Vulnerabilities > CVE-2014-7910 - Unspecified vulnerability in Google Chrome
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Vulnerable Configurations
Exploit-Db
description QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,... id EDB-ID:36504 last seen 2016-02-04 modified 2015-03-26 published 2015-03-26 reporter Patrick Pellegrino source https://www.exploit-db.com/download/36504/ title QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection description IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-71... id EDB-ID:34839 last seen 2016-02-04 modified 2014-10-01 published 2014-10-01 reporter Claudio Viviani source https://www.exploit-db.com/download/34839/ title IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection Exploit description Kemp Load Master 7.1.16 - Multiple Vulnerabilities. CVE-2014-3659,CVE-2014-3671,CVE-2014-5287,CVE-2014-5288,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-20... id EDB-ID:36609 last seen 2016-02-04 modified 2015-04-02 published 2015-04-02 reporter Roberto Suggi Liverani source https://www.exploit-db.com/download/36609/ title Kemp Load Master 7.1.16 - Multiple Vulnerabilities description GNU bash Environment Variable Command Injection (MSF). CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE... id EDB-ID:34777 last seen 2016-02-03 modified 2014-09-25 published 2014-09-25 reporter Shaun Colley source https://www.exploit-db.com/download/34777/ title GNU bash Environment Variable Command Injection MSF description Pure-FTPd External Authentication Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7... id EDB-ID:34862 last seen 2016-02-04 modified 2014-10-02 published 2014-10-02 reporter metasploit source https://www.exploit-db.com/download/34862/ title Pure-FTPd External Authentication Bash Environment Variable Code Injection description PHP 5.x Shellshock Exploit (bypass disable_functions). CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE... id EDB-ID:35146 last seen 2016-02-04 modified 2014-11-03 published 2014-11-03 reporter Ryan King (Starfall) source https://www.exploit-db.com/download/35146/ title PHP 5.x Shellshock Exploit bypass disable_functions description Bash - CGI RCE (MSF) Shellshock Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-2014-7910. We... id EDB-ID:34895 last seen 2016-02-04 modified 2014-10-06 published 2014-10-06 reporter Fady Mohammed Osman source https://www.exploit-db.com/download/34895/ title Bash - CGI RCE MSF Shellshock Exploit description Postfix SMTP - Shellshock Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-2014-7910. Remote e... id EDB-ID:34896 last seen 2016-02-04 modified 2014-10-06 published 2014-10-06 reporter Phil Blank source https://www.exploit-db.com/download/34896/ title Postfix SMTP - Shellshock Exploit description QNAP - Admin Shell via Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-201... id EDB-ID:36503 last seen 2016-02-04 modified 2015-03-26 published 2015-03-26 reporter Patrick Pellegrino source https://www.exploit-db.com/download/36503/ title QNAP - Admin Shell via Bash Environment Variable Code Injection description GNU bash Environment Variable Command Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-2014-... id EDB-ID:34765 last seen 2016-02-03 modified 2014-09-25 published 2014-09-25 reporter Stephane Chazelas source https://www.exploit-db.com/download/34765/ title GNU Bash - Environment Variable Command Injection ShellShock description OpenVPN 2.2.29 - ShellShock Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-2014-7910. Remote... file exploits/linux/remote/34879.txt id EDB-ID:34879 last seen 2016-02-04 modified 2014-10-04 platform linux port published 2014-10-04 reporter hobbily plunt source https://www.exploit-db.com/download/34879/ title OpenVPN 2.2.29 - ShellShock Exploit type remote description Bash - Environment Variables Code Injection Exploit (ShellShock). CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-20... id EDB-ID:34766 last seen 2016-02-03 modified 2014-09-25 published 2014-09-25 reporter Prakhar Prasad & Subho Halder source https://www.exploit-db.com/download/34766/ title Bash - Environment Variables Code Injection Exploit ShellShock description CUPS Filter Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-... id EDB-ID:35115 last seen 2016-02-04 modified 2014-10-29 published 2014-10-29 reporter metasploit source https://www.exploit-db.com/download/35115/ title CUPS Filter Bash Environment Variable Code Injection description GNU bash 4.3.11 Environment Variable dhclient Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-6277,CVE-2014-62771,CVE-2014-6278,CVE-2014-7169,CVE... id EDB-ID:34860 last seen 2016-02-04 modified 2014-10-02 published 2014-10-02 reporter @0x00string source https://www.exploit-db.com/download/34860/ title GNU bash 4.3.11 Environment Variable dhclient Exploit
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D395E44F6F4F11E4A44400262D5ED8EE.NASL description Google Chrome Releases reports : 42 security fixes in this release, including : - [389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey. - [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG. - [413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer. - [414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer. - [414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer. - [418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG. - [421817] High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team. - [423030] High CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team. - [423703] High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou. - [424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team. - [425980] High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl. - [391001] Medium CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz. - CVE-2014-7910: Various fixes from internal audits, fuzzing and other initiatives. last seen 2020-06-01 modified 2020-06-02 plugin id 79320 published 2014-11-19 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79320 title FreeBSD : chromium -- multiple vulnerabilities (d395e44f-6f4f-11e4-a444-00262d5ed8ee) NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_39_0_2171_65.NASL description The version of Google Chrome installed on the remote Mac OS X host is a version prior to 39.0.2171.65. It is, therefore, affected by the following vulnerabilities : - A double-free vulnerability exists in the version of Adobe Flash bundled with Chrome which could result in arbitrary code execution. (CVE-2014-0574) - An unspecified address bar spoofing vulnerability exists which could be used to aid in phishing attacks. (CVE-2014-7899) - Multiple use-after-free vulnerabilities exist in pdfium which could result in arbitrary code execution. (CVE-2014-7900, CVE-2014-7902) - Integer overflow vulnerabilities exist in pdfium and the media component which could result in arbitrary code execution. (CVE-2014-7901, CVE-2014-7908) - Buffer overflow vulnerabilities exist in pdfium and Skia which could result in arbitrary code execution. (CVE-2014-7903, CVE-2014-7904) - Use-after-free vulnerabilities exist in Pepper plugins and Blink which could result in arbitrary code execution. (CVE-2014-7906, CVE-2014-7907) - An unspecified uninitialized memory read exists. (CVE-2014-7909) - Multiple unspecified vulnerabilities exist. (CVE-2014-7910) last seen 2020-06-01 modified 2020-06-02 plugin id 79337 published 2014-11-19 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79337 title Google Chrome < 39.0.2171.65 Multiple Vulnerabilities (Mac OS X) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2410-1.NASL description A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7904) Multiple use-after-frees were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7907) An integer overflow was discovered in media. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7908) An uninitialized memory read was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2014-7909) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7910). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 79354 published 2014-11-20 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79354 title Ubuntu 14.04 LTS / 14.10 : oxide-qt vulnerabilities (USN-2410-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1894.NASL description Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Chromium is an open source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2014-7904, CVE-2014-7906, CVE-2014-7907, CVE-2014-7910, CVE-2014-7908, CVE-2014-7909) A flaw was found in the way Chromium parsed certain URL values. A malicious attacker could use this flaw to perform phishing attacks. (CVE-2014-7899) All Chromium users should upgrade to these updated packages, which contain Chromium version 39.0.2171.65, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. last seen 2020-05-31 modified 2014-11-25 plugin id 79426 published 2014-11-25 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79426 title RHEL 6 : chromium-browser (RHSA-2014:1894) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-13.NASL description The remote host is affected by the vulnerability described in GLSA-201412-13 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79966 published 2014-12-15 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79966 title GLSA-201412-13 : Chromium: Multiple vulnerabilities NASL family Windows NASL id GOOGLE_CHROME_39_0_2171_65.NASL description The version of Google Chrome installed on the remote Windows host is a version prior to 39.0.2171.65. It is, therefore, affected by the following vulnerabilities : - A double-free vulnerability exists in the version of Adobe Flash bundled with Chrome which could result in arbitrary code execution. (CVE-2014-0574) - An unspecified address bar spoofing vulnerability exists which could be used to aid in phishing attacks. (CVE-2014-7899) - Multiple use-after-free vulnerabilities exist in pdfium which could result in arbitrary code execution. (CVE-2014-7900, CVE-2014-7902) - Integer overflow vulnerabilities exist in pdfium and the media component which could result in arbitrary code execution. (CVE-2014-7901, CVE-2014-7908) - Buffer overflow vulnerabilities exist in pdfium and Skia which could result in arbitrary code execution. (CVE-2014-7903, CVE-2014-7904) - Use-after-free vulnerabilities exist in Pepper plugins and Blink which could result in arbitrary code execution. (CVE-2014-7906, CVE-2014-7907) - An unspecified uninitialized memory read exists. (CVE-2014-7909) - Multiple unspecified vulnerabilities exist. (CVE-2014-7910) last seen 2020-06-01 modified 2020-06-02 plugin id 79336 published 2014-11-19 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79336 title Google Chrome < 39.0.2171.65 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-764.NASL description chromium was updated to version 39.0.2171.65 to fix 13 security issues. These security issues were fixed : - Use-after-free in pepper plugins (CVE-2014-7906). - Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chromebefore 39.0.2171.65, al... (CVE-2014-7903). - Uninitialized memory read in Skia (CVE-2014-7909). - Unspecified security issues (CVE-2014-7910). - Integer overflow in media (CVE-2014-7908). - Integer overflow in the opj_t2_read_packet_data function infxcodec/fx_libopenjpeg/libopenjpeg20/t2.... (CVE-2014-7901). - Use-after-free in blink (CVE-2014-7907). - Address bar spoofing (CVE-2014-7899). - Buffer overflow in Skia (CVE-2014-7904). - Use-after-free vulnerability in the CPDF_Parser (CVE-2014-7900). - Use-after-free vulnerability in PDFium allows DoS (CVE-2014-7902). - Flaw allowing navigation to intents that do not have the BROWSABLE category (CVE-2014-7905). - Double-free in Flash (CVE-2014-0574). last seen 2020-06-05 modified 2014-12-15 plugin id 79997 published 2014-12-15 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79997 title openSUSE Security Update : chromium (openSUSE-SU-2014:1626-1)
Redhat
advisories |
| ||||
rpms |
|
References
- https://code.google.com/p/chromium/issues/detail?id=397396
- https://code.google.com/p/chromium/issues/detail?id=411165
- https://code.google.com/p/chromium/issues/detail?id=409508
- http://www.securitytracker.com/id/1031241
- https://code.google.com/p/chromium/issues/detail?id=409454
- https://code.google.com/p/chromium/issues/detail?id=391001
- https://code.google.com/p/chromium/issues/detail?id=413744
- https://code.google.com/p/chromium/issues/detail?id=340387
- https://code.google.com/p/chromium/issues/detail?id=421981
- http://www.securityfocus.com/bid/71161
- https://code.google.com/p/chromium/issues/detail?id=408426
- https://code.google.com/p/chromium/issues/detail?id=421720
- https://code.google.com/p/chromium/issues/detail?id=423030
- http://rhn.redhat.com/errata/RHSA-2014-1894.html
- http://secunia.com/advisories/62608
- https://code.google.com/p/chromium/issues/detail?id=421090
- https://code.google.com/p/chromium/issues/detail?id=414134
- https://code.google.com/p/chromium/issues/detail?id=389451
- https://code.google.com/p/chromium/issues/detail?id=417329
- https://code.google.com/p/chromium/issues/detail?id=424999
- https://www.exploit-db.com/exploits/34879/
- http://secunia.com/advisories/60194
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98798
- https://code.google.com/p/chromium/issues/detail?id=425152
- https://code.google.com/p/chromium/issues/detail?id=415407
- https://code.google.com/p/chromium/issues/detail?id=411162
- https://code.google.com/p/chromium/issues/detail?id=424215
- https://code.google.com/p/chromium/issues/detail?id=417210
- https://code.google.com/p/chromium/issues/detail?id=337071
- http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html
- https://code.google.com/p/chromium/issues/detail?id=433500
- https://code.google.com/p/chromium/issues/detail?id=421321
- https://code.google.com/p/chromium/issues/detail?id=422482
- https://code.google.com/p/chromium/issues/detail?id=411159
- https://code.google.com/p/chromium/issues/detail?id=413743
- https://code.google.com/p/chromium/issues/detail?id=421504
- https://code.google.com/p/chromium/issues/detail?id=425151
- https://code.google.com/p/chromium/issues/detail?id=423891