CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 3CVE-2012-5851 – WebKit Cross-Site Scripting Filter - 'Cross-Site ScriptingAuditor.cpp' Security Bypass
https://notcve.org/view.php?id=CVE-2012-5851
15 Nov 2012 — html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108. html/parser/XSSAuditor.cpp en WebCore en WebKit, tal y como se utiliza en Google Chrome hasta v22 y Safari v5.1.7, no tiene en cuenta todos los contextos de salida posibles de los datos refle... • https://www.exploit-db.com/exploits/38024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5116 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5116
07 Nov 2012 — Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG filters. Una vulnerabilidad de uso después de liberación en Google Chrome antes v23.0.1271.64 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con el manejo de filtros SVG. Multiple vulnerabilities have been rep... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 84EXPL: 0CVE-2012-5128 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5128
07 Nov 2012 — Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform write operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Google V8 antes de v3.13.7.5, tal como se utiliza en Google Chrome antes de v23.0.1271.64, no lleva a cabo adecuadamente todas las operaciones de escritura, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especifica... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 55EXPL: 0CVE-2012-5118 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5118
07 Nov 2012 — Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Google Chrome antes v23.0.1271.64 en Mac OS X no valida correctamente un valor entero en el manejo de buffers de comandos GPU, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través d... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5122 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5122
07 Nov 2012 — Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. Google Chrome antes de v23.0.1271.64 no realiza adecuadamente una conversión de una variable no especificada durante la manipulación de entrada, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocido... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5126 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5126
07 Nov 2012 — Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of plug-in placeholders. Vulnerabilidad de uso después de liberación en Google Chrome antes de v23.0.1271.64 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con el manejo del complemento de marcadores de posición. M... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5121 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5121
07 Nov 2012 — Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout. Vulnerabilidad de uso después de liberación en Google Chrome antes de v23.0.1271.64, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con diseño de vídeo. Multiple vulnerabilities have been reported in Chromium and V8... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5127 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5127
07 Nov 2012 — Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. Desbordamiento de entero en Google Chrome antes de v23.0.1271.64 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) o posiblemente tener un impacto no especificado a través de una imagen WebP manipulada. Multiple vulnerabilities have been reported in Chromium and V8, some of ... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5124 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5124
07 Nov 2012 — Google Chrome before 23.0.1271.64 does not properly handle textures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Google Chrome antes de v23.0.1271.64 no controla correctamente las texturas, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto no especificado a través de vectores desconocidos. Multiple vulnerabilities have been reported in... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5119 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5119
07 Nov 2012 — Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to buffers. Condición de carrera en Pepper, tal como se utiliza en Google Chrome antes de v23.0.1271.64, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con buffers. Multiple vulnerabilities have been reported in Chromium and V... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •