>
- <p>[172926] [172331] High CVE-2013-0904: Memory corruption in Web
- Audio. Credit to Atte Kettunen of OUSPG.</p>
- <p>[168982] High CVE-2013-0905: Use-after-free with SVG animations.
- Credit to Atte Kettunen of OUSPG.</p>
- <p>[174895] High CVE-2013-0906: Memory corruption in Indexed DB.
- Credit to Google Chrome Security Team (Juri Aedla).</p>
- <p>[174150] Medium CVE-2013-0907: Race condition in media thread
- handling. Credit to Andrew Scherkus of the Chromium development
- community.</p>
- <p>[174059] Medium CVE-2013-0908: Incorrect handling of bindings for
- extension processes.</p>
- <p>[173906] Low CVE-2013-0909: Referer leakage with XSS Auditor.
- Credit to Egor Homakov.</p>
- <p>[172573] Medium CVE-2013-0910: Mediate renderer -&gt; browser
- plug-in loads more strictly. Credit to Google Chrome Security Team
- (Chris Evans).</p>
- <p>[172264] High CVE-2013-0911: Possible path traversal in database
- handling. Credit to Google Chrome Security Team (Juri Aedla).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-0902</cvename>
- <cvename>CVE-2013-0903</cvename>
- <cvename>CVE-2013-0904</cvename>
- <cvename>CVE-2013-0905</cvename>
- <cvename>CVE-2013-0906</cvename>
- <cvename>CVE-2013-0907</cvename>
- <cvename>CVE-2013-0908</cvename>
- <cvename>CVE-2013-0909</cvename>
- <cvename>CVE-2013-0910</cvename>
- <cvename>CVE-2013-0911</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/Stable%20Updates</url>
- </references>
- <dates>
- <discovery>2013-03-04</discovery>
- <entry>2013-03-06</entry>
- </dates>
- </vuln>
-
<vuln vid="c97219b6-843d-11e2-b131-000c299b62e1">
<topic>stunnel -- Remote Code Execution</topic>
<affects>
@@ -65884,100 +64410,6 @@ affected..</p>
</dates>
</vuln>
- <vuln vid="dfd92cb2-7d48-11e2-ad48-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>25.0.1364.97</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[172243] High CVE-2013-0879: Memory corruption with web audio
- node. Credit to Atte Kettunen of OUSPG.</p>
- <p>[171951] High CVE-2013-0880: Use-after-free in database handling.
- Credit to Chamal de Silva.</p>
- <p>[167069] Medium CVE-2013-0881: Bad read in Matroska handling.
- Credit to Atte Kettunen of OUSPG.</p>
- <p>[165432] High CVE-2013-0882: Bad memory access with excessive SVG
- parameters. Credit to Renata Hodovan.</p>
- <p>[142169] Medium CVE-2013-0883: Bad read in Skia. Credit to Atte
- Kettunen of OUSPG.</p>
- <p>[172984] Low CVE-2013-0884: Inappropriate load of NaCl. Credit to
- Google Chrome Security Team (Chris Evans).</p>
- <p>[172369] Medium CVE-2013-0885: Too many API permissions granted to
- web store.</p>
- <p>[171065] [170836] Low CVE-2013-0887: Developer tools process has
- too many permissions and places too much trust in the connected
- server.</p>
- <p>[170666] Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit
- to Google Chrome Security Team (Inferno).</p>
- <p>[170569] Low CVE-2013-0889: Tighten user gesture check for
- dangerous file downloads.</p>
- <p>[169973] [169966] High CVE-2013-0890: Memory safety issues across
- the IPC layer. Credit to Google Chrome Security Team (Chris
- Evans).</p>
- <p>[169685] High CVE-2013-0891: Integer overflow in blob handling.
- Credit to Google Chrome Security Team (Jüri Aedla).</p>
- <p>[169295] [168710] [166493] [165836] [165747] [164958] [164946]
- Medium CVE-2013-0892: Lower severity issues across the IPC layer.
- Credit to Google Chrome Security Team (Chris Evans).</p>
- <p>[168570] Medium CVE-2013-0893: Race condition in media handling.
- Credit to Andrew Scherkus of the Chromium development community.</p>
- <p>[168473] High CVE-2013-0894: Buffer overflow in vorbis decoding.
- Credit to Google Chrome Security Team (Inferno).</p>
- <p>[Linux / Mac] [167840] High CVE-2013-0895: Incorrect path handling
- in file copying. Credit to Google Chrome Security Team (Jüri
- Aedla).</p>
- <p>[166708] High CVE-2013-0896: Memory management issues in plug-in
- message handling. Credit to Google Chrome Security Team (Cris
- Neckar).</p>
- <p>[165537] Low CVE-2013-0897: Off-by-one read in PDF. Credit to
- Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from
- Google Security Team.</p>
- <p>[164643] High CVE-2013-0898: Use-after-free in URL handling.
- Credit to Alexander Potapenko of the Chromium development
- community.</p>
- <p>[160480] Low CVE-2013-0899: Integer overflow in Opus handling.
- Credit to Google Chrome Security Team (Jüri Aedla).</p>
- <p>[152442] Medium CVE-2013-0900: Race condition in ICU. Credit to
- Google Chrome Security Team (Inferno).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-0879</cvename>
- <cvename>CVE-2013-0880</cvename>
- <cvename>CVE-2013-0881</cvename>
- <cvename>CVE-2013-0882</cvename>
- <cvename>CVE-2013-0883</cvename>
- <cvename>CVE-2013-0884</cvename>
- <cvename>CVE-2013-0885</cvename>
- <cvename>CVE-2013-0887</cvename>
- <cvename>CVE-2013-0888</cvename>
- <cvename>CVE-2013-0889</cvename>
- <cvename>CVE-2013-0890</cvename>
- <cvename>CVE-2013-0891</cvename>
- <cvename>CVE-2013-0892</cvename>
- <cvename>CVE-2013-0893</cvename>
- <cvename>CVE-2013-0894</cvename>
- <cvename>CVE-2013-0895</cvename>
- <cvename>CVE-2013-0896</cvename>
- <cvename>CVE-2013-0897</cvename>
- <cvename>CVE-2013-0898</cvename>
- <cvename>CVE-2013-0899</cvename>
- <cvename>CVE-2013-0900</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2013-02-21</discovery>
- <entry>2013-02-22</entry>
- </dates>
- </vuln>
-
<vuln vid="f54584bc-7d2b-11e2-9bd1-206a8a720317">
<topic>krb5 -- null pointer dereference in the KDC PKINIT code [CVE-2013-1415]</topic>
<affects>
@@ -66749,43 +65181,6 @@ affected..</p>
</dates>
</vuln>
- <vuln vid="8d03202c-6559-11e2-a389-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>24.0.1312.56</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[151008] High CVE-2013-0839: Use-after-free in canvas font
- handling. Credit to Atte Kettunen of OUSPG.</p>
- <p>[170532] Medium CVE-2013-0840: Missing URL validation when opening
- new windows.</p>
- <p>[169770] High CVE-2013-0841: Unchecked array index in content
- blocking. Credit to Google Chrome Security Team (Chris Evans).</p>
- <p>[166867] Medium CVE-2013-0842: Problems with NULL characters
- embedded in paths. Credit to Google Chrome Security Team (Jüri
- Aedla).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-0839</cvename>
- <cvename>CVE-2013-0840</cvename>
- <cvename>CVE-2013-0841</cvename>
- <cvename>CVE-2013-0842</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2013-01-22</discovery>
- <entry>2013-01-23</entry>
- </dates>
- </vuln>
-
<vuln vid="1827f213-633e-11e2-8d93-c8600054b392">
<topic>drupal -- multiple vulnerabilities</topic>
<affects>
@@ -66968,106 +65363,6 @@ affected..</p>
</dates>
</vuln>
- <vuln vid="46bd747b-5b84-11e2-b06d-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>24.0.1312.52</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[162494] High CVE-2012-5145: Use-after-free in SVG layout. Credit
- to Atte Kettunen of OUSPG.</p>
- <p>[165622] High CVE-2012-5146: Same origin policy bypass with
- malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar,
- both of Facebook.</p>
- <p>[165864] High CVE-2012-5147: Use-after-free in DOM handling.
