ID CVE-2014-7910
Summary Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:google:chrome:39.0.2171.45
    cpe:2.3:a:google:chrome:39.0.2171.45
CVSS
Base: 7.5 (as of 19-11-2014 - 12:23)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description Bash - CGI RCE (MSF) Shellshock Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-2014-7910. We...
    id EDB-ID:34895
    last seen 2016-02-04
    modified 2014-10-06
    published 2014-10-06
    reporter Fady Mohammed Osman
    source https://www.exploit-db.com/download/34895/
    title Bash - CGI RCE MSF Shellshock Exploit
  • description OpenVPN 2.2.29 - ShellShock Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-2014-7910. Remote...
    file exploits/linux/remote/34879.txt
    id EDB-ID:34879
    last seen 2016-02-04
    modified 2014-10-04
    platform linux
    port
    published 2014-10-04
    reporter hobbily plunt
    source https://www.exploit-db.com/download/34879/
    title OpenVPN 2.2.29 - ShellShock Exploit
    type remote
  • description Bash - Environment Variables Code Injection Exploit (ShellShock). CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-20...
    id EDB-ID:34766
    last seen 2016-02-03
    modified 2014-09-25
    published 2014-09-25
    reporter Prakhar Prasad & Subho Halder
    source https://www.exploit-db.com/download/34766/
    title Bash - Environment Variables Code Injection Exploit ShellShock
  • description Kemp Load Master 7.1.16 - Multiple Vulnerabilities. CVE-2014-3659,CVE-2014-3671,CVE-2014-5287,CVE-2014-5288,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-20...
    id EDB-ID:36609
    last seen 2016-02-04
    modified 2015-04-02
    published 2015-04-02
    reporter Roberto Suggi Liverani
    source https://www.exploit-db.com/download/36609/
    title Kemp Load Master 7.1.16 - Multiple Vulnerabilities
  • description IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-71...
    id EDB-ID:34839
    last seen 2016-02-04
    modified 2014-10-01
    published 2014-10-01
    reporter Claudio Viviani
    source https://www.exploit-db.com/download/34839/
    title IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection Exploit
  • description CUPS Filter Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-...
    id EDB-ID:35115
    last seen 2016-02-04
    modified 2014-10-29
    published 2014-10-29
    reporter metasploit
    source https://www.exploit-db.com/download/35115/
    title CUPS Filter Bash Environment Variable Code Injection
  • description GNU bash 4.3.11 Environment Variable dhclient Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-6277,CVE-2014-62771,CVE-2014-6278,CVE-2014-7169,CVE...
    id EDB-ID:34860
    last seen 2016-02-04
    modified 2014-10-02
    published 2014-10-02
    reporter @0x00string
    source https://www.exploit-db.com/download/34860/
    title GNU bash 4.3.11 Environment Variable dhclient Exploit
  • description Pure-FTPd External Authentication Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7...
    id EDB-ID:34862
    last seen 2016-02-04
    modified 2014-10-02
    published 2014-10-02
    reporter metasploit
    source https://www.exploit-db.com/download/34862/
    title Pure-FTPd External Authentication Bash Environment Variable Code Injection
  • description QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,...
    id EDB-ID:36504
    last seen 2016-02-04
    modified 2015-03-26
    published 2015-03-26
    reporter Patrick Pellegrino
    source https://www.exploit-db.com/download/36504/
    title QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection
  • description GNU bash Environment Variable Command Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-2014-...
    id EDB-ID:34765
    last seen 2016-02-03
    modified 2014-09-25
    published 2014-09-25
    reporter Stephane Chazelas
    source https://www.exploit-db.com/download/34765/
    title GNU Bash - Environment Variable Command Injection ShellShock
  • description GNU bash Environment Variable Command Injection (MSF). CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE...
    id EDB-ID:34777
    last seen 2016-02-03
    modified 2014-09-25
    published 2014-09-25
    reporter Shaun Colley
    source https://www.exploit-db.com/download/34777/
    title GNU bash Environment Variable Command Injection MSF
  • description QNAP - Admin Shell via Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-201...
    id EDB-ID:36503
    last seen 2016-02-04
    modified 2015-03-26
    published 2015-03-26
    reporter Patrick Pellegrino
    source https://www.exploit-db.com/download/36503/
    title QNAP - Admin Shell via Bash Environment Variable Code Injection
  • description Postfix SMTP - Shellshock Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-2014-7910. Remote e...
    id EDB-ID:34896
    last seen 2016-02-04
    modified 2014-10-06
    published 2014-10-06
    reporter Phil Blank
    source https://www.exploit-db.com/download/34896/
    title Postfix SMTP - Shellshock Exploit
  • description PHP 5.x Shellshock Exploit (bypass disable_functions). CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE...
    id EDB-ID:35146
    last seen 2016-02-04
    modified 2014-11-03
    published 2014-11-03
    reporter Ryan King (Starfall)
    source https://www.exploit-db.com/download/35146/
    title PHP 5.x Shellshock Exploit bypass disable_functions
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-13 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 79966
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79966
    title GLSA-201412-13 : Chromium: Multiple vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2410-1.NASL
    description A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7904) Multiple use-after-frees were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7907) An integer overflow was discovered in media. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7908) An uninitialized memory read was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2014-7909) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7910). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 79354
    published 2014-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79354
    title Ubuntu 14.04 LTS / 14.10 : oxide-qt vulnerabilities (USN-2410-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_GOOGLE_CHROME_39_0_2171_65.NASL
    description The version of Google Chrome installed on the remote Mac OS X host is a version prior to 39.0.2171.65. It is, therefore, affected by the following vulnerabilities : - A double-free vulnerability exists in the version of Adobe Flash bundled with Chrome which could result in arbitrary code execution. (CVE-2014-0574) - An unspecified address bar spoofing vulnerability exists which could be used to aid in phishing attacks. (CVE-2014-7899) - Multiple use-after-free vulnerabilities exist in pdfium which could result in arbitrary code execution. (CVE-2014-7900, CVE-2014-7902) - Integer overflow vulnerabilities exist in pdfium and the media component which could result in arbitrary code execution. (CVE-2014-7901, CVE-2014-7908) - Buffer overflow vulnerabilities exist in pdfium and Skia which could result in arbitrary code execution. (CVE-2014-7903, CVE-2014-7904) - Use-after-free vulnerabilities exist in Pepper plugins and Blink which could result in arbitrary code execution. (CVE-2014-7906, CVE-2014-7907) - An unspecified uninitialized memory read exists. (CVE-2014-7909) - Multiple unspecified vulnerabilities exist. (CVE-2014-7910)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 79337
    published 2014-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79337
    title Google Chrome < 39.0.2171.65 Multiple Vulnerabilities (Mac OS X)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-764.NASL
    description chromium was updated to version 39.0.2171.65 to fix 13 security issues. These security issues were fixed : - Use-after-free in pepper plugins (CVE-2014-7906). - Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chromebefore 39.0.2171.65, al... (CVE-2014-7903). - Uninitialized memory read in Skia (CVE-2014-7909). - Unspecified security issues (CVE-2014-7910). - Integer overflow in media (CVE-2014-7908). - Integer overflow in the opj_t2_read_packet_data function infxcodec/fx_libopenjpeg/libopenjpeg20/t2.... (CVE-2014-7901). - Use-after-free in blink (CVE-2014-7907). - Address bar spoofing (CVE-2014-7899). - Buffer overflow in Skia (CVE-2014-7904). - Use-after-free vulnerability in the CPDF_Parser (CVE-2014-7900). - Use-after-free vulnerability in PDFium allows DoS (CVE-2014-7902). - Flaw allowing navigation to intents that do not have the BROWSABLE category (CVE-2014-7905). - Double-free in Flash (CVE-2014-0574).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79997
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79997
    title openSUSE Security Update : chromium (openSUSE-SU-2014:1626-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1894.NASL
    description Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Chromium is an open source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2014-7904, CVE-2014-7906, CVE-2014-7907, CVE-2014-7910, CVE-2014-7908, CVE-2014-7909) A flaw was found in the way Chromium parsed certain URL values. A malicious attacker could use this flaw to perform phishing attacks. (CVE-2014-7899) All Chromium users should upgrade to these updated packages, which contain Chromium version 39.0.2171.65, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 79426
    published 2014-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79426
    title RHEL 6 : chromium-browser (RHSA-2014:1894)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_D395E44F6F4F11E4A44400262D5ED8EE.NASL
    description Google Chrome Releases reports : 42 security fixes in this release, including : - [389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey. - [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG. - [413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer. - [414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer. - [414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer. - [418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG. - [421817] High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team. - [423030] High CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team. - [423703] High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou. - [424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team. - [425980] High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl. - [391001] Medium CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz. - CVE-2014-7910: Various fixes from internal audits, fuzzing and other initiatives.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79320
    published 2014-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79320
    title FreeBSD : chromium -- multiple vulnerabilities (d395e44f-6f4f-11e4-a444-00262d5ed8ee)
  • NASL family Windows
    NASL id GOOGLE_CHROME_39_0_2171_65.NASL
    description The version of Google Chrome installed on the remote Windows host is a version prior to 39.0.2171.65. It is, therefore, affected by the following vulnerabilities : - A double-free vulnerability exists in the version of Adobe Flash bundled with Chrome which could result in arbitrary code execution. (CVE-2014-0574) - An unspecified address bar spoofing vulnerability exists which could be used to aid in phishing attacks. (CVE-2014-7899) - Multiple use-after-free vulnerabilities exist in pdfium which could result in arbitrary code execution. (CVE-2014-7900, CVE-2014-7902) - Integer overflow vulnerabilities exist in pdfium and the media component which could result in arbitrary code execution. (CVE-2014-7901, CVE-2014-7908) - Buffer overflow vulnerabilities exist in pdfium and Skia which could result in arbitrary code execution. (CVE-2014-7903, CVE-2014-7904) - Use-after-free vulnerabilities exist in Pepper plugins and Blink which could result in arbitrary code execution. (CVE-2014-7906, CVE-2014-7907) - An unspecified uninitialized memory read exists. (CVE-2014-7909) - Multiple unspecified vulnerabilities exist. (CVE-2014-7910)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 79336
    published 2014-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79336
    title Google Chrome < 39.0.2171.65 Multiple Vulnerabilities
redhat via4
advisories
rhsa
id RHSA-2014:1894
refmap via4
bid 71161
confirm
exploit-db 34879
sectrack 1031241
secunia
  • 60194
  • 62608
xf google-chrome-cve20147910-multiple-unspec(98798)
Last major update 06-01-2017 - 22:00
Published 19-11-2014 - 06:59
Last modified 04-10-2017 - 21:29
Back to Top