Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that accesses the path property of an Event object.
Category Archives: Security
Security
CVE-2014-3195 (chrome, enterprise_linux_desktop_supplementary, enterprise_linux_server_supplementary, enterprise_linux_server_supplementary_eus, enterprise_linux_workstation_supplementary)
Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc.
CVE-2014-3191 (chrome, enterprise_linux_desktop_supplementary, enterprise_linux_server_supplementary, enterprise_linux_server_supplementary_eus, enterprise_linux_workstation_supplementary)
Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree, related to the FrameView::updateLayoutAndStyleForPainting function in core/frame/FrameView.cpp and the RenderLayerScrollableArea::setScrollOffset function in core/rendering/RenderLayerScrollableArea.cpp.
CVE-2014-3197 (chrome, enterprise_linux_desktop_supplementary, enterprise_linux_server_supplementary, enterprise_linux_server_supplementary_eus, enterprise_linux_workstation_supplementary)
The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site.
CVE-2014-3189 (chrome, enterprise_linux_desktop_supplementary, enterprise_linux_server_supplementary, enterprise_linux_server_supplementary_eus, enterprise_linux_workstation_supplementary)
The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors.
CVE-2014-3194 (chrome, enterprise_linux_desktop_supplementary, enterprise_linux_server_supplementary, enterprise_linux_server_supplementary_eus, enterprise_linux_workstation_supplementary)
Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
[Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting
Posted by Onapsis Research Labs on Oct 08
Onapsis Security Advisory 2014-032: SAP BusinessObjects Persistent Cross
Site Scripting
1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker would
be able to attack other users of the system.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 2014-10-08
– Subscriber Notification Date: 2014-10-08
– Last Revised: 2014-09-17
-…
[Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure
Posted by Onapsis Research Labs on Oct 08
Onapsis Security Advisory 2014-020: SAP Business Objects Information
Disclosure
1. Impact on Business
=====================
A malicious user can discover information relating to valid users
using a vulnerable Business Objects Enterprise instance. This
information could be used to allow the malicious user to specialize
their attacks against the system.
Risk Level: Medium
2. Advisory Information
=======================
– Public…
[Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA
Posted by Onapsis Research Labs on Oct 08
Onapsis Security Advisory 2014-020: SAP Business Objects Denial of
Service via CORBA
1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker would
be able to completely shut down the SAP Business Objects remotely.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 2014-10-08
– Subscriber Notification Date: 2014-10-08
– Last Revised:…
[Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA
Posted by Onapsis Research Labs on Oct 08
Onapsis Security Advisory 2014-031: SAP Business Objects Information
Disclosure via CORBA
1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker would
be able to obtain information about the system that could be used to
further specialize attacks against the Business Objects platform.
Risk Level: Low
2. Advisory Information
=======================
– Public Release Date:…