CVSS: 9.8EPSS: 4%CPEs: 226EXPL: 0CVE-2012-5134 – libxml2: Heap-buffer-underflow in xmlParseAttValueComplex
https://notcve.org/view.php?id=CVE-2012-5134
28 Nov 2012 — Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. Desbordamiento de búfer basado en memoria dinámica en la función xmlParseAttValueComplex en parser.c en libxml2 2.9.0 y anteriores, como las usadas en Google Chrome anteriores a 23.0.1271.91,permite a atacant... • http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 64EXPL: 0CVE-2012-5135 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5135
28 Nov 2012 — Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing. Vulnerabilidad de uso después de liberación en Google Chrome antes de v23.0.1271.91 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con la impresión. Multiple vulnerabilities have been reported in Chromium and V8, some... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 1%CPEs: 64EXPL: 0CVE-2012-5136 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5136
28 Nov 2012 — Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document. Google Chrome antes de v23.0.1271.91 no realiza adecuadamente una conversión de una variable específica durante la manipulación del elemento INPUT, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente otro impacto a travé... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 3CVE-2012-5851 – WebKit Cross-Site Scripting Filter - 'Cross-Site ScriptingAuditor.cpp' Security Bypass
https://notcve.org/view.php?id=CVE-2012-5851
15 Nov 2012 — html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108. html/parser/XSSAuditor.cpp en WebCore en WebKit, tal y como se utiliza en Google Chrome hasta v22 y Safari v5.1.7, no tiene en cuenta todos los contextos de salida posibles de los datos refle... • https://www.exploit-db.com/exploits/38024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 55EXPL: 0CVE-2012-5115
https://notcve.org/view.php?id=CVE-2012-5115
07 Nov 2012 — Google Chrome before 23.0.1271.64 on Mac OS X does not properly mitigate improper write behavior in graphics drivers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger "wild writes." Google Chrome antes v23.0.1271.64 en Mac OS X no mitiga adecuadamente un comportamiento de escritura impropio en los controladores de gráficos, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impa... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5116 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5116
07 Nov 2012 — Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG filters. Una vulnerabilidad de uso después de liberación en Google Chrome antes v23.0.1271.64 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con el manejo de filtros SVG. Multiple vulnerabilities have been rep... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 54EXPL: 0CVE-2012-5117 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5117
07 Nov 2012 — Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors. Google Chrome antes v23.0.1271.64 no restringe correctamente la carga de un subrecurso SVG en el contexto de un elemento IMG, lo que tiene un impacto no especificado y vectores de ataque remotos. Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Versions less ... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 55EXPL: 0CVE-2012-5118 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5118
07 Nov 2012 — Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Google Chrome antes v23.0.1271.64 en Mac OS X no valida correctamente un valor entero en el manejo de buffers de comandos GPU, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través d... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5119 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5119
07 Nov 2012 — Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to buffers. Condición de carrera en Pepper, tal como se utiliza en Google Chrome antes de v23.0.1271.64, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con buffers. Multiple vulnerabilities have been reported in Chromium and V... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 249EXPL: 0CVE-2012-5120 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5120
07 Nov 2012 — Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to an array. Google V8 antes de v3.13.7.5, tal como se utiliza en Google Chrome antes de v23.0.1271.64, en plataformas de 64 bits de Linux, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado ... • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •