Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:7922
[Eng]
Version
9
Class
patch
ALTXid
72040
Language
Russian
Severity
High
Title
Обновление RHSA-2015:0816 : устранение уязвимостей в chromium-browser
Description
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium.
Family
unix
Platform
Red Hat Enterprise Linux 6
Product
chromium-browser
Reference
VENDOR: RHSA-2015:0816
VENDOR: RHSA-2015:0816
Id:
RHSA-2015:0816
Reference:
https://rhn.redhat.com/errata/RHSA-2015-0816.html
CVE: CVE-2015-1235
CVE: CVE-2015-1235
Id:
CVE-2015-1235
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1235
Comment
: The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
RHSA-2015:0816 ()
https://code.google.com/p/chromium/issues/detail?id=456518 ()
DSA-3238 ()
https://src.chromium.org/viewvc/blink?revision=190980&view=revision ()
openSUSE-SU-2015:1887 ()
GLSA-201506-04 ()
1032209 ()
USN-2570-1 ()
openSUSE-SU-2015:0748 ()
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html ()
CVE: CVE-2015-1236
CVE: CVE-2015-1236
Id:
CVE-2015-1236
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1236
Comment
: The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
RHSA-2015:0816 ()
USN-2570-1 ()
https://src.chromium.org/viewvc/blink?revision=189527&view=revision ()
DSA-3238 ()
https://code.google.com/p/chromium/issues/detail?id=313939 ()
openSUSE-SU-2015:1887 ()
GLSA-201506-04 ()
1032209 ()
openSUSE-SU-2015:0748 ()
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html ()
CVE: CVE-2015-1237
CVE: CVE-2015-1237
Id:
CVE-2015-1237
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1237
Comment
: Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages during a detach operation.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
RHSA-2015:0816 ()
USN-2570-1 ()
DSA-3238 ()
https://codereview.chromium.org/1007123003 ()
openSUSE-SU-2015:1887 ()
GLSA-201506-04 ()
1032209 ()
https://code.google.com/p/chromium/issues/detail?id=461191 ()
openSUSE-SU-2015:0748 ()
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html ()
CVE: CVE-2015-1238
CVE: CVE-2015-1238
Id:
CVE-2015-1238
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1238
Comment
: Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
RHSA-2015:0816 ()
USN-2570-1 ()
DSA-3238 ()
openSUSE-SU-2015:1887 ()
GLSA-201506-04 ()
1032209 ()
https://code.google.com/p/chromium/issues/detail?id=445808 ()
openSUSE-SU-2015:0748 ()
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html ()
CVE: CVE-2015-1240
CVE: CVE-2015-1240
Id:
CVE-2015-1240
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1240
Comment
: gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
RHSA-2015:0816 ()
https://codereview.chromium.org/978193003 ()
USN-2570-1 ()
DSA-3238 ()
openSUSE-SU-2015:1887 ()
GLSA-201506-04 ()
1032209 ()
https://code.google.com/p/chromium/issues/detail?id=463599 ()
openSUSE-SU-2015:0748 ()
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html ()
CVE: CVE-2015-1241
CVE: CVE-2015-1241
Id:
CVE-2015-1241
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1241
Comment
: Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
1021 ()
References:
RHSA-2015:0816 ()
https://codereview.chromium.org/660663002 ()
USN-2570-1 ()
https://codereview.chromium.org/717573004 ()
DSA-3238 ()
openSUSE-SU-2015:1887 ()
GLSA-201506-04 ()
1032209 ()
https://codereview.chromium.org/868123002 ()
https://codereview.chromium.org/628763003 ()
openSUSE-SU-2015:0748 ()
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html ()
https://code.google.com/p/chromium/issues/detail?id=418402 ()
CVE: CVE-2015-1242
CVE: CVE-2015-1242
Id:
CVE-2015-1242
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1242
Comment
: The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
RHSA-2015:0816 ()
USN-2570-1 ()
DSA-3238 ()
openSUSE-SU-2015:1887 ()
GLSA-201506-04 ()
https://codereview.chromium.org/1019033004 ()
https://codereview.chromium.org/1000893003 ()
1032209 ()
openSUSE-SU-2015:0748 ()
https://code.google.com/p/chromium/issues/detail?id=460917 ()
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html ()
CVE: CVE-2015-1244
CVE: CVE-2015-1244
Id:
CVE-2015-1244
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1244
Comment
: The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
