CVSS: 10.0EPSS: 0%CPEs: 68EXPL: 0CVE-2012-5138
https://notcve.org/view.php?id=CVE-2012-5138
Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors. Google Chrome antes de v23.0.1271.95 no controla correctamente las rutas de archivos, lo que tiene impacto y vectores de ataque no especificados. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html http://secunia.com/advisories/51447 http://www.securityfocus.com/bid/56741 https://code.google.com/p/chromium/issues/detail?id=161564 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15638 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1CVE-2012-5568
https://notcve.org/view.php?id=CVE-2012-5568
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. Apache Tomcat hasta v7.0.x permite a atacantes remotos provocar una denegación de servicio (parada del demonio) a través de peticiones HTTP parciales, tal y como quedó demostrado por Slowloris. • http://captainholly.wordpress.com/2009/06/19/slowloris-vs-tomcat http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://openwall.com/lists/oss-security/2012/11/26/2 http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147776.html http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147779.html •
CVSS: 7.5EPSS: 1%CPEs: 64EXPL: 0CVE-2012-5133
https://notcve.org/view.php?id=CVE-2012-5133
Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters. Vulnerabilidad de uso después de la liberación en Google Chrome anteriores a 23.0.1271.91, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) o posiblemente tener otro impacto a través de vectores que implican filtros SVG. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html http://www.securityfocus.com/bid/56684 http://www.securitytracker.com/id?1027815 https://code.google.com/p/chromium/issues/detail?id=156567 https://exchange.xforce.ibmcloud.com/vulnerabilities/80291 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15954 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 2%CPEs: 64EXPL: 0CVE-2012-5135
https://notcve.org/view.php?id=CVE-2012-5135
Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing. Vulnerabilidad de uso después de liberación en Google Chrome antes de v23.0.1271.91 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con la impresión. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html http://osvdb.org/87886 http://www.securityfocus.com/bid/56684 http://www.securitytracker.com/id?1027815 https://code.google.com/p/chromium/issues/detail?id=159165 https://exchange.xforce.ibmcloud.com/vulnerabilities/80295 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15768 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 1%CPEs: 64EXPL: 0CVE-2012-5136
https://notcve.org/view.php?id=CVE-2012-5136
Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document. Google Chrome antes de v23.0.1271.91 no realiza adecuadamente una conversión de una variable específica durante la manipulación del elemento INPUT, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente otro impacto a través de un documento HTML manipulado. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html http://osvdb.org/87885 http://www.securityfocus.com/bid/56684 http://www.securitytracker.com/id?1027815 https://code.google.com/p/chromium/issues/detail?id=159829 https://exchange.xforce.ibmcloud.com/vulnerabilities/80296 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15929 • CWE-20: Improper Input Validation •