- Credit to José A. Vázquez.</p>
- <p>[167122] Medium CVE-2012-5148: Missing filename sanitization in
- hyphenation support. Credit to Google Chrome Security Team (Justin
- Schuh).</p>
- <p>[166795] High CVE-2012-5149: Integer overflow in audio IPC
- handling. Credit to Google Chrome Security Team (Chris Evans).</p>
- <p>[165601] High CVE-2012-5150: Use-after-free when seeking video.
- Credit to Google Chrome Security Team (Inferno).</p>
- <p>[165538] High CVE-2012-5151: Integer overflow in PDF JavaScript.
- Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind,
- both of Google Security Team.</p>
- <p>[165430] Medium CVE-2012-5152: Out-of-bounds read when seeking
- video. Credit to Google Chrome Security Team (Inferno).</p>
- <p>[164565] High CVE-2012-5153: Out-of-bounds stack access in v8.
- Credit to Andreas Rossberg of the Chromium development
- community.</p>
- <p>[Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for
- worker processes. Credit to Google Chrome Security Team (Julien
- Tinnes).</p>
- <p>[162778] High CVE-2012-5156: Use-after-free in PDF fields. Credit
- to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both
- of Google Security Team.</p>
- <p>[162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF
- image handling. Credit to Mateusz Jurczyk, with contribution from
- Gynvael Coldwind, both of Google Security Team.</p>
- <p>[162153] High CVE-2013-0828: Bad cast in PDF root handling. Credit
- to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both
- of Google Security Team.</p>
- <p>[162114] High CVE-2013-0829: Corruption of database metadata
- leading to incorrect file access. Credit to Google Chrome Security
- Team (Jüri Aedla).</p>
- <p>[161836] Low CVE-2013-0831: Possible path traversal from extension
- process. Credit to Google Chrome Security Team (Tom Sepez).</p>
- <p>[160380] Medium CVE-2013-0832: Use-after-free with printing.
- Credit to Google Chrome Security Team (Cris Neckar).</p>
- <p>[154485] Medium CVE-2013-0833: Out-of-bounds read with printing.
- Credit to Google Chrome Security Team (Cris Neckar).</p>
- <p>[154283] Medium CVE-2013-0834: Out-of-bounds read with glyph
- handling. Credit to Google Chrome Security Team (Cris Neckar).</p>
- <p>[152921] Low CVE-2013-0835: Browser crash with geolocation. Credit
- to Arthur Gerkis.</p>
- <p>[150545] High CVE-2013-0836: Crash in v8 garbage collection.
- Credit to Google Chrome Security Team (Cris Neckar).</p>
- <p>[145363] Medium CVE-2013-0837: Crash in extension tab handling.
- Credit to Tom Nielsen.</p>
- <p>[Linux only] [143859] Low CVE-2013-0838: Tighten permissions on
- shared memory segments. Credit to Google Chrome Security Team
- (Chris Palmer).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-5145</cvename>
- <cvename>CVE-2012-5146</cvename>
- <cvename>CVE-2012-5147</cvename>
- <cvename>CVE-2012-5148</cvename>
- <cvename>CVE-2012-5149</cvename>
- <cvename>CVE-2012-5150</cvename>
- <cvename>CVE-2012-5151</cvename>
- <cvename>CVE-2012-5152</cvename>
- <cvename>CVE-2012-5153</cvename>
- <cvename>CVE-2012-5155</cvename>
- <cvename>CVE-2012-5156</cvename>
- <cvename>CVE-2012-5157</cvename>
- <cvename>CVE-2013-0828</cvename>
- <cvename>CVE-2013-0829</cvename>
- <cvename>CVE-2013-0831</cvename>
- <cvename>CVE-2013-0832</cvename>
- <cvename>CVE-2013-0833</cvename>
- <cvename>CVE-2013-0834</cvename>
- <cvename>CVE-2013-0835</cvename>
- <cvename>CVE-2013-0836</cvename>
- <cvename>CVE-2013-0837</cvename>
- <cvename>CVE-2013-0838</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2013-01-10</discovery>
- <entry>2013-01-11</entry>
- </dates>
- </vuln>
-
<vuln vid="a4ed6632-5aa9-11e2-8fcb-c8600054b392">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
@@ -67793,49 +66088,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="51f84e28-444e-11e2-8306-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>23.0.1271.97</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[158204] High CVE-2012-5139: Use-after-free with visibility
- events. Credit to Chamal de Silva.</p>
- <p>[159429] High CVE-2012-5140: Use-after-free in URL loader. Credit
- to Chamal de Silva.</p>
- <p>[160456] Medium CVE-2012-5141: Limit Chromoting client plug-in
- instantiation. Credit to Google Chrome Security Team (Jüri
- Aedla).</p>
- <p>[160803] Critical CVE-2012-5142: Crash in history navigation.
- Credit to Michal Zalewski of Google Security Team.</p>
- <p>[160926] Medium CVE-2012-5143: Integer overflow in PPAPI image
- buffers. Credit to Google Chrome Security Team (Cris Neckar).</p>
- <p>[161639] High CVE-2012-5144: Stack corruption in AAC decoding.
- Credit to pawlkt.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-5139</cvename>
- <cvename>CVE-2012-5140</cvename>
- <cvename>CVE-2012-5141</cvename>
- <cvename>CVE-2012-5142</cvename>
- <cvename>CVE-2012-5143</cvename>
- <cvename>CVE-2012-5144</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-12-11</discovery>
- <entry>2012-12-12</entry>
- </dates>
- </vuln>
-
<vuln vid="953911fe-51ef-11e2-8e34-0022156e8794">
<topic>tomcat -- bypass of CSRF prevention filter</topic>
<affects>
@@ -68007,36 +66259,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="5af51ae9-3acd-11e2-a4eb-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>23.0.1271.95</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[161564] High CVE-2012-5138: Incorrect file path handling. Credit
- to Google Chrome Security Team (Jüri Aedla).</p>
- <p>[162835] High CVE-2012-5137: Use-after-free in media source
- handling. Credit to Pinkie Pie.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-5137</cvename>
- <cvename>CVE-2012-5138</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-11-29</discovery>
- <entry>2012-11-30</entry>
- </dates>
- </vuln>
-
<vuln vid="aa4f86af-3172-11e2-ad21-20cf30e32f6d">
<topic>YUI JavaScript library -- JavaScript injection exploits in Flash components</topic>
<affects>
@@ -68072,48 +66294,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="4d64fc61-3878-11e2-a4eb-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>23.0.1271.91</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[156567] High CVE-2012-5133: Use-after-free in SVG filters. Credit
- to miaubiz.</p>
- <p>[148638] Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit
- to Atte Kettunen of OUSPG.</p>
- <p>[155711] Low CVE-2012-5132: Browser crash with chunked encoding.
- Credit to Attila Szász.</p>
- <p>[158249] High CVE-2012-5134: Buffer underflow in libxml. Credit to
- Google Chrome Security Team (Jüri Aedla).</p>
- <p>[159165] Medium CVE-2012-5135: Use-after-free with printing.
- Credit to Fermin Serna of Google Security Team.</p>
- <p>[159829] Medium CVE-2012-5136: Bad cast in input element handling.
- Credit to Google Chrome Security Team (Inferno).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-5130</cvename>
- <cvename>CVE-2012-5132</cvename>
- <cvename>CVE-2012-5133</cvename>
- <cvename>CVE-2012-5134</cvename>
- <cvename>CVE-2012-5135</cvename>
- <cvename>CVE-2012-5136</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-11-26</discovery>
- <entry>2012-11-27</entry>
- </dates>
- </vuln>
-
<vuln vid="5536c8e4-36b3-11e2-a633-902b343deec9">
<topic>FreeBSD -- Linux compatibility layer input validation error</topic>
<affects>
@@ -68740,72 +66920,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="209c068d-28be-11e2-9160-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>23.0.1271.64</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[157079] Medium CVE-2012-5127: Integer overflow leading to
- out-of-bounds read in WebP handling. Credit to Phil Turnbull.</p>
- <p>[Linux 64-bit only] [150729] Medium CVE-2012-5120: Out-of-bounds
- array access in v8. Credit to Atte Kettunen of OUSPG.</p>
- <p>[143761] High CVE-2012-5116: Use-after-free in SVG filter
- handling. Credit to miaubiz.</p>
- <p>[Mac OS only] [149717] High CVE-2012-5118: Integer bounds check
- issue in GPU command buffers. Credit to miaubiz.</p>
- <p>[154055] High CVE-2012-5121: Use-after-free in video layout.
- Credit to Atte Kettunen of OUSPG.</p>
- <p>[145915] Low CVE-2012-5117: Inappropriate load of SVG subresource
- in img context. Credit to Felix Gröbert of the Google Security
- Team.</p>
- <p>[149759] Medium CVE-2012-5119: Race condition in Pepper buffer
- handling. Credit to Fermin Serna of the Google Security Team.</p>
- <p>[154465] Medium CVE-2012-5122: Bad cast in input handling. Credit
- to Google Chrome Security Team (Inferno).</p>
- <p>[154590] [156826] Medium CVE-2012-5123: Out-of-bounds reads in
- Skia. Credit to Google Chrome Security Team (Inferno).</p>
- <p>[155323] High CVE-2012-5124: Memory corruption in texture handling.
- Credit to Al Patrick of the Chromium development community.</p>
- <p>[156051] Medium CVE-2012-5125: Use-after-free in extension tab
- handling. Credit to Alexander Potapenko of the Chromium development
- community.</p>
- <p>[156366] Medium CVE-2012-5126: Use-after-free in plug-in
- placeholder handling. Credit to Google Chrome Security Team
- (Inferno).</p>
- <p>[157124] High CVE-2012-5128: Bad write in v8. Credit to Google
- Chrome Security Team (Cris Neckar).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-5127</cvename>
- <cvename>CVE-2012-5120</cvename>
- <cvename>CVE-2012-5116</cvename>
- <cvename>CVE-2012-5118</cvename>
- <cvename>CVE-2012-5121</cvename>
- <cvename>CVE-2012-5117</cvename>
- <cvename>CVE-2012-5119</cvename>
- <cvename>CVE-2012-5122</cvename>
- <cvename>CVE-2012-5123</cvename>
- <cvename>CVE-2012-5124</cvename>
- <cvename>CVE-2012-5125</cvename>
- <cvename>CVE-2012-5126</cvename>
- <cvename>CVE-2012-5128</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-11-06</discovery>
- <entry>2012-11-07</entry>
- </dates>
- </vuln>
-
<vuln vid="38daea4f-2851-11e2-9483-14dae938ec40">
<topic>opera -- multiple vulnerabilities</topic>
<affects>
@@ -69565,33 +67679,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="09e83f7f-1326-11e2-afe3-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>22.0.1229.94</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[154983][154987] Critical CVE-2012-5112: SVG use-after-free and
- IPC arbitrary file write. Credit to Pinkie Pie.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-5112</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-10-10</discovery>
- <entry>2012-10-10</entry>
- </dates>
- </vuln>
-
<vuln vid="6e5a9afd-12d3-11e2-b47d-c8600054b392">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
@@ -69763,46 +67850,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="e6161b65-1187-11e2-afe3-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>22.0.1229.92</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[138208] High CVE-2012-2900: Crash in Skia text rendering. Credit
- to Atte Kettunen of OUSPG.</p>
- <p>[147499] Critical CVE-2012-5108: Race condition in audio device
- handling. Credit to Atte Kettunen of OUSPG.</p>
- <p>[148692] Medium CVE-2012-5109: OOB read in ICU regex. Credit to
- Arthur Gerkis.</p>
- <p>[151449] Medium CVE-2012-5110: Out-of-bounds read in compositor.
- Credit to Google Chrome Security Team (Inferno).</p>
- <p>[151895] Low CVE-2012-5111: Plug-in crash monitoring was missing
- for Pepper plug-ins. Credit to Google Chrome Security Team (Chris
- Evans).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-2900</cvename>
- <cvename>CVE-2012-5108</cvename>
- <cvename>CVE-2012-5109</cvename>
- <cvename>CVE-2012-5110</cvename>
- <cvename>CVE-2012-5111</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-10-08</discovery>
- <entry>2012-10-08</entry>
- </dates>
- </vuln>
-
<vuln vid="dee44ba9-08ab-11e2-a044-d0df9acfd7e5">
<topic>OpenX -- SQL injection vulnerability</topic>
<affects>
@@ -69839,102 +67886,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="5bae2ab4-0820-11e2-be5f-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>22.0.1229.79</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[143439] High CVE-2012-2889: UXSS in frame handling. Credit to
- Sergey Glazunov.</p>
- <p>[143437] High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey
- Glazunov.</p>
- <p>[139814] High CVE-2012-2881: DOM tree corruption with plug-ins.
- Credit to Chamal de Silva.</p>
- <p>[135432] High CVE-2012-2876: Buffer overflow in SSE2 optimizations.
- Credit to Atte Kettunen of OUSPG.</p>
- <p>[140803] High CVE-2012-2883: Out-of-bounds write in Skia. Credit to
- Atte Kettunen of OUSPG.</p>
- <p>[143609] High CVE-2012-2887: Use-after-free in onclick handling.
- Credit to Atte Kettunen of OUSPG.</p>
- <p>[143656] High CVE-2012-2888: Use-after-free in SVG text references.
- Credit to miaubiz.</p>
- <p>[144899] High CVE-2012-2894: Crash in graphics context handling.
- Credit to Slawomir Blazek.</p>
- <p>[137707] Medium CVE-2012-2877: Browser crash with extensions and
- modal dialogs. Credit to Nir Moshe.</p>
- <p>[139168] Low CVE-2012-2879: DOM topology corruption. Credit to
- pawlkt.</p>
- <p>[141651] Medium CVE-2012-2884: Out-of-bounds read in Skia. Credit
- to Atte Kettunen of OUSPG.</p>
- <p>[132398] High CVE-2012-2874: Out-of-bounds write in Skia. Credit to
- Google Chrome Security Team (Inferno).</p>
- <p>[134955] [135488] [137106] [137288] [137302] [137547] [137556]
- [137606] [137635] [137880] [137928] [144579] [145079] [145121]
- [145163] [146462] Medium CVE-2012-2875: Various lower severity
- issues in the PDF viewer. Credit to Mateusz Jurczyk of Google
- Security Team, with contributions by Gynvael Coldwind of Google
- Security Team.</p>
- <p>[137852] High CVE-2012-2878: Use-after-free in plug-in handling.
- Credit to Fermin Serna of Google Security Team.</p>
- <p>[139462] Medium CVE-2012-2880: Race condition in plug-in paint
- buffer. Credit to Google Chrome Security Team (Cris Neckar).</p>
- <p>[140647] High CVE-2012-2882: Wild pointer in OGG container
- handling. Credit to Google Chrome Security Team (Inferno).</p>
- <p>[142310] Medium CVE-2012-2885: Possible double free on exit. Credit
- to the Chromium development community.</p>
- <p>[143798] [144072] [147402] High CVE-2012-2890: Use-after-free in
- PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with
- contributions by Gynvael Coldwind of Google Security Team.</p>
- <p>[144051] Low CVE-2012-2891: Address leak over IPC. Credit to Lei
- Zhang of the Chromium development community.</p>
- <p>[144704] Low CVE-2012-2892: Pop-up block bypass. Credit to Google
- Chrome Security Team (Cris Neckar).</p>
- <p>[144799] High CVE-2012-2893: Double free in XSL transforms. Credit
- to Google Chrome Security Team (Cris Neckar).</p>
- <p>[145029] [145157] [146460] High CVE-2012-2895: Out-of-bounds writes
- in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team,
- with contributions by Gynvael Coldwind of Google Security Team.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-2889</cvename>
- <cvename>CVE-2012-2886</cvename>
- <cvename>CVE-2012-2881</cvename>
- <cvename>CVE-2012-2876</cvename>
- <cvename>CVE-2012-2883</cvename>
- <cvename>CVE-2012-2887</cvename>
- <cvename>CVE-2012-2888</cvename>
- <cvename>CVE-2012-2894</cvename>
- <cvename>CVE-2012-2877</cvename>
- <cvename>CVE-2012-2879</cvename>
- <cvename>CVE-2012-2884</cvename>
- <cvename>CVE-2012-2874</cvename>
- <cvename>CVE-2012-2875</cvename>
- <cvename>CVE-2012-2878</cvename>
- <cvename>CVE-2012-2880</cvename>
- <cvename>CVE-2012-2882</cvename>
- <cvename>CVE-2012-2885</cvename>
- <cvename>CVE-2012-2890</cvename>
- <cvename>CVE-2012-2891</cvename>
- <cvename>CVE-2012-2892</cvename>
- <cvename>CVE-2012-2893</cvename>
- <cvename>CVE-2012-2895</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-09-25</discovery>
- <entry>2012-09-26</entry>
- </dates>
- </vuln>
-
<vuln vid="73efb1b7-07ec-11e2-a391-000c29033c32">
<topic>eperl -- Remote code execution</topic>
<affects>
@@ -70755,53 +68706,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="ee68923d-f2f5-11e1-8014-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>21.0.1180.89</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[121347] Medium CVE-2012-2865: Out-of-bounds read in line breaking.
- Credit to miaubiz.</p>
- <p>[134897] High CVE-2012-2866: Bad cast with run-ins. Credit to
- miaubiz.</p>
- <p>[135485] Low CVE-2012-2867: Browser crash with SPDY.</p>
- <p>[136881] Medium CVE-2012-2868: Race condition with workers and XHR.
- Credit to miaubiz.</p>
- <p>[137778] High CVE-2012-2869: Avoid stale buffer in URL loading.
- Credit to Fermin Serna of the Google Security Team.</p>
- <p>[138672] [140368] Low CVE-2012-2870: Lower severity memory
- management issues in XPath. Credit to Nicolas Gregoire.</p>
- <p>[138673] High CVE-2012-2871: Bad cast in XSL transforms. Credit to
- Nicolas Gregoire.</p>
- <p>[142956] Medium CVE-2012-2872: XSS in SSL interstitial. Credit to
- Emmanuel Bronshtein.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-2865</cvename>
- <cvename>CVE-2012-2866</cvename>
- <cvename>CVE-2012-2867</cvename>
- <cvename>CVE-2012-2868</cvename>
- <cvename>CVE-2012-2869</cvename>
- <cvename>CVE-2012-2870</cvename>
- <cvename>CVE-2012-2871</cvename>
- <cvename>CVE-2012-2872</cvename>
- <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-08-30</discovery>
- <entry>2012-08-30</entry>
- </dates>
- </vuln>
-
<vuln vid="4c53f007-f2ed-11e1-a215-14dae9ebcf89">
<topic>asterisk -- multiple vulnerabilities</topic>
<affects>
@@ -71772,148 +69676,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="60bbe12c-e2c1-11e1-a8ca-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>21.0.1180.75</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[136643] [137721] [137957] High CVE-2012-2862: Use-after-free in
- PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with
- contributions by Gynvael Coldwind of Google Security Team.</p>
- <p>[136968] [137361] High CVE-2012-2863: Out-of-bounds writes in PDF
- viewer. Credit to Mateusz Jurczyk of Google Security Team, with
- contributions by Gynvael Coldwind of Google Security Team.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-2862</cvename>
- <cvename>CVE-2012-2863</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-08-08</discovery>
- <entry>2012-08-10</entry>
- </dates>
- </vuln>
-
- <vuln vid="ce84e136-e2f6-11e1-a8ca-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>21.0.1180.60</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[Linux only] [125225] Medium CVE-2012-2846: Cross-process
- interference in renderers. Credit to Google Chrome Security Team
- (Julien Tinnes).</p>
- <p>[127522] Low CVE-2012-2847: Missing re-prompt to user upon
- excessive downloads. Credit to Matt Austin of Aspect Security.</p>
- <p>[127525] Medium CVE-2012-2848: Overly broad file access granted
- after drag+drop. Credit to Matt Austin of Aspect Security.</p>
- <p>[128163] Low CVE-2012-2849: Off-by-one read in GIF decoder. Credit
- to Atte Kettunen of OUSPG.</p>
- <p>[130251] [130592] [130611] [131068] [131237] [131252] [131621]
- [131690] [132860] Medium CVE-2012-2850: Various lower severity
- issues in the PDF viewer. Credit to Mateusz Jurczyk of Google
- Security Team, with contributions by Gynvael Coldwind of Google
- Security Team.</p>
- <p>[132585] [132694] [132861] High CVE-2012-2851: Integer overflows in
- PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with
- contributions by Gynvael Coldwind of Google Security Team.</p>
- <p>[134028] High CVE-2012-2852: Use-after-free with bad object linkage
- in PDF. Credit to Alexey Samsonov of Google.</p>
- <p>[134101] Medium CVE-2012-2853: webRequest can interfere with the
- Chrome Web Store. Credit to Trev of Adblock.</p>
- <p>[134519] Low CVE-2012-2854: Leak of pointer values to WebUI
- renderers. Credit to Nasko Oskov of the Chromium development
- community.</p>
- <p>[134888] High CVE-2012-2855: Use-after-free in PDF viewer. Credit
- to Mateusz Jurczyk of Google Security Team, with contributions by
- Gynvael Coldwind of Google Security Team.</p>
- <p>[134954] [135264] High CVE-2012-2856: Out-of-bounds writes in PDF
- viewer. Credit to Mateusz Jurczyk of Google Security Team, with
- contributions by Gynvael Coldwind of Google Security Team.</p>
- <p>[136235] High CVE-2012-2857: Use-after-free in CSS DOM. Credit to
- Arthur Gerkis.</p>
- <p>[136894] High CVE-2012-2858: Buffer overflow in WebP decoder.
- Credit to Juri Aedla.</p>
- <p>[Linux only] [137541] Critical CVE-2012-2859: Crash in tab
- handling. Credit to Jeff Roberts of Google Security Team.</p>
- <p>[137671] Medium CVE-2012-2860: Out-of-bounds access when clicking
- in date picker. Credit to Chamal de Silva.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-2846</cvename>
- <cvename>CVE-2012-2847</cvename>
- <cvename>CVE-2012-2848</cvename>
- <cvename>CVE-2012-2849</cvename>
- <cvename>CVE-2012-2850</cvename>
- <cvename>CVE-2012-2851</cvename>
- <cvename>CVE-2012-2852</cvename>
- <cvename>CVE-2012-2853</cvename>
- <cvename>CVE-2012-2854</cvename>
- <cvename>CVE-2012-2855</cvename>
- <cvename>CVE-2012-2856</cvename>
- <cvename>CVE-2012-2857</cvename>
- <cvename>CVE-2012-2858</cvename>
- <cvename>CVE-2012-2859</cvename>
- <cvename>CVE-2012-2860</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-07-31</discovery>
- <entry>2012-08-10</entry>
- </dates>
- </vuln>
-
- <vuln vid="2092a45b-e2f6-11e1-a8ca-00262d5ed8ee">
- <topic>www/chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>20.0.1132.57</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[129898] High CVE-2012-2842: Use-after-free in counter handling.
- Credit to miaubiz.</p>
- <p>[130595] High CVE-2012-2843: Use-after-free in layout height
- tracking. Credit to miaubiz.</p>
- <p>[133450] High CVE-2012-2844: Bad object access with JavaScript in
- PDF. Credit to Alexey Samsonov of Google.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-2842</cvename>
- <cvename>CVE-2012-2843</cvename>
- <cvename>CVE-2012-2844</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-07-11</discovery>
- <entry>2012-08-10</entry>
- </dates>
- </vuln>
-
<vuln vid="31db9a18-e289-11e1-a57d-080027a27dbf">
<topic>rubygem-rails -- multiple vulnerabilities</topic>
<affects>
@@ -72875,86 +70637,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="ff922811-c096-11e1-b0f4-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>20.0.1132.43</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
- <p>[118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to
- Elie Bursztein of Google.</p>
- <p>[120222] High CVE-2012-2817: Use-after-free in table section
- handling. Credit to miaubiz.</p>
- <p>[120944] High CVE-2012-2818: Use-after-free in counter layout.
- Credit to miaubiz.</p>
- <p>[120977] High CVE-2012-2819: Crash in texture handling. Credit to
- Ken "gets" Russell of the Chromium development community.</p>
- <p>[121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter
- handling. Credit to Atte Kettunen of OUSPG.</p>
- <p>[122925] Medium CVE-2012-2821: Autofill display problem. Credit to
- "simonbrown60".</p>
- <p>[various] Medium CVE-2012-2822: Misc. lower severity OOB read
- issues in PDF. Credit to awesome ASAN and various Googlers (Kostya
- Serebryany, Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind).</p>
- <p>[124356] High CVE-2012-2823: Use-after-free in SVG resource
- handling. Credit to miaubiz.</p>
- <p>[125374] High CVE-2012-2824: Use-after-free in SVG painting.
- Credit to miaubiz.</p>
- <p>[128688] Medium CVE-2012-2826: Out-of-bounds read in texture
- conversion. Credit to Google Chrome Security Team (Inferno).</p>
- <p>[Mac only] [129826] Low CVE-2012-2827: Use-after-free in Mac UI.
- Credit to the Chromium development community (Dharani Govindan).</p>
- <p>[129857] High CVE-2012-2828: Integer overflows in PDF. Credit to
- Mateusz Jurczyk of Google Security Team and Google Chrome Security
- Team (Chris Evans).</p>
- <p>[129947] High CVE-2012-2829: Use-after-free in first-letter
- handling. Credit to miaubiz.</p>
- <p>[129951] High CVE-2012-2830: Wild pointer in array value setting.
- Credit to miaubiz.</p>
- <p>[130356] High CVE-2012-2831: Use-after-free in SVG reference
- handling. Credit to miaubiz.</p>
- <p>[131553] High CVE-2012-2832: Uninitialized pointer in PDF image
- codec. Credit to Mateusz Jurczyk of Google Security Team.</p>
- <p>[132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit
- to Mateusz Jurczyk of Google Security Team.</p>
- <p>[132779] High CVE-2012-2834: Integer overflow in Matroska
- container. Credit to Juri Aedla.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2012-2815</cvename>
- <cvename>CVE-2012-2817</cvename>
- <cvename>CVE-2012-2818</cvename>
- <cvename>CVE-2012-2819</cvename>
- <cvename>CVE-2012-2820</cvename>
- <cvename>CVE-2012-2821</cvename>
- <cvename>CVE-2012-2822</cvename>
- <cvename>CVE-2012-2823</cvename>
- <cvename>CVE-2012-2824</cvename>
- <cvename>CVE-2012-2826</cvename>
- <cvename>CVE-2012-2827</cvename>
- <cvename>CVE-2012-2828</cvename>
- <cvename>CVE-2012-2829</cvename>
- <cvename>CVE-2012-2830</cvename>
- <cvename>CVE-2012-2831</cvename>
- <cvename>CVE-2012-2832</cvename>
- <cvename>CVE-2012-2833</cvename>
- <cvename>CVE-2012-2834</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-06-26</discovery>
- <entry>2012-06-27</entry>
- </dates>
- </vuln>
-
<vuln vid="aed44c4e-c067-11e1-b5e0-000c299b62e1">
<topic>FreeBSD -- Privilege escalation when returning from kernel</topic>
<affects>
@@ -73673,74 +71355,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="219d0bfd-a915-11e1-b519-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>19.0.1084.52</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[117409] High CVE-2011-3103: Crashes in v8 garbage collection.
- Credit to the Chromium development community (Brett Wilson).</p>
- <p>[118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit
- to Google Chrome Security Team (Inferno).</p>
- <p>[120912] High CVE-2011-3105: Use-after-free in first-letter
- handling. Credit to miaubiz.</p>
- <p>[122654] Critical CVE-2011-3106: Browser memory corruption with
- websockets over SSL. Credit to the Chromium development community
- (Dharani Govindan).</p>
- <p>[124625] High CVE-2011-3107: Crashes in the plug-in JavaScript
- bindings. Credit to the Chromium development community (Dharani
- Govindan).</p>
- <p>[125159] Critical CVE-2011-3108: Use-after-free in browser cache.
- Credit to "efbiaiinzinz".</p>
- <p>[Linux only] [126296] High CVE-2011-3109: Bad cast in GTK UI.
- Credit to Micha Bartholome.</p>
- <p>[126337] [126343] [126378] [127349] [127819] [127868] High
- CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz
- Jurczyk of the Google Security Team, with contributions by Gynvael
- Coldwind of the Google Security Team.</p>
- <p>[126414] Medium CVE-2011-3111: Invalid read in v8. Credit to
- Christian Holler.</p>
- <p>[127331] High CVE-2011-3112: Use-after-free with invalid encrypted
- PDF. Credit to Mateusz Jurczyk of the Google Security Team, with
- contributions by Gynvael Coldwind of the Google Security Team.</p>
- <p>[127883] High CVE-2011-3113: Invalid cast with colorspace handling
- in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with
- contributions by Gynvael Coldwind of the Google Security Team.</p>
- <p>[128014] High CVE-2011-3114: Buffer overflows with PDF functions.
- Credit to Google Chrome Security Team (scarybeasts).</p>
- <p>[128018] High CVE-2011-3115: Type corruption in v8. Credit to
- Christian Holler.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3103</cvename>
- <cvename>CVE-2011-3104</cvename>
- <cvename>CVE-2011-3105</cvename>
- <cvename>CVE-2011-3106</cvename>
- <cvename>CVE-2011-3107</cvename>
- <cvename>CVE-2011-3108</cvename>
- <cvename>CVE-2011-3110</cvename>
- <cvename>CVE-2011-3111</cvename>
- <cvename>CVE-2011-3112</cvename>
- <cvename>CVE-2011-3113</cvename>
- <cvename>CVE-2011-3114</cvename>
- <cvename>CVE-2011-3115</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-05-23</discovery>
- <entry>2012-05-28</entry>
- </dates>
- </vuln>
-
<vuln vid="617959ce-a5f6-11e1-a284-0023ae8e59f0">
<topic>haproxy -- buffer overflow</topic>
<affects>
@@ -74102,84 +71716,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="1449af37-9eba-11e1-b9c1-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>19.0.1084.46</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit
- to Aki Helin of OUSPG.</p>
- <p>[113496] Low CVE-2011-3084: Load links from internal pages in their
- own process. Credit to Brett Wilson of the Chromium development
- community.</p>
- <p>[118374] Medium CVE-2011-3085: UI corruption with long autofilled
- values. Credit to "psaldorn".</p>
- <p>[118642] High CVE-2011-3086: Use-after-free with style element.
- Credit to Arthur Gerkis.</p>
- <p>[118664] Low CVE-2011-3087: Incorrect window navigation. Credit to
- Charlie Reis of the Chromium development community.</p>
- <p>[120648] Medium CVE-2011-3088: Out-of-bounds read in hairline
- drawing. Credit to Aki Helin of OUSPG.</p>
- <p>[120711] High CVE-2011-3089: Use-after-free in table handling.
- Credit to miaubiz.</p>
- <p>[121223] Medium CVE-2011-3090: Race condition with workers. Credit
- to Arthur Gerkis.</p>
- <p>[121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit
- to Google Chrome Security Team (Inferno).</p>
- <p>[122337] High CVE-2011-3092: Invalid write in v8 regex. Credit to
- Christian Holler.</p>
- <p>[122585] Medium CVE-2011-3093: Out-of-bounds read in glyph
- handling. Credit to miaubiz.</p>
- <p>[122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan
- handling. Credit to miaubiz.</p>
- <p>[123481] High CVE-2011-3095: Out-of-bounds write in OGG container.
- Credit to Hannu Heikkinen.</p>
- <p>[Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK
- omnibox handling. Credit to Arthur Gerkis.</p>
- <p>[123733] [124182] High CVE-2011-3097: Out-of-bounds write in
- sampled functions with PDF. Credit to Kostya Serebryany of Google
- and Evgeniy Stepanov of Google.</p>
- <p>[124479] High CVE-2011-3099: Use-after-free in PDF with corrupt
- font encoding name. Credit to Mateusz Jurczyk of Google Security
- Team and Gynvael Coldwind of Google Security Team.</p>
- <p>[124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash
- paths. Credit to Google Chrome Security Team (Inferno).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3083</cvename>
- <cvename>CVE-2011-3084</cvename>
- <cvename>CVE-2011-3085</cvename>
- <cvename>CVE-2011-3086</cvename>
- <cvename>CVE-2011-3087</cvename>
- <cvename>CVE-2011-3088</cvename>
- <cvename>CVE-2011-3089</cvename>
- <cvename>CVE-2011-3090</cvename>
- <cvename>CVE-2011-3091</cvename>
- <cvename>CVE-2011-3092</cvename>
- <cvename>CVE-2011-3093</cvename>
- <cvename>CVE-2011-3094</cvename>
- <cvename>CVE-2011-3095</cvename>
- <cvename>CVE-2011-3096</cvename>
- <cvename>CVE-2011-3097</cvename>
- <cvename>CVE-2011-3099</cvename>
- <cvename>CVE-2011-3100</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-05-15</discovery>
- <entry>2012-05-15</entry>
- </dates>
- </vuln>
-
<vuln vid="6601127c-9e09-11e1-b5e0-000c299b62e1">
<topic>socat -- Heap-based buffer overflow</topic>
<affects>
@@ -74513,48 +72049,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="94c0ac4f-9388-11e1-b242-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>18.0.1025.168</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[106413] High CVE-2011-3078: Use after free in floats handling.
- Credit to Google Chrome Security Team (Marty Barbella) and
- independent later discovery by miaubiz.</p>
- <p>[117627] Medium CVE-2011-3079: IPC validation failure. Credit to
- PinkiePie.</p>
- <p>[121726] Medium CVE-2011-3080: Race condition in sandbox IPC.
- Credit to Willem Pinckaers of Matasano.</p>
- <p>[121899] High CVE-2011-3081: Use after free in floats handling.
- Credit to miaubiz.</p>
- <p>[117110] High CVE-2012-1521: Use after free in xml parser. Credit
- to Google Chrome Security Team (SkyLined) and independent later
- discovery by wushi of team509 reported through iDefense VCP
- (V-874rcfpq7z).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3078</cvename>
- <cvename>CVE-2011-3079</cvename>
- <cvename>CVE-2011-3080</cvename>
- <cvename>CVE-2011-3081</cvename>
- <cvename>CVE-2012-1521</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-04-30</discovery>
- <entry>2012-05-01</entry>
- </dates>
- </vuln>
-
<vuln vid="2cde1892-913e-11e1-b44c-001fd0af1a4c">
<topic>php -- multiple vulnerabilities</topic>
<affects>
@@ -75342,66 +72836,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="057130e6-7f61-11e1-8a43-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>18.0.1025.151</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz.</p>
- <p>[117583] Medium CVE-2011-3067: Cross-origin iframe replacement.
- Credit to Sergey Glazunov.</p>
- <p>[117698] High CVE-2011-3068: Use-after-free in run-in handling.
- Credit to miaubiz.</p>
- <p>[117728] High CVE-2011-3069: Use-after-free in line box handling.
- Credit to miaubiz.</p>
- <p>[118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit
- to Google Chrome Security Team (SkyLined).</p>
- <p>[118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement.
- Credit to pa_kt, reporting through HP TippingPoint ZDI
- (ZDI-CAN-1528).</p>
- <p>[118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up
- window. Credit to Sergey Glazunov.</p>
- <p>[118593] High CVE-2011-3073: Use-after-free in SVG resource
- handling. Credit to Arthur Gerkis.</p>
- <p>[119281] Medium CVE-2011-3074: Use-after-free in media handling.
- Credit to Slawomir Blazek.</p>
- <p>[119525] High CVE-2011-3075: Use-after-free applying style command.
- Credit to miaubiz.</p>
- <p>[120037] High CVE-2011-3076: Use-after-free in focus handling.
- Credit to miaubiz.</p>
- <p>[120189] Medium CVE-2011-3077: Read-after-free in script bindings.
- Credit to Google Chrome Security Team (Inferno).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3066</cvename>
- <cvename>CVE-2011-3067</cvename>
- <cvename>CVE-2011-3068</cvename>
- <cvename>CVE-2011-3069</cvename>
- <cvename>CVE-2011-3070</cvename>
- <cvename>CVE-2011-3071</cvename>
- <cvename>CVE-2011-3072</cvename>
- <cvename>CVE-2011-3073</cvename>
- <cvename>CVE-2011-3074</cvename>
- <cvename>CVE-2011-3075</cvename>
- <cvename>CVE-2011-3076</cvename>
- <cvename>CVE-2011-3077</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-04-05</discovery>
- <entry>2012-04-05</entry>
- </dates>
- </vuln>
-
<vuln vid="7289214f-7c55-11e1-ab3b-000bcdf0a03b">
<topic>libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding</topic>
<affects>
@@ -75461,57 +72895,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="b8f0a391-7910-11e1-8a43-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>18.0.1025.142</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[109574] Medium CVE-2011-3058: Bad interaction possibly leading to
- XSS in EUC-JP. Credit to Masato Kinugawa.</p>
- <p>[112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text
- handling. Credit to Arthur Gerkis.</p>
- <p>[114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
- handling. Credit to miaubiz.</p>
- <p>[116398] Medium CVE-2011-3061: SPDY proxy certificate checking
- error. Credit to Leonidas Kontothanassis of Google.</p>
- <p>[116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer.
- Credit to Mateusz Jurczyk of the Google Security Team.</p>
- <p>[117417] Low CVE-2011-3063: Validate navigation requests from the
- renderer more carefully. Credit to kuzzcc, Sergey Glazunov,
- PinkiePie and scarybeasts (Google Chrome Security Team).</p>
- <p>[117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG.</p>
- <p>[117588] High CVE-2011-3065: Memory corruption in Skia. Credit to
- Omair.</p>
- <p>[117794] Medium CVE-2011-3057: Invalid read in v8. Credit to
- Christian Holler.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3057</cvename>
- <cvename>CVE-2011-3058</cvename>
- <cvename>CVE-2011-3059</cvename>
- <cvename>CVE-2011-3060</cvename>
- <cvename>CVE-2011-3061</cvename>
- <cvename>CVE-2011-3062</cvename>
- <cvename>CVE-2011-3063</cvename>
- <cvename>CVE-2011-3064</cvename>
- <cvename>CVE-2011-3065</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-03-28</discovery>
- <entry>2012-03-28</entry>
- </dates>
- </vuln>
-
<vuln vid="60f81af3-7690-11e1-9423-00235a5f2c9a">
<topic>raptor/raptor2 -- XXE in RDF/XML File Interpretation</topic>
<affects>
@@ -75629,61 +73012,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="330106da-7406-11e1-a1d7-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>17.0.963.83</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[113902] High CVE-2011-3050: Use-after-free with first-letter
- handling. Credit to miaubiz.</p>
- <p>[116162] High CVE-2011-3045: libpng integer issue from upstream.
- Credit to Glenn Randers-Pehrson of the libpng project.</p>
- <p>[116461] High CVE-2011-3051: Use-after-free in CSS cross-fade
- handling. Credit to Arthur Gerkis.</p>
- <p>[116637] High CVE-2011-3052: Memory corruption in WebGL canvas
- handling. Credit to Ben Vanik of Google.</p>
- <p>[116746] High CVE-2011-3053: Use-after-free in block splitting.
- Credit to miaubiz.</p>
- <p>[117418] Low CVE-2011-3054: Apply additional isolations to webui
- privileges. Credit to Sergey Glazunov.</p>
- <p>[117736] Low CVE-2011-3055: Prompt in the browser native UI for
- unpacked extension installation. Credit to PinkiePie.</p>
- <p>[117550] High CVE-2011-3056: Cross-origin violation with "magic
- iframe". Credit to Sergey Glazunov.</p>
- <p>[117794] Medium CVE-2011-3057: Invalid read in v8. Credit to
- Christian Holler.</p>
- <p>[108648] Low CVE-2011-3049: Extension web request API can
- interfere with system requests. Credit to Michael Gundlach.
- Fixed in an earlier release.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3045</cvename>
- <cvename>CVE-2011-3049</cvename>
- <cvename>CVE-2011-3050</cvename>
- <cvename>CVE-2011-3051</cvename>
- <cvename>CVE-2011-3052</cvename>
- <cvename>CVE-2011-3053</cvename>
- <cvename>CVE-2011-3054</cvename>
- <cvename>CVE-2011-3055</cvename>
- <cvename>CVE-2011-3056</cvename>
- <cvename>CVE-2011-3057</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-03-21</discovery>
- <entry>2012-03-22</entry>
- </dates>
- </vuln>
-
<vuln vid="2e7e9072-73a0-11e1-a883-001cc0a36e12">
<topic>libtasn1 -- ASN.1 length decoding vulnerability</topic>
<affects>
@@ -75979,33 +73307,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="ab1f515d-6b69-11e1-8288-00262d5ed8ee">
- <topic>chromium -- Errant plug-in load and GPU process memory corruption</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>17.0.963.79</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[117620] [117656] Critical CVE-2011-3047: Errant plug-in load and
- GPU process memory corruption. Credit to PinkiePie.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3047</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-03-10</discovery>
- <entry>2012-03-11</entry>
- </dates>
- </vuln>
-
<vuln vid="9da3834b-6a50-11e1-91af-003067b2972c">
<topic>linux-flashplugin -- multiple vulnerabilities</topic>
<affects>
@@ -76033,33 +73334,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="1015e1fe-69ce-11e1-8288-00262d5ed8ee">
- <topic>chromium -- cross-site scripting vulnerability</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>17.0.963.78</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[117226] [117230] Critical CVE-2011-3046: UXSS and bad history
- navigation. Credit to Sergey Glazunov.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3046</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-03-08</discovery>
- <entry>2012-03-09</entry>
- </dates>
- </vuln>
-
<vuln vid="9448a82f-6878-11e1-865f-00e0814cab4e">
<topic>jenkins -- XSS vulnerability</topic>
<affects>
@@ -76089,72 +73363,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="99aef698-66ed-11e1-8288-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>17.0.963.65</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[105867] High CVE-2011-3031: Use-after-free in v8 element wrapper.
- Credit to Chamal de Silva.</p>
- <p>[108037] High CVE-2011-3032: Use-after-free in SVG value handling.
- Credit to Arthur Gerkis.</p>
- <p>[108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia
- drawing library. Credit to Aki Helin of OUSPG.</p>
- <p>[111748] High CVE-2011-3034: Use-after-free in SVG document
- handling. Credit to Arthur Gerkis.</p>
- <p>[112212] High CVE-2011-3035: Use-after-free in SVG use handling.
- Credit to Arthur Gerkis.</p>
- <p>[113258] High CVE-2011-3036: Bad cast in line box handling. Credit
- to miaubiz.</p>
- <p>[113439] [114924] [115028] High CVE-2011-3037: Bad casts in
- anonymous block splitting. Credit to miaubiz.</p>
- <p>[113497] High CVE-2011-3038: Use-after-free in multi-column
- handling. Credit to miaubiz.</p>
- <p>[113707] High CVE-2011-3039: Use-after-free in quote handling.
- Credit to miaubiz.</p>
- <p>[114054] High CVE-2011-3040: Out-of-bounds read in text handling.
- Credit to miaubiz.</p>
- <p>[114068] High CVE-2011-3041: Use-after-free in class attribute
- handling. Credit to miaubiz.</p>
- <p>[114219] High CVE-2011-3042: Use-after-free in table section
- handling. Credit to miaubiz.</p>
- <p>[115681] High CVE-2011-3043: Use-after-free in flexbox with floats.
- Credit to miaubiz.</p>
- <p>[116093] High CVE-2011-3044: Use-after-free with SVG animation
- elements. Credit to Arthur Gerkis.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3031</cvename>
- <cvename>CVE-2011-3032</cvename>
- <cvename>CVE-2011-3033</cvename>
- <cvename>CVE-2011-3034</cvename>
- <cvename>CVE-2011-3035</cvename>
- <cvename>CVE-2011-3036</cvename>
- <cvename>CVE-2011-3037</cvename>
- <cvename>CVE-2011-3038</cvename>
- <cvename>CVE-2011-3039</cvename>
- <cvename>CVE-2011-3040</cvename>
- <cvename>CVE-2011-3041</cvename>
- <cvename>CVE-2011-3042</cvename>
- <cvename>CVE-2011-3043</cvename>
- <cvename>CVE-2011-3044</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-03-04</discovery>
- <entry>2012-03-05</entry>
- </dates>
- </vuln>
-
<vuln vid="eba70db4-6640-11e1-98af-00262d8b701d">
<topic>dropbear -- arbitrary code execution</topic>
<affects>
@@ -76452,71 +73660,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="2f5ff968-5829-11e1-8288-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>17.0.963.56</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[105803] High CVE-2011-3015: Integer overflows in PDF codecs.
- Credit to Google Chrome Security Team (scarybeasts).</p>
- <p>[106336] Medium CVE-2011-3016: Read-after-free with counter nodes.
- Credit to miaubiz.</p>
- <p>[108695] High CVE-2011-3017: Possible use-after-free in database
- handling. Credit to miaubiz.</p>
- <p>[110172] High CVE-2011-3018: Heap overflow in path rendering.
- Credit to Aki Helin of OUSPG.</p>
- <p>[110849] High CVE-2011-3019: Heap buffer overflow in MKV handling.
- Credit to Google Chrome Security Team (scarybeasts) and Mateusz
- Jurczyk of the Google Security Team.</p>
- <p>[111575] Medium CVE-2011-3020: Native client validator error.
- Credit to Nick Bray of the Chromium development community.</p>
- <p>[111779] High CVE-2011-3021: Use-after-free in subframe loading.
- Credit to Arthur Gerkis.</p>
- <p>[112236] Medium CVE-2011-3022: Inappropriate use of http for
- translation script. Credit to Google Chrome Security Team (Jorge
- Obes).</p>
- <p>[112259] Medium CVE-2011-3023: Use-after-free with drag and drop.
- Credit to pa_kt.</p>
- <p>[112451] Low CVE-2011-3024: Browser crash with empty x509
- certificate. Credit to chrometot.</p>
- <p>[112670] Medium CVE-2011-3025: Out-of-bounds read in h.264
- parsing. Credit to Slawomir Blazek.</p>
- <p>[112822] High CVE-2011-3026: Integer overflow / truncation in
- libpng. Credit to Juri Aedla.</p>
- <p>[112847] Medium CVE-2011-3027: Bad cast in column handling.
- Credit to miaubiz.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3015</cvename>
- <cvename>CVE-2011-3016</cvename>
- <cvename>CVE-2011-3017</cvename>
- <cvename>CVE-2011-3018</cvename>
- <cvename>CVE-2011-3019</cvename>
- <cvename>CVE-2011-3020</cvename>
- <cvename>CVE-2011-3021</cvename>
- <cvename>CVE-2011-3022</cvename>
- <cvename>CVE-2011-3023</cvename>
- <cvename>CVE-2011-3024</cvename>
- <cvename>CVE-2011-3025</cvename>
- <cvename>CVE-2011-3026</cvename>
- <cvename>CVE-2011-3027</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-02-15</discovery>
- <entry>2012-02-15</entry>
- </dates>
- </vuln>
-
<vuln vid="b4f8be9e-56b2-11e1-9fb7-003067b2972c">
<topic>Python -- DoS via malformed XML-RPC / HTTP POST request</topic>
<affects>
@@ -76737,91 +73880,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="fe1976c2-5317-11e1-9e99-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>17.0.963.46</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste
- event. Credit to Daniel Cheng of the Chromium development
- community.</p>
- <p>[92550] Low CVE-2011-3954: Crash with excessive database usage.
- Credit to Collin Payne.</p>
- <p>[93106] High CVE-2011-3955: Crash aborting an IndexDB transaction.