RHSA-2015:0816 ()
https://code.google.com/p/chromium/issues/detail?id=455215 ()
USN-2570-1 ()
DSA-3238 ()
openSUSE-SU-2015:1887 ()
GLSA-201506-04 ()
1032209 ()
https://chromium.googlesource.com/chromium/src/net/+/2359906c4fdfa9d44b045755d23fe5327c10e010 ()
openSUSE-SU-2015:0748 ()
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html ()
CVE: CVE-2015-1245
CVE: CVE-2015-1245
Id:
CVE-2015-1245
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1245
Comment
: Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium "Open PDF in Reader" button that has an invalid tab association.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
RHSA-2015:0816 ()
DSA-3238 ()
openSUSE-SU-2015:1887 ()
GLSA-201506-04 ()
https://codereview.chromium.org/831283002 ()
1032209 ()
openSUSE-SU-2015:0748 ()
https://code.google.com/p/chromium/issues/detail?id=444957 ()
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html ()
CVE: CVE-2015-1246
CVE: CVE-2015-1246
Id:
CVE-2015-1246
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1246
Comment
: Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
RHSA-2015:0816 ()
https://code.google.com/p/chromium/issues/detail?id=437399 ()
USN-2570-1 ()
DSA-3238 ()
openSUSE-SU-2015:1887 ()
GLSA-201506-04 ()
1032209 ()
openSUSE-SU-2015:0748 ()
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html ()
CVE: CVE-2015-1247
CVE: CVE-2015-1247
Id:
CVE-2015-1247
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1247
Comment
: The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
RHSA-2015:0816 ()
DSA-3238 ()
openSUSE-SU-2015:1887 ()
GLSA-201506-04 ()
1032209 ()
openSUSE-SU-2015:0748 ()
https://codereview.chromium.org/917313004 ()
https://code.google.com/p/chromium/issues/detail?id=429838 ()
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html ()
CVE: CVE-2015-1248
CVE: CVE-2015-1248
Id:
CVE-2015-1248
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1248
Comment
: The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
RHSA-2015:0816 ()
DSA-3238 ()
openSUSE-SU-2015:1887 ()
GLSA-201506-04 ()
1032209 ()
openSUSE-SU-2015:0748 ()
https://code.google.com/p/chromium/issues/detail?id=380663 ()
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html ()
CVE: CVE-2015-1249
CVE: CVE-2015-1249
Id:
CVE-2015-1249
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1249
Comment
: Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
https://code.google.com/p/chromium/issues/detail?id=465586 ()
https://code.google.com/p/chromium/issues/detail?id=444198 ()
https://code.google.com/p/chromium/issues/detail?id=424957 ()
RHSA-2015:0816 ()
https://code.google.com/p/chromium/issues/detail?id=442670 ()
https://code.google.com/p/chromium/issues/detail?id=476786 ()
https://code.google.com/p/chromium/issues/detail?id=436564 ()
https://code.google.com/p/chromium/issues/detail?id=462319 ()
https://code.google.com/p/chromium/issues/detail?id=464594 ()
https://code.google.com/p/chromium/issues/detail?id=451059 ()
https://code.google.com/p/chromium/issues/detail?id=448299 ()
https://code.google.com/p/chromium/issues/detail?id=458776 ()
USN-2570-1 ()
https://code.google.com/p/chromium/issues/detail?id=403665 ()
https://code.google.com/p/chromium/issues/detail?id=400339 ()
https://code.google.com/p/chromium/issues/detail?id=469756 ()
https://code.google.com/p/chromium/issues/detail?id=452794 ()
DSA-3238 ()
https://code.google.com/p/chromium/issues/detail?id=469082 ()
https://code.google.com/p/chromium/issues/detail?id=445305 ()
openSUSE-SU-2015:1887 ()
https://code.google.com/p/chromium/issues/detail?id=389595 ()
https://code.google.com/p/chromium/issues/detail?id=451058 ()
1032209 ()
https://code.google.com/p/chromium/issues/detail?id=439992 ()
https://code.google.com/p/chromium/issues/detail?id=474254 ()
https://code.google.com/p/chromium/issues/detail?id=430533 ()
https://code.google.com/p/chromium/issues/detail?id=460939 ()
openSUSE-SU-2015:0748 ()
https://code.google.com/p/chromium/issues/detail?id=447889 ()
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html ()
https://code.google.com/p/chromium/issues/detail?id=458870 ()
https://code.google.com/p/chromium/issues/detail?id=456636 ()
Content available only for registered users!
ovaldb@altx-soft.com