Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:29117
[Eng]
Version
6
Class
patch
ALTXid
177617
Language
Russian
Severity
NotAvailable
Title
Обновление openSUSE-SU-2014:1626-1 -- обновление безопасности для chromium
Description
chromium was updated to version 39.0.2171.65 to fix 13 security issues
Family
unix
Platform
openSUSE 13.1
openSUSE 13.2
Product
chromium
Reference
VENDOR: openSUSE-SU-2014:1626-1
VENDOR: openSUSE-SU-2014:1626-1
Id:
openSUSE-SU-2014:1626-1
Reference:
https://lists.opensuse.org/opensuse-updates/2014-12/msg00048.html
CVE: CVE-2014-0574
CVE: CVE-2014-0574
Id:
CVE-2014-0574
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0574
Comment
: Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
http://helpx.adobe.com/security/products/flash-player/apsb14-24.html (CONFIRM)
https://code.google.com/p/chromium/issues/detail?id=423703 (CONFIRM)
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html (CONFIRM)
openSUSE-SU-2015:0725 (SUSE)
CVE: CVE-2014-7899
CVE: CVE-2014-7899
Id:
CVE-2014-7899
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7899
Comment
: Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
20 (Improper Input Validation)
References:
1031241 ()
https://code.google.com/p/chromium/issues/detail?id=389734 ()
RHSA-2014:1894 ()
71160 ()
60194 ()
google-chrome-cve20147899-spoofing(98787) ()
https://src.chromium.org/viewvc/chrome?revision=279232&view=revision ()
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html ()
CVE: CVE-2014-7900
CVE: CVE-2014-7900
Id:
CVE-2014-7900
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7900
Comment
: Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
399 (Resource Management Errors)
References:
1031241 ()
https://code.google.com/p/chromium/issues/detail?id=406868 ()
71163 ()
https://pdfium.googlesource.com/pdfium/+/1b04ea3b0fbae3be3ae6b3824c5e0dadc0e73d44 ()
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html ()
google-chrome-cve20147900-code-exec(98788) ()
CVE: CVE-2014-7901
CVE: CVE-2014-7901
Id:
CVE-2014-7901
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7901
Comment
: Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
189 (Numeric Errors)
References:
1031241 ()
google-chrome-cve20147901-overflow(98789) ()
71158 ()
https://pdfium.googlesource.com/pdfium/+/e93d5341d87c54713a9632c8823288fa901a3b78 ()
https://code.google.com/p/chromium/issues/detail?id=413375 ()
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html ()
CVE: CVE-2014-7902
CVE: CVE-2014-7902
Id:
CVE-2014-7902
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7902
Comment
: Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
17 (Code)
References:
1031241 ()
https://code.google.com/p/chromium/issues/detail?id=414504 ()
71165 ()
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html ()
google-chrome-cve20147902-code-exec(98790) ()
CVE: CVE-2014-7903
CVE: CVE-2014-7903
Id:
CVE-2014-7903
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7903
Comment
: Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://code.google.com/p/chromium/issues/detail?id=414525 ()
1031241 ()
https://pdfium.googlesource.com/pdfium/+/4dc95e74e1acc75f4eab08bc771874cd2a9c3a9b ()
google-chrome-cve20147903-bo(98791) ()
71164 ()
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html ()
CVE: CVE-2014-7904
CVE: CVE-2014-7904
Id:
CVE-2014-7904
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7904
Comment
: Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
1031241 ()
RHSA-2014:1894 ()
62608 ()
60194 ()
71166 ()
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html ()
google-chrome-cve20147904-bo(98792) ()
https://code.google.com/p/chromium/issues/detail?id=418161 ()
CVE: CVE-2014-7905
CVE: CVE-2014-7905
Id:
CVE-2014-7905
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7905
Comment
: Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
284 (Improper Access Control)
References:
google-chrome-cve20147905-unspec(98793) ()
1031241 ()
https://code.google.com/p/chromium/issues/detail?id=421817 ()
71162 ()
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html ()
CVE: CVE-2014-7906
CVE: CVE-2014-7906
Id:
CVE-2014-7906
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7906
Comment
: Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
399 (Resource Management Errors)
References:
1031241 ()
https://code.google.com/p/chromium/issues/detail?id=423030 ()
RHSA-2014:1894 ()
60194 ()
https://chromium.googlesource.com/chromium/src/+/3a2cf7d1376ae33054b878232fb38b8fbed29e31 ()
google-chrome-cve20147906-code-exec(98794) ()
71159 ()
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html ()
CVE: CVE-2014-7907
CVE: CVE-2014-7907
Id:
CVE-2014-7907
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7907
Comment
: Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
399 (Resource Management Errors)
References:
google-chrome-cve20147907-code-exec(98795) ()
1031241 ()
RHSA-2014:1894 ()
62608 ()
https://code.google.com/p/chromium/issues/detail?id=424453 ()
60194 ()
https://src.chromium.org/viewvc/blink?revision=184185&view=revision ()
71170 ()
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html ()
CVE: CVE-2014-7908
CVE: CVE-2014-7908
Id:
CVE-2014-7908
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7908
Comment
: Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
189 (Numeric Errors)
References:
1031241 ()
https://chromium.googlesource.com/chromium/src/+/b2006ac87cec58363090e7d5e10d5d9e3bbda9f9 ()
RHSA-2014:1894 ()
62608 ()
https://code.google.com/p/chromium/issues/detail?id=425980 ()
60194 ()
71168 ()
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html ()
google-chrome-cve20147908-overflow(98796) ()
CVE: CVE-2014-7909
CVE: CVE-2014-7909
Id:
CVE-2014-7909
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7909
Comment
: effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
189 (Numeric Errors)
References:
1031241 ()
https://code.google.com/p/chromium/issues/detail?id=391001 ()
RHSA-2014:1894 ()
62608 ()
71167 ()
60194 ()
https://skia.googlesource.com/skia/+/1c577cd3ee331944b9061ee0eec147b211ee563c ()
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html ()
google-chrome-cve20147909-info-disc(98797) ()
CVE: CVE-2014-7910
CVE: CVE-2014-7910
Id:
CVE-2014-7910
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7910
Comment
: Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
https://code.google.com/p/chromium/issues/detail?id=397396 ()
https://code.google.com/p/chromium/issues/detail?id=411165 ()
https://code.google.com/p/chromium/issues/detail?id=409508 ()
1031241 ()
https://code.google.com/p/chromium/issues/detail?id=409454 ()
https://code.google.com/p/chromium/issues/detail?id=391001 ()
https://code.google.com/p/chromium/issues/detail?id=413744 ()
https://code.google.com/p/chromium/issues/detail?id=340387 ()
https://code.google.com/p/chromium/issues/detail?id=421981 ()
71161 ()
https://code.google.com/p/chromium/issues/detail?id=408426 ()
https://code.google.com/p/chromium/issues/detail?id=421720 ()
https://code.google.com/p/chromium/issues/detail?id=423030 ()
RHSA-2014:1894 ()
62608 ()
https://code.google.com/p/chromium/issues/detail?id=421090 ()
https://code.google.com/p/chromium/issues/detail?id=414134 ()
https://code.google.com/p/chromium/issues/detail?id=389451 ()
https://code.google.com/p/chromium/issues/detail?id=417329 ()
https://code.google.com/p/chromium/issues/detail?id=424999 ()
34879 ()
60194 ()
google-chrome-cve20147910-multiple-unspec(98798) ()
https://code.google.com/p/chromium/issues/detail?id=425152 ()
https://code.google.com/p/chromium/issues/detail?id=415407 ()
https://code.google.com/p/chromium/issues/detail?id=411162 ()
https://code.google.com/p/chromium/issues/detail?id=424215 ()
https://code.google.com/p/chromium/issues/detail?id=417210 ()
https://code.google.com/p/chromium/issues/detail?id=337071 ()
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html ()
https://code.google.com/p/chromium/issues/detail?id=433500 ()
https://code.google.com/p/chromium/issues/detail?id=421321 ()
https://code.google.com/p/chromium/issues/detail?id=422482 ()
https://code.google.com/p/chromium/issues/detail?id=411159 ()
https://code.google.com/p/chromium/issues/detail?id=413743 ()
https://code.google.com/p/chromium/issues/detail?id=421504 ()
https://code.google.com/p/chromium/issues/detail?id=425151 ()
https://code.google.com/p/chromium/issues/detail?id=423891 ()
Content available only for registered users!
ovaldb@altx-soft.com