- Credit to David Grogan of the Chromium development community.</p>
- <p>[103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins
- inside extensions. Credit to Devdatta Akhawe, UC Berkeley.</p>
- <p>[104056] High CVE-2011-3957: Use-after-free in PDF garbage
- collection. Credit to Aki Helin of OUSPG.</p>
- <p>[105459] High CVE-2011-3958: Bad casts with column spans. Credit
- to miaubiz.</p>
- <p>[106441] High CVE-2011-3959: Buffer overflow in locale handling.
- Credit to Aki Helin of OUSPG.</p>
- <p>[108416] Medium CVE-2011-3960: Out-of-bounds read in audio
- decoding. Credit to Aki Helin of OUSPG.</p>
- <p>[108871] Critical CVE-2011-3961: Race condition after crash of
- utility process. Credit to Shawn Goertzen.</p>
- <p>[108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping.
- Credit to Aki Helin of OUSPG.</p>
- <p>[109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
- handling. Credit to Atte Kettunen of OUSPG.</p>
- <p>[109245] Low CVE-2011-3964: URL bar confusion after drag + drop.
- Credit to Code Audit Labs of VulnHunt.com.</p>
- <p>[109664] Low CVE-2011-3965: Crash in signature check. Credit to
- Slawomir Blazek.</p>
- <p>[109716] High CVE-2011-3966: Use-after-free in stylesheet error
- handling. Credit to Aki Helin of OUSPG.</p>
- <p>[109717] Low CVE-2011-3967: Crash with unusual certificate. Credit
- to Ben Carrillo.</p>
- <p>[109743] High CVE-2011-3968: Use-after-free in CSS handling.
- Credit to Arthur Gerkis.</p>
- <p>[110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit
- to Arthur Gerkis.</p>
- <p>[110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt.
- Credit to Aki Helin of OUSPG.</p>
- <p>[110374] High CVE-2011-3971: Use-after-free with mousemove events.
- Credit to Arthur Gerkis.</p>
- <p>[110559] Medium CVE-2011-3972: Out-of-bounds read in shader
- translator. Credit to Google Chrome Security Team (Inferno).</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3953</cvename>
- <cvename>CVE-2011-3954</cvename>
- <cvename>CVE-2011-3955</cvename>
- <cvename>CVE-2011-3956</cvename>
- <cvename>CVE-2011-3957</cvename>
- <cvename>CVE-2011-3958</cvename>
- <cvename>CVE-2011-3959</cvename>
- <cvename>CVE-2011-3960</cvename>
- <cvename>CVE-2011-3961</cvename>
- <cvename>CVE-2011-3962</cvename>
- <cvename>CVE-2011-3963</cvename>
- <cvename>CVE-2011-3964</cvename>
- <cvename>CVE-2011-3965</cvename>
- <cvename>CVE-2011-3966</cvename>
- <cvename>CVE-2011-3967</cvename>
- <cvename>CVE-2011-3968</cvename>
- <cvename>CVE-2011-3969</cvename>
- <cvename>CVE-2011-3970</cvename>
- <cvename>CVE-2011-3971</cvename>
- <cvename>CVE-2011-3972</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-02-08</discovery>
- <entry>2012-02-09</entry>
- </dates>
- </vuln>
-
<vuln vid="10720fe8-51e0-11e1-91c1-00215c6a37bb">
<topic>drupal -- multiple vulnerabilities</topic>
<affects>
@@ -77446,42 +74504,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="33d73d59-4677-11e1-88cd-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>16.0.912.77</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[106484] High CVE-2011-3924: Use-after-free in DOM selections.
- Credit to Arthur Gerkis.</p>
- <p>[108461] High CVE-2011-3928: Use-after-free in DOM handling.
- Credit to wushi of team509 reported through ZDI (ZDI-CAN-1415).</p>
- <p>[108605] High CVE-2011-3927: Uninitialized value in Skia. Credit
- to miaubiz.</p>
- <p>[109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
- Credit to Arthur Gerkis.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3924</cvename>
- <cvename>CVE-2011-3926</cvename>
- <cvename>CVE-2011-3927</cvename>
- <cvename>CVE-2011-3928</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2012-01-23</discovery>
- <entry>2012-01-24</entry>
- </dates>
- </vuln>
-
<vuln vid="3ebb2dc8-4609-11e1-9f47-00e0815b8da8">
<topic>Wireshark -- Multiple vulnerabilities</topic>
<affects>
@@ -78061,43 +75083,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="1a1aef8e-3894-11e1-8b5c-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>16.0.912.75</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[106672] High CVE-2011-3921: Use-after-free in animation frames.
- Credit to Boris Zbarsky of Mozilla.<br/>
- [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml.
- Credit to Juri Aedla.<br/>
- [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph
- handling. Credit to Google Chrome Security Team (Cris
- Neckar).</p>
- <p>[107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
- navigation. Credit to Chamal de Silva.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3919</cvename>
- <cvename>CVE-2011-3921</cvename>
- <cvename>CVE-2011-3922</cvename>
- <cvename>CVE-2011-3925</cvename>
- </references>
- <dates>
- <discovery>2012-01-05</discovery>
- <entry>2012-01-06</entry>
- <modified>2012-01-23</modified>
- </dates>
- </vuln>
-
<vuln vid="0c7a3ee2-3654-11e1-b404-20cf30e32f6d">
<topic>bugzilla -- multiple vulnerabilities</topic>
<affects>
@@ -78567,79 +75552,6 @@ executed in your Internet Explorer while displaying the email.</p>
</dates>
</vuln>
- <vuln vid="68ac6266-25c3-11e1-b63a-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>16.0.912.63</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
- <p>[81753] Medium CVE-2011-3903: Out-of-bounds read in regex
- matching. Credit to David Holloway of the Chromium development
- community.<br/>
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to
- Google Chrome Security Team (Inferno).<br/>
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser.
- Credit to Aki Helin of OUSPG.<br/>
- [99016] High CVE-2011-3907: URL bar spoofing with view-source.
- Credit to Mitja Kolsek of ACROS Security.<br/>
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing.
- Credit to Aki Helin of OUSPG.<br/>
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in
- CSS property array. Credit to Google Chrome Security Team
- (scarybeasts) and Chu.<br/>
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video
- frame handling. Credit to Google Chrome Security Team (Cris
- Neckar).<br/>
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to
- Google Chrome Security Team (scarybeasts) and Robert Swiecki of
- the Google Security Team.<br/>
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit
- to Arthur Gerkis.<br/>
- [103921] High CVE-2011-3913: Use-after-free in Range handling.
- Credit to Arthur Gerkis.<br/>
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n
- handling. Credit to Slawomir Blazek.<br/>
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling.
- Credit to Atte Kettunen of OUSPG.<br/>
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
- references. Credit to Atte Kettunen of OUSPG.<br/>
- [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
- Credit to Google Chrome Security Team (Marty Barbella).<br/>
- [107258] High CVE-2011-3904: Use-after-free in bidi handling.
- Credit to Google Chrome Security Team (Inferno) and miaubiz.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2011-3903</cvename>
- <cvename>CVE-2011-3904</cvename>
- <cvename>CVE-2011-3905</cvename>
- <cvename>CVE-2011-3906</cvename>
- <cvename>CVE-2011-3907</cvename>
- <cvename>CVE-2011-3908</cvename>
- <cvename>CVE-2011-3909</cvename>
- <cvename>CVE-2011-3910</cvename>
- <cvename>CVE-2011-3911</cvename>
- <cvename>CVE-2011-3912</cvename>
- <cvename>CVE-2011-3913</cvename>
- <cvename>CVE-2011-3914</cvename>
- <cvename>CVE-2011-3915</cvename>
- <cvename>CVE-2011-3916</cvename>
- <cvename>CVE-2011-3917</cvename>
- <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>
- </references>
- <dates>
- <discovery>2011-12-13</discovery>
- <entry>2011-12-13</entry>
- </dates>
- </vuln>
-
<vuln vid="bbd5f486-24f1-11e1-95bc-080027ef73ec">
<topic>PuTTY -- Password vulnerability</topic>
<affects>
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-12 13:13:44 +0000