English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.702724
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 2724-1 (chromium-browser - several vulnerabilities)
Zusammenfassung:Several vulnerabilities have been discovered in the Chromium web browser.;;CVE-2013-2853;The HTTPS implementation does not ensure that headers are terminated;by \r\n\r\n (carriage return, newline, carriage return, newline).;;CVE-2013-2867;Chrome does not properly prevent pop-under windows.;;CVE-2013-2868;common/extensions/sync_helper.cc proceeds with sync operations for;NPAPI extensions without checking for a certain plugin permission;setting.;;CVE-2013-2869;Denial of service (out-of-bounds read) via a crafted JPEG2000;image.;;CVE-2013-2870;Use-after-free vulnerability in network sockets.;;CVE-2013-2871;Use-after-free vulnerability in input handling.;;CVE-2013-2873;Use-after-free vulnerability in resource loading.;;CVE-2013-2875;Out-of-bounds read in SVG file handling.;;CVE-2013-2876;Chromium does not properly enforce restrictions on the capture of;screenshots by extensions, which could lead to information;disclosure from previous page visits.;;CVE-2013-2877;Out-of-bounds read in XML file handling.;;CVE-2013-2878;Out-of-bounds read in text handling.;;CVE-2013-2879;The circumstances in which a renderer process can be considered a;trusted process for sign-in and subsequent sync operations were;not properly checked.;;CVE-2013-2880;The Chromium 28 development team found various issues from internal;fuzzing, audits, and other studies.
Beschreibung:Summary:
Several vulnerabilities have been discovered in the Chromium web browser.

CVE-2013-2853
The HTTPS implementation does not ensure that headers are terminated
by \r\n\r\n (carriage return, newline, carriage return, newline).

CVE-2013-2867
Chrome does not properly prevent pop-under windows.

CVE-2013-2868
common/extensions/sync_helper.cc proceeds with sync operations for
NPAPI extensions without checking for a certain plugin permission
setting.

CVE-2013-2869
Denial of service (out-of-bounds read) via a crafted JPEG2000
image.

CVE-2013-2870
Use-after-free vulnerability in network sockets.

CVE-2013-2871
Use-after-free vulnerability in input handling.

CVE-2013-2873
Use-after-free vulnerability in resource loading.

CVE-2013-2875
Out-of-bounds read in SVG file handling.

CVE-2013-2876
Chromium does not properly enforce restrictions on the capture of
screenshots by extensions, which could lead to information
disclosure from previous page visits.

CVE-2013-2877
Out-of-bounds read in XML file handling.

CVE-2013-2878
Out-of-bounds read in text handling.

CVE-2013-2879
The circumstances in which a renderer process can be considered a
trusted process for sign-in and subsequent sync operations were
not properly checked.

CVE-2013-2880
The Chromium 28 development team found various issues from internal
fuzzing, audits, and other studies.

Affected Software/OS:
chromium-browser on Debian Linux

Solution:
For the stable distribution (wheezy), these problems have been fixed in
version 28.0.1500.71-1~
deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 28.0.1500.71-1.

We recommend that you upgrade your chromium-browser packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-2877
BugTraq ID: 61050
http://www.securityfocus.com/bid/61050
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Debian Security Information: DSA-2724 (Google Search)
http://www.debian.org/security/2013/dsa-2724
Debian Security Information: DSA-2779 (Google Search)
http://www.debian.org/security/2013/dsa-2779
http://seclists.org/fulldisclosure/2014/Dec/23
http://secunia.com/advisories/54172
http://secunia.com/advisories/55568
SuSE Security Announcement: SUSE-SU-2013:1627 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
SuSE Security Announcement: openSUSE-SU-2013:1221 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-07/msg00063.html
SuSE Security Announcement: openSUSE-SU-2013:1246 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-07/msg00077.html
http://www.ubuntu.com/usn/USN-1904-1
http://www.ubuntu.com/usn/USN-1904-2
Common Vulnerability Exposure (CVE) ID: CVE-2013-2871
http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17275
Common Vulnerability Exposure (CVE) ID: CVE-2013-2853
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17033
Common Vulnerability Exposure (CVE) ID: CVE-2013-2876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17350
Common Vulnerability Exposure (CVE) ID: CVE-2013-2867
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17216
Common Vulnerability Exposure (CVE) ID: CVE-2013-2875
http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17227
Common Vulnerability Exposure (CVE) ID: CVE-2013-2870
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16723
Common Vulnerability Exposure (CVE) ID: CVE-2013-2868
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17347
Common Vulnerability Exposure (CVE) ID: CVE-2013-2879
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17177
Common Vulnerability Exposure (CVE) ID: CVE-2013-2878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17318
Common Vulnerability Exposure (CVE) ID: CVE-2013-2880
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17281
Common Vulnerability Exposure (CVE) ID: CVE-2013-2869
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17278
Common Vulnerability Exposure (CVE) ID: CVE-2013-2873
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17371
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.