 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.842005 |
| Kategorie: | Ubuntu Local Security Checks |
| Titel: | Ubuntu Update for oxide-qt USN-2345-1 |
| Zusammenfassung: | The remote host is missing an update for the 'oxide-qt'; package(s) announced via the referenced advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'oxide-qt' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple use-after-free issues were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3178, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3179, CVE-2014-3200) It was discovered that Chromium did not properly handle the interaction of IPC and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3188) A use-after-free was discovered in the web workers implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3194) It was discovered that V8 did not correctly handle Javascript heap allocations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal sensitive information. (CVE-2014-3195) It was discovered that Blink did not properly provide substitute data for pages blocked by the XSS auditor. If a user were tricked in to opening a specially crafter website, an attacker could potentially exploit this to steal sensitive information. (CVE-2014-3197) It was discovered that the wrap function for Event's in the V8 bindings in Blink produced an erroneous result in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service by stopping a worker process that was handling an Event object. (CVE-2014-3199) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7967) Affected Software/OS: oxide-qt on Ubuntu 14.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3178 BugTraq ID: 69709 http://www.securityfocus.com/bid/69709 Debian Security Information: DSA-3039 (Google Search) http://www.debian.org/security/2014/dsa-3039 http://security.gentoo.org/glsa/glsa-201409-06.xml http://secunia.com/advisories/61446 XForce ISS Database: google-chrome-cve20143178-code-exec(95815) https://exchange.xforce.ibmcloud.com/vulnerabilities/95815 Common Vulnerability Exposure (CVE) ID: CVE-2014-3190 BugTraq ID: 70273 http://www.securityfocus.com/bid/70273 RedHat Security Advisories: RHSA-2014:1626 http://rhn.redhat.com/errata/RHSA-2014-1626.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3191 Common Vulnerability Exposure (CVE) ID: CVE-2014-3192 http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://www.securitytracker.com/id/1031647 Common Vulnerability Exposure (CVE) ID: CVE-2014-3179 BugTraq ID: 69710 http://www.securityfocus.com/bid/69710 XForce ISS Database: google-chrome-cve20143179-unspec(95816) https://exchange.xforce.ibmcloud.com/vulnerabilities/95816 Common Vulnerability Exposure (CVE) ID: CVE-2014-3200 Common Vulnerability Exposure (CVE) ID: CVE-2014-3188 Common Vulnerability Exposure (CVE) ID: CVE-2014-3194 Common Vulnerability Exposure (CVE) ID: CVE-2014-3195 Common Vulnerability Exposure (CVE) ID: CVE-2014-3197 Common Vulnerability Exposure (CVE) ID: CVE-2014-3199 Common Vulnerability Exposure (CVE) ID: CVE-2014-7967 |
| Copyright | Copyright (C) 2014 Greenbone Networks GmbH |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |