var-201403-0284
Vulnerability from variot
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of directories. The issue lies in the failure to fully check for directory traversal attempts. An attacker can leverage this vulnerability to execute code under the context of the broker process. Google Chrome is prone to a directory-traversal vulnerability. Attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. Versions prior Chrome 33.0.1750.152 for Mac and Linux and 33.0.1750.154 for Windows are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-2883-1 security@debian.org http://www.debian.org/security/ Michael Gilbert March 23, 2014 http://www.debian.org/security/faq
Package : chromium-browser CVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660 CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665 CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700 CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704 CVE-2014-1705 CVE-2014-1713 CVE-2014-1715
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2013-6653
Khalil Zhani discovered a use-after-free issue in chromium's web
contents color chooser.
CVE-2013-6654
TheShow3511 discovered an issue in SVG handling.
CVE-2013-6655
cloudfuzzer discovered a use-after-free issue in dom event handling.
CVE-2013-6656
NeexEmil discovered an information leak in the XSS auditor.
CVE-2013-6657
NeexEmil discovered a way to bypass the Same Origin policy in the
XSS auditor.
CVE-2013-6658
cloudfuzzer discovered multiple use-after-free issues surrounding
the updateWidgetPositions function.
CVE-2013-6659
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that
it was possible to trigger an unexpected certificate chain during
TLS renegotiation.
CVE-2013-6660
bishopjeffreys discovered an information leak in the drag and drop
implementation.
CVE-2013-6661
The Google Chrome team discovered and fixed multiple issues in
version 33.0.1750.117.
CVE-2013-6663
Atte Kettunen discovered a use-after-free issue in SVG handling.
CVE-2013-6664
Khalil Zhani discovered a use-after-free issue in the speech
recognition feature.
CVE-2013-6665
cloudfuzzer discovered a buffer overflow issue in the software
renderer.
CVE-2013-6666
netfuzzer discovered a restriction bypass in the Pepper Flash
plugin.
CVE-2013-6667
The Google Chrome team discovered and fixed multiple issues in
version 33.0.1750.146.
CVE-2013-6668
Multiple vulnerabilities were fixed in version 3.24.35.10 of
the V8 javascript library.
CVE-2014-1700
Chamal de Silva discovered a use-after-free issue in speech
synthesis.
CVE-2014-1701
aidanhs discovered a cross-site scripting issue in event handling.
CVE-2014-1702
Colin Payne discovered a use-after-free issue in the web database
implementation.
CVE-2014-1703
VUPEN discovered a use-after-free issue in web sockets that
could lead to a sandbox escape.
CVE-2014-1704
Multiple vulnerabilities were fixed in version 3.23.17.18 of
the V8 javascript library.
CVE-2014-1705
A memory corruption issue was discovered in the V8 javascript
library.
CVE-2014-1713
A use-after-free issue was discovered in the AttributeSetter
function.
For the stable distribution (wheezy), these problems have been fixed in version 33.0.1750.152-1~deb7u1.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 33.0.1750.152-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQQcBAEBCgAGBQJTL4L5AAoJELjWss0C1vRzmmkf/3IwJbpRQ+HKdWFLjEqap7hN o5p82LhmXthyNNBTfOoylxN03hBPfwvNC6zYZ9wMp0qBJJKvPVvswg3FdpvHMiUS 4N96l0rDyf8HRrd7goQnsagn2RrqDROHHEFsFdwuiC6pB3rLEKN8lPAmpo6VZHkH LQ5zO0uI/fi3q8Ad2VCeG8O6kdcHUmmvFuB49Sl3YFKpfIVLv5XVaMJBlKSbt62T pbs4/iB4gYTwSeFuN20z17mAchFj31hxuT/UlCD6tn0cIkN9DpL2TDkxG3boVLne FgDkgSIqV8Zy2mCK3fz7M4INHlyeIh/xiBK+k+VECaVlznUqctCTlQFXXotf19ch V19rjXMyXMIwe8nVR0C7PoQT225aH9QYBem/S2v6D0hQjpLcDIoZbHvB9zw/7g/o Y8wUhiBsgLTOqy3tsKt1aVGGbElMjBCTqAJ+/SzJZNtZEwNXGkTz2k3EwdarHsaG ea2f1xhiJJaVdXXALGjQwWoKWFEN56WhX749DsFC1jD3F2CTHSI9BN38voMUm1wq RcoXfc56OR9S+7f+5rDQQ3c2zeDCFgo7Ue3E4/9ZP2IvBdc8qhsZCViZVCE1nCz4 e/NzbauOyLOI1IB4IJkctiRyszvGD30TZYSx8JX6YY6T58HH7HbgLSEEGaLj/dcG Fx4GQHnufVaBPrbpdrXQRqcUwJh2rJO7DM0BsxVKbgNCKQNI65FTNpWn/P7rJ/72 i7VsTUzDT3pcScJ1oqM+egvpEqKnbsPO97+iuzeD5UhJK3s5H23ErGHzwV2ZcHnD cdc6VwHHCo0gJQ+EA9D/W8/S9MdJscetOb4AzafGUnCq5kGjcs5wFnNh2CWgxNHc /JJA027nMSRwUnW4kkcJAMiOfTPmNLN0QDy1wok6fJUuOtCP6/I5ptR87gDyX3FW 0JBxbZ6sZigXsIcMNaGJoPxd454dCAFAlLbehm+7i7d9U9Yb3c5o2F81WT4Qx0bu XdKw5xhFz9OL5TA66GQ2Cr5aaKfrHqW1SzeiOeDJPqJ0ZbPHlIY0c+XJRRKepV22 lBbZzHVMOzv0jkhQjZV4ulf9Rv7xlcSmq2JF7TdjejoS7YrbU8+qg9h9LZ38XDtI Ar/w05YNpZRVtT4XP2v7eYw/vJ7c+6dLwqSqGFVe4VOjkazbM15tB6QoDVjmr1y+ Ti/cfFsQAH45joi3v7HXWTXu4NVPN1oQypur/MBO1EvtigbBwxmRdn95mx6zotfY voLocT7KLWwPTklh5wtUZ6/DGWv0dXcb7tcbNeEo4e9lhrAP0694huGkJprW5Z09 yItPaD9PNnHySK3FWvz91MpIVqAIlU+7HFuvs7N7Y/RTsQx9bFEjUrn1epeGNL0= =tb+u -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-16
http://security.gentoo.org/
Severity: Normal Title: Chromium: Multiple vulnerabilities Date: August 30, 2014 Bugs: #504328, #504890, #507212, #508788, #510288, #510904, #512944, #517304, #519788, #521276 ID: 201408-16
Synopsis
Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code.
Background
Chromium is an open-source web browser project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 37.0.2062.94 >= 37.0.2062.94
Description
Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94"
References
[ 1 ] CVE-2014-1741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741 [ 2 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 3 ] CVE-2014-1700 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700 [ 4 ] CVE-2014-1701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701 [ 5 ] CVE-2014-1702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702 [ 6 ] CVE-2014-1703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703 [ 7 ] CVE-2014-1704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704 [ 8 ] CVE-2014-1705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705 [ 9 ] CVE-2014-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713 [ 10 ] CVE-2014-1714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714 [ 11 ] CVE-2014-1715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715 [ 12 ] CVE-2014-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716 [ 13 ] CVE-2014-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717 [ 14 ] CVE-2014-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718 [ 15 ] CVE-2014-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719 [ 16 ] CVE-2014-1720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720 [ 17 ] CVE-2014-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721 [ 18 ] CVE-2014-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722 [ 19 ] CVE-2014-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723 [ 20 ] CVE-2014-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724 [ 21 ] CVE-2014-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725 [ 22 ] CVE-2014-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726 [ 23 ] CVE-2014-1727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727 [ 24 ] CVE-2014-1728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728 [ 25 ] CVE-2014-1729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729 [ 26 ] CVE-2014-1730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730 [ 27 ] CVE-2014-1731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731 [ 28 ] CVE-2014-1732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732 [ 29 ] CVE-2014-1733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733 [ 30 ] CVE-2014-1734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734 [ 31 ] CVE-2014-1735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735 [ 32 ] CVE-2014-1740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740 [ 33 ] CVE-2014-1742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742 [ 34 ] CVE-2014-1743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743 [ 35 ] CVE-2014-1744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744 [ 36 ] CVE-2014-1745 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745 [ 37 ] CVE-2014-1746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746 [ 38 ] CVE-2014-1747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747 [ 39 ] CVE-2014-1748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748 [ 40 ] CVE-2014-1749 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749 [ 41 ] CVE-2014-3154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154 [ 42 ] CVE-2014-3155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155 [ 43 ] CVE-2014-3156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156 [ 44 ] CVE-2014-3157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157 [ 45 ] CVE-2014-3160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160 [ 46 ] CVE-2014-3162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162 [ 47 ] CVE-2014-3165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165 [ 48 ] CVE-2014-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166 [ 49 ] CVE-2014-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167 [ 50 ] CVE-2014-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168 [ 51 ] CVE-2014-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169 [ 52 ] CVE-2014-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170 [ 53 ] CVE-2014-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171 [ 54 ] CVE-2014-3172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172 [ 55 ] CVE-2014-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173 [ 56 ] CVE-2014-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174 [ 57 ] CVE-2014-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175 [ 58 ] CVE-2014-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176 [ 59 ] CVE-2014-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201408-16.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0284",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "chrome",
"scope": "lt",
"trust": 1.0,
"vendor": "google",
"version": "33.0.1750.152"
},
{
"model": "chrome",
"scope": "lt",
"trust": 1.0,
"vendor": "google",
"version": "33.0.1750.154"
},
{
"model": "chrome",
"scope": "lt",
"trust": 0.8,
"vendor": "google",
"version": "33.0.1750.152 (mac and linux)"
},
{
"model": "chrome",
"scope": "lt",
"trust": 0.8,
"vendor": "google",
"version": "33.0.1750.154 (windows)"
},
{
"model": "chrome",
"scope": null,
"trust": 0.7,
"vendor": "google",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "33.0.1750.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "33.0.1750.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "33.0.1750.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "33.0.1750.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "33.0.1750.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "33.0.1750.58"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "33.0.1750.69"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "33.0.1750.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "33.0.1750.67"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "33.0.1750.70"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-089"
},
{
"db": "BID",
"id": "66249"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001698"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-322"
},
{
"db": "NVD",
"id": "CVE-2014-1715"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001698"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-089"
},
{
"db": "BID",
"id": "66249"
}
],
"trust": 1.0
},
"cve": "CVE-2014-1715",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-1715",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1715",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-69654",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1715",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-1715",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2014-1715",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-322",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69654",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-1715",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-089"
},
{
"db": "VULHUB",
"id": "VHN-69654"
},
{
"db": "VULMON",
"id": "CVE-2014-1715"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001698"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-322"
},
{
"db": "NVD",
"id": "CVE-2014-1715"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of directories. The issue lies in the failure to fully check for directory traversal attempts. An attacker can leverage this vulnerability to execute code under the context of the broker process. Google Chrome is prone to a directory-traversal vulnerability. \nAttackers can exploit this issue to obtain sensitive information. This may aid in further attacks. \nVersions prior Chrome 33.0.1750.152 for Mac and Linux and 33.0.1750.154 for Windows are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2883-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMarch 23, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 \n CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660\n CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665\n CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700\n CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704\n CVE-2014-1705 CVE-2014-1713 CVE-2014-1715\n\nSeveral vulnerabilities have been discovered in the chromium web browser. \n\nCVE-2013-6653\n\n Khalil Zhani discovered a use-after-free issue in chromium\u0027s web\n contents color chooser. \n\nCVE-2013-6654\n\n TheShow3511 discovered an issue in SVG handling. \n\nCVE-2013-6655\n\n cloudfuzzer discovered a use-after-free issue in dom event handling. \n\nCVE-2013-6656\n\n NeexEmil discovered an information leak in the XSS auditor. \n\nCVE-2013-6657\n\n NeexEmil discovered a way to bypass the Same Origin policy in the\n XSS auditor. \n\nCVE-2013-6658\n\n cloudfuzzer discovered multiple use-after-free issues surrounding\n the updateWidgetPositions function. \n\nCVE-2013-6659\n\n Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\n it was possible to trigger an unexpected certificate chain during\n TLS renegotiation. \n\nCVE-2013-6660\n\n bishopjeffreys discovered an information leak in the drag and drop\n implementation. \n\nCVE-2013-6661\n\n The Google Chrome team discovered and fixed multiple issues in\n version 33.0.1750.117. \n\nCVE-2013-6663\n\n Atte Kettunen discovered a use-after-free issue in SVG handling. \n\nCVE-2013-6664\n\n Khalil Zhani discovered a use-after-free issue in the speech\n recognition feature. \n\nCVE-2013-6665\n\n cloudfuzzer discovered a buffer overflow issue in the software\n renderer. \n\nCVE-2013-6666\n\n netfuzzer discovered a restriction bypass in the Pepper Flash\n plugin. \n\nCVE-2013-6667\n\n The Google Chrome team discovered and fixed multiple issues in\n version 33.0.1750.146. \n\nCVE-2013-6668\n\n Multiple vulnerabilities were fixed in version 3.24.35.10 of\n the V8 javascript library. \n\nCVE-2014-1700\n\n Chamal de Silva discovered a use-after-free issue in speech\n synthesis. \n\nCVE-2014-1701\n\n aidanhs discovered a cross-site scripting issue in event handling. \n\nCVE-2014-1702\n\n Colin Payne discovered a use-after-free issue in the web database\n implementation. \n\nCVE-2014-1703\n\n VUPEN discovered a use-after-free issue in web sockets that\n could lead to a sandbox escape. \n\nCVE-2014-1704\n\n Multiple vulnerabilities were fixed in version 3.23.17.18 of\n the V8 javascript library. \n\nCVE-2014-1705\n\n A memory corruption issue was discovered in the V8 javascript\n library. \n\nCVE-2014-1713\n\n A use-after-free issue was discovered in the AttributeSetter\n function. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 33.0.1750.152-1~deb7u1. \n\nFor the testing distribution (jessie), these problems will be fixed soon. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 33.0.1750.152-1. \n\nWe recommend that you upgrade your chromium-browser packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQQcBAEBCgAGBQJTL4L5AAoJELjWss0C1vRzmmkf/3IwJbpRQ+HKdWFLjEqap7hN\no5p82LhmXthyNNBTfOoylxN03hBPfwvNC6zYZ9wMp0qBJJKvPVvswg3FdpvHMiUS\n4N96l0rDyf8HRrd7goQnsagn2RrqDROHHEFsFdwuiC6pB3rLEKN8lPAmpo6VZHkH\nLQ5zO0uI/fi3q8Ad2VCeG8O6kdcHUmmvFuB49Sl3YFKpfIVLv5XVaMJBlKSbt62T\npbs4/iB4gYTwSeFuN20z17mAchFj31hxuT/UlCD6tn0cIkN9DpL2TDkxG3boVLne\nFgDkgSIqV8Zy2mCK3fz7M4INHlyeIh/xiBK+k+VECaVlznUqctCTlQFXXotf19ch\nV19rjXMyXMIwe8nVR0C7PoQT225aH9QYBem/S2v6D0hQjpLcDIoZbHvB9zw/7g/o\nY8wUhiBsgLTOqy3tsKt1aVGGbElMjBCTqAJ+/SzJZNtZEwNXGkTz2k3EwdarHsaG\nea2f1xhiJJaVdXXALGjQwWoKWFEN56WhX749DsFC1jD3F2CTHSI9BN38voMUm1wq\nRcoXfc56OR9S+7f+5rDQQ3c2zeDCFgo7Ue3E4/9ZP2IvBdc8qhsZCViZVCE1nCz4\ne/NzbauOyLOI1IB4IJkctiRyszvGD30TZYSx8JX6YY6T58HH7HbgLSEEGaLj/dcG\nFx4GQHnufVaBPrbpdrXQRqcUwJh2rJO7DM0BsxVKbgNCKQNI65FTNpWn/P7rJ/72\ni7VsTUzDT3pcScJ1oqM+egvpEqKnbsPO97+iuzeD5UhJK3s5H23ErGHzwV2ZcHnD\ncdc6VwHHCo0gJQ+EA9D/W8/S9MdJscetOb4AzafGUnCq5kGjcs5wFnNh2CWgxNHc\n/JJA027nMSRwUnW4kkcJAMiOfTPmNLN0QDy1wok6fJUuOtCP6/I5ptR87gDyX3FW\n0JBxbZ6sZigXsIcMNaGJoPxd454dCAFAlLbehm+7i7d9U9Yb3c5o2F81WT4Qx0bu\nXdKw5xhFz9OL5TA66GQ2Cr5aaKfrHqW1SzeiOeDJPqJ0ZbPHlIY0c+XJRRKepV22\nlBbZzHVMOzv0jkhQjZV4ulf9Rv7xlcSmq2JF7TdjejoS7YrbU8+qg9h9LZ38XDtI\nAr/w05YNpZRVtT4XP2v7eYw/vJ7c+6dLwqSqGFVe4VOjkazbM15tB6QoDVjmr1y+\nTi/cfFsQAH45joi3v7HXWTXu4NVPN1oQypur/MBO1EvtigbBwxmRdn95mx6zotfY\nvoLocT7KLWwPTklh5wtUZ6/DGWv0dXcb7tcbNeEo4e9lhrAP0694huGkJprW5Z09\nyItPaD9PNnHySK3FWvz91MpIVqAIlU+7HFuvs7N7Y/RTsQx9bFEjUrn1epeGNL0=\n=tb+u\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201408-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Chromium: Multiple vulnerabilities\n Date: August 30, 2014\n Bugs: #504328, #504890, #507212, #508788, #510288, #510904,\n #512944, #517304, #519788, #521276\n ID: 201408-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Chromium, the worst of\nwhich can allow remote attackers to execute arbitrary code. \n\nBackground\n==========\n\nChromium is an open-source web browser project. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/chromium \u003c 37.0.2062.94 \u003e= 37.0.2062.94\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Chromium. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could conduct a number of attacks which include:\ncross site scripting attacks, bypassing of sandbox protection,\npotential execution of arbitrary code with the privileges of the\nprocess, or cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-client/chromium-37.0.2062.94\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-1741\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741\n[ 2 ] CVE-2014-0538\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538\n[ 3 ] CVE-2014-1700\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700\n[ 4 ] CVE-2014-1701\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701\n[ 5 ] CVE-2014-1702\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702\n[ 6 ] CVE-2014-1703\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703\n[ 7 ] CVE-2014-1704\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704\n[ 8 ] CVE-2014-1705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705\n[ 9 ] CVE-2014-1713\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713\n[ 10 ] CVE-2014-1714\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714\n[ 11 ] CVE-2014-1715\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715\n[ 12 ] CVE-2014-1716\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716\n[ 13 ] CVE-2014-1717\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717\n[ 14 ] CVE-2014-1718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718\n[ 15 ] CVE-2014-1719\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719\n[ 16 ] CVE-2014-1720\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720\n[ 17 ] CVE-2014-1721\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721\n[ 18 ] CVE-2014-1722\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722\n[ 19 ] CVE-2014-1723\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723\n[ 20 ] CVE-2014-1724\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724\n[ 21 ] CVE-2014-1725\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725\n[ 22 ] CVE-2014-1726\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726\n[ 23 ] CVE-2014-1727\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727\n[ 24 ] CVE-2014-1728\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728\n[ 25 ] CVE-2014-1729\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729\n[ 26 ] CVE-2014-1730\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730\n[ 27 ] CVE-2014-1731\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731\n[ 28 ] CVE-2014-1732\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732\n[ 29 ] CVE-2014-1733\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733\n[ 30 ] CVE-2014-1734\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734\n[ 31 ] CVE-2014-1735\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735\n[ 32 ] CVE-2014-1740\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740\n[ 33 ] CVE-2014-1742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742\n[ 34 ] CVE-2014-1743\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743\n[ 35 ] CVE-2014-1744\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744\n[ 36 ] CVE-2014-1745\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745\n[ 37 ] CVE-2014-1746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746\n[ 38 ] CVE-2014-1747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747\n[ 39 ] CVE-2014-1748\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748\n[ 40 ] CVE-2014-1749\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749\n[ 41 ] CVE-2014-3154\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154\n[ 42 ] CVE-2014-3155\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155\n[ 43 ] CVE-2014-3156\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156\n[ 44 ] CVE-2014-3157\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157\n[ 45 ] CVE-2014-3160\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160\n[ 46 ] CVE-2014-3162\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162\n[ 47 ] CVE-2014-3165\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165\n[ 48 ] CVE-2014-3166\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166\n[ 49 ] CVE-2014-3167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167\n[ 50 ] CVE-2014-3168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168\n[ 51 ] CVE-2014-3169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169\n[ 52 ] CVE-2014-3170\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170\n[ 53 ] CVE-2014-3171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171\n[ 54 ] CVE-2014-3172\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172\n[ 55 ] CVE-2014-3173\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173\n[ 56 ] CVE-2014-3174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174\n[ 57 ] CVE-2014-3175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175\n[ 58 ] CVE-2014-3176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176\n[ 59 ] CVE-2014-3177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201408-16.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1715"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001698"
},
{
"db": "ZDI",
"id": "ZDI-14-089"
},
{
"db": "BID",
"id": "66249"
},
{
"db": "VULHUB",
"id": "VHN-69654"
},
{
"db": "VULMON",
"id": "CVE-2014-1715"
},
{
"db": "PACKETSTORM",
"id": "125838"
},
{
"db": "PACKETSTORM",
"id": "128057"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1715",
"trust": 3.8
},
{
"db": "BID",
"id": "66249",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001698",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2234",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-089",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201403-322",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-61866",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-69654",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-1715",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125838",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128057",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-089"
},
{
"db": "VULHUB",
"id": "VHN-69654"
},
{
"db": "VULMON",
"id": "CVE-2014-1715"
},
{
"db": "BID",
"id": "66249"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001698"
},
{
"db": "PACKETSTORM",
"id": "125838"
},
{
"db": "PACKETSTORM",
"id": "128057"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-322"
},
{
"db": "NVD",
"id": "CVE-2014-1715"
}
]
},
"id": "VAR-201403-0284",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69654"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:32:04.737000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Stable Channel Update",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/2014/03/stable-channel-update_14.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja\u0026hl=ja"
},
{
"title": "Google has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html"
},
{
"title": "ChromeSetup-33.0.1750.154",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48700"
},
{
"title": "googlechrome-33.0.1750.152",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48698"
},
{
"title": "google-chrome-33.0.1750.152-stable_current_amd64",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48699"
},
{
"title": "Debian Security Advisories: DSA-2883-1 chromium-browser -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9c109eed37c9497800dcb12315ac97c6"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2014-1715 "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-089"
},
{
"db": "VULMON",
"id": "CVE-2014-1715"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001698"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-322"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69654"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001698"
},
{
"db": "NVD",
"id": "CVE-2014-1715"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html"
},
{
"trust": 1.9,
"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/66249"
},
{
"trust": 1.8,
"url": "https://code.google.com/p/chromium/issues/detail?id=352429"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2014/dsa-2883"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1715"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1715"
},
{
"trust": 0.3,
"url": "http://www.google.com/chrome"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1701"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1704"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1715"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1702"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1700"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1713"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1705"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1703"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2014-1715"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6653"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6660"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6657"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6655"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6667"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6664"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6654"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6668"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6666"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1728"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1700"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3157"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3167"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1716"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0538"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1740"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3173"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1705"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3165"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1717"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3171"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1730"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3175"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1749"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3156"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1731"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1726"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1724"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1741"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1716"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1723"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1714"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1713"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1725"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3169"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1701"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1745"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1722"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1748"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1702"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1730"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1725"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1717"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1742"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3174"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0538"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1732"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1727"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3170"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1733"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1743"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1718"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3155"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1735"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1728"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1747"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1721"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1726"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3172"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3176"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1732"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1723"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1718"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3160"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1714"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1731"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1719"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3154"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3162"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1724"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1729"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1744"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1703"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-089"
},
{
"db": "VULHUB",
"id": "VHN-69654"
},
{
"db": "VULMON",
"id": "CVE-2014-1715"
},
{
"db": "BID",
"id": "66249"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001698"
},
{
"db": "PACKETSTORM",
"id": "125838"
},
{
"db": "PACKETSTORM",
"id": "128057"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-322"
},
{
"db": "NVD",
"id": "CVE-2014-1715"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-14-089"
},
{
"db": "VULHUB",
"id": "VHN-69654"
},
{
"db": "VULMON",
"id": "CVE-2014-1715"
},
{
"db": "BID",
"id": "66249"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001698"
},
{
"db": "PACKETSTORM",
"id": "125838"
},
{
"db": "PACKETSTORM",
"id": "128057"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-322"
},
{
"db": "NVD",
"id": "CVE-2014-1715"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-14-089"
},
{
"date": "2014-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-69654"
},
{
"date": "2014-03-16T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1715"
},
{
"date": "2014-03-14T00:00:00",
"db": "BID",
"id": "66249"
},
{
"date": "2014-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001698"
},
{
"date": "2014-03-24T18:22:00",
"db": "PACKETSTORM",
"id": "125838"
},
{
"date": "2014-09-02T06:19:45",
"db": "PACKETSTORM",
"id": "128057"
},
{
"date": "2014-03-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-322"
},
{
"date": "2014-03-16T14:06:45.677000",
"db": "NVD",
"id": "CVE-2014-1715"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-14-089"
},
{
"date": "2017-01-07T00:00:00",
"db": "VULHUB",
"id": "VHN-69654"
},
{
"date": "2022-11-10T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1715"
},
{
"date": "2014-09-01T08:57:00",
"db": "BID",
"id": "66249"
},
{
"date": "2014-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001698"
},
{
"date": "2022-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-322"
},
{
"date": "2024-11-21T02:04:53.137000",
"db": "NVD",
"id": "CVE-2014-1715"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "128057"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-322"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural OS Run on Google Chrome Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001698"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-322"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.