CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 3CVE-2012-5851 – WebKit Cross-Site Scripting Filter - 'Cross-Site ScriptingAuditor.cpp' Security Bypass
https://notcve.org/view.php?id=CVE-2012-5851
15 Nov 2012 — html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108. html/parser/XSSAuditor.cpp en WebCore en WebKit, tal y como se utiliza en Google Chrome hasta v22 y Safari v5.1.7, no tiene en cuenta todos los contextos de salida posibles de los datos refle... • https://www.exploit-db.com/exploits/38024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 55EXPL: 0CVE-2012-5115
https://notcve.org/view.php?id=CVE-2012-5115
07 Nov 2012 — Google Chrome before 23.0.1271.64 on Mac OS X does not properly mitigate improper write behavior in graphics drivers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger "wild writes." Google Chrome antes v23.0.1271.64 en Mac OS X no mitiga adecuadamente un comportamiento de escritura impropio en los controladores de gráficos, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impa... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5116
https://notcve.org/view.php?id=CVE-2012-5116
07 Nov 2012 — Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG filters. Una vulnerabilidad de uso después de liberación en Google Chrome antes v23.0.1271.64 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con el manejo de filtros SVG. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 54EXPL: 0CVE-2012-5117
https://notcve.org/view.php?id=CVE-2012-5117
07 Nov 2012 — Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors. Google Chrome antes v23.0.1271.64 no restringe correctamente la carga de un subrecurso SVG en el contexto de un elemento IMG, lo que tiene un impacto no especificado y vectores de ataque remotos. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 55EXPL: 0CVE-2012-5118
https://notcve.org/view.php?id=CVE-2012-5118
07 Nov 2012 — Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Google Chrome antes v23.0.1271.64 en Mac OS X no valida correctamente un valor entero en el manejo de buffers de comandos GPU, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través d... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5119
https://notcve.org/view.php?id=CVE-2012-5119
07 Nov 2012 — Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to buffers. Condición de carrera en Pepper, tal como se utiliza en Google Chrome antes de v23.0.1271.64, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con buffers. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 249EXPL: 0CVE-2012-5120
https://notcve.org/view.php?id=CVE-2012-5120
07 Nov 2012 — Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to an array. Google V8 antes de v3.13.7.5, tal como se utiliza en Google Chrome antes de v23.0.1271.64, en plataformas de 64 bits de Linux, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado ... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5121
https://notcve.org/view.php?id=CVE-2012-5121
07 Nov 2012 — Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout. Vulnerabilidad de uso después de liberación en Google Chrome antes de v23.0.1271.64, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con diseño de vídeo. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5122
https://notcve.org/view.php?id=CVE-2012-5122
07 Nov 2012 — Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. Google Chrome antes de v23.0.1271.64 no realiza adecuadamente una conversión de una variable no especificada durante la manipulación de entrada, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocido... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5123
https://notcve.org/view.php?id=CVE-2012-5123
07 Nov 2012 — Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Skia, tal como se utiliza en Google Chrome antes de v23.0.1271.64, permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •