CVE-2014-2214
published 2019-11-22CVE-2014-2214: Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web…
PriorityP423medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.82%
52.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| posh_project | posh | 3.0 – 3.2.1 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pq6c-xmq3-56qm: Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3
ghsa_unreviewed·2022-05-17
CVE-2014-2214 [MEDIUM] CWE-79 GHSA-pq6c-xmq3-56qm: Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
Red Hat
chromium-browser: memory corruption in V8
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7928 [HIGH] chromium-browser: memory corruption in V8
chromium-browser: memory corruption in V8
hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy.
Red Hat
chromium-browser: use-after-free in DOM
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7930 [HIGH] CWE-416 chromium-browser: use-after-free in DOM
chromium-browser: use-after-free in DOM
Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of TreeScope data.
Red Hat
ICU: uninitialized value use in the collation component
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7940 [HIGH] ICU: uninitialized value use in the collation component
ICU: uninitialized value use in the collation component
The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence.
Package: icu (Red Hat Enterprise Linux 5) - Will not fix
Package: icu (Red Hat Enterprise Linux 6) - Will not fix
Package: icu (Red Hat Enterprise Linux 7) - Will not fix
Red Hat
chromium-browser: out-of-bounds read in PDFium
vendor_redhat·2015-01-21·CVSS 5.0
CVE-2014-7945 [MEDIUM] CWE-125 chromium-browser: out-of-bounds read in PDFium
chromium-browser: out-of-bounds read in PDFium
OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c.
Red Hat
chromium-browser: out-of-bounds read in Fonts
vendor_redhat·2015-01-21·CVSS 5.0
CVE-2014-7946 [MEDIUM] CWE-125 chromium-browser: out-of-bounds read in Fonts
chromium-browser: out-of-bounds read in Fonts
The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome before 40.0.2214.91, skips captions during table layout in certain situations, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors related to the Fonts implementation.
Red Hat
ICU: regexp engine missing look-behind expression range check
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7923 [HIGH] CWE-122 ICU: regexp engine missing look-behind expression range check
ICU: regexp engine missing look-behind expression range check
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.
Statement: The flaw is caused because the ICU regular expression compiler is unable to properly handle certain malformed patterns. Because of the way in which this flaw manifests itself, it can only be triggered via untrusted content, which is common for components such as web browsers, in this case, the Chromium browser.
This flaw has been rated moderate for ICU component in Red Hat products, because either it is
Red Hat
chromium-browser: out-of-bounds read in Skia
vendor_redhat·2015-01-21·CVSS 5.0
CVE-2014-7943 [MEDIUM] CWE-125 chromium-browser: out-of-bounds read in Skia
chromium-browser: out-of-bounds read in Skia
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Red Hat
chromium-browser: use-after-free in Views
vendor_redhat·2015-01-21·CVSS 6.8
CVE-2014-7936 [MEDIUM] CWE-416 chromium-browser: use-after-free in Views
chromium-browser: use-after-free in Views
Use-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that triggers improper maintenance of a zoom bubble.
Red Hat
chromium-browser: out-of-bounds read in UI
vendor_redhat·2015-01-21·CVSS 5.0
CVE-2014-7941 [MEDIUM] CWE-125 chromium-browser: out-of-bounds read in UI
chromium-browser: out-of-bounds read in UI
The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data.
Red Hat
chromium-browser: memory corruption in V8
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7927 [HIGH] chromium-browser: memory corruption in V8
chromium-browser: memory corruption in V8
The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.
Red Hat
chromium-browser: same-origin-bypass in V8
vendor_redhat·2015-01-21·CVSS 4.3
CVE-2014-7939 [MEDIUM] chromium-browser: same-origin-bypass in V8
chromium-browser: same-origin-bypass in V8
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
Red Hat
chromium-browser: use-after-free in IndexedDB
vendor_redhat·2015-01-21·CVSS 5.0
CVE-2014-7924 [MEDIUM] CWE-416 chromium-browser: use-after-free in IndexedDB
chromium-browser: use-after-free in IndexedDB
Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/browser/indexed_db/indexed_db_callbacks.cc and content/browser/indexed_db/indexed_db_dispatcher_host.cc.
Red Hat
chromium-browser: use-after-free in WebAudio
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7925 [HIGH] CWE-416 chromium-browser: use-after-free in WebAudio
chromium-browser: use-after-free in WebAudio
Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improperly maintained.
Red Hat
chromium-browser: use-after-free in Speech
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7935 [HIGH] CWE-416 chromium-browser: use-after-free in Speech
chromium-browser: use-after-free in Speech
Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab.
Red Hat
chromium-browser: use-after-free in DOM
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7934 [HIGH] CWE-416 chromium-browser: use-after-free in DOM
chromium-browser: use-after-free in DOM
Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures.
Red Hat
chromium-browser: use-after-free in DOM
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7932 [HIGH] CWE-416 chromium-browser: use-after-free in DOM
chromium-browser: use-after-free in DOM
Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving pending updates of detached elements.
Red Hat
chromium-browser: out-of-bounds read in PDFium
vendor_redhat·2015-01-21·CVSS 5.0
CVE-2014-7944 [MEDIUM] CWE-125 chromium-browser: out-of-bounds read in PDFium
chromium-browser: out-of-bounds read in PDFium
The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
Red Hat
chromium-browser: memory corruption in V8
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7931 [HIGH] chromium-browser: memory corruption in V8
chromium-browser: memory corruption in V8
factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of backing-store pointers.
Red Hat
chromium-browser: uninitialized-value in Fonts
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7942 [HIGH] CWE-456 chromium-browser: uninitialized-value in Fonts
chromium-browser: uninitialized-value in Fonts
The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Red Hat
icu: insufficient size limit checks in regular expression compiler
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-9654 [HIGH] icu: insufficient size limit checks in regular expression compiler
icu: insufficient size limit checks in regular expression compiler
The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923.
Package: icu (Red Hat Enterprise Linux 5) - Under investigation
Package: icu (Red Hat Enterprise Linux 6) - Will not fix
Package: icu (Red Hat Enterprise Linux 7) - Will not fix
Red Hat
chromium-browser: use-after-free in DOM
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7929 [HIGH] CWE-416 chromium-browser: use-after-free in DOM
chromium-browser: use-after-free in DOM
Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving movement of a SCRIPT element across documents.
Red Hat
chromium-browser: use-after-free in FFmpeg
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7933 [HIGH] CWE-416 chromium-browser: use-after-free in FFmpeg
chromium-browser: use-after-free in FFmpeg
Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data.
Red Hat
chromium-browser: out-of-bounds read in PDFium
vendor_redhat·2015-01-21·CVSS 5.0
CVE-2014-7947 [MEDIUM] CWE-125 chromium-browser: out-of-bounds read in PDFium
chromium-browser: out-of-bounds read in PDFium
OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.
Red Hat
ICU: regexp engine incorrect handling of a zero length quantifier
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7926 [HIGH] CWE-787 ICU: regexp engine incorrect handling of a zero length quantifier
ICU: regexp engine incorrect handling of a zero length quantifier
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier.
Statement: The flaw is caused because the ICU regular expression compiler is unable to properly handle certain malformed patterns. Because of the way in which this flaw manifests itself, it can only be triggered via untrusted content, which is common for components such as web browsers, in this case, the Chromium browser.
This flaw has been rated moderate for ICU component in Red Hat products, because either i
Red Hat
chromium-browser: memory corruption in Fonts
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7938 [HIGH] chromium-browser: memory corruption in Fonts
chromium-browser: memory corruption in Fonts
The Fonts implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Red Hat
chromium-browser: caching error in AppCache
vendor_redhat·2015-01-21·CVSS 4.3
CVE-2014-7948 [MEDIUM] chromium-browser: caching error in AppCache
chromium-browser: caching error in AppCache
The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5 application content via a crafted certificate.
Red Hat
chromium-browser: use-after-free in FFmpeg
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-7937 [HIGH] CWE-416 chromium-browser: use-after-free in FFmpeg
chromium-browser: use-after-free in FFmpeg
Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-11-22
Published