CVSS: 10.0EPSS: 0%CPEs: 68EXPL: 0CVE-2012-5138
https://notcve.org/view.php?id=CVE-2012-5138
Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors. Google Chrome antes de v23.0.1271.95 no controla correctamente las rutas de archivos, lo que tiene impacto y vectores de ataque no especificados. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html http://secunia.com/advisories/51447 http://www.securityfocus.com/bid/56741 https://code.google.com/p/chromium/issues/detail?id=161564 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15638 •
CVSS: 6.8EPSS: 1%CPEs: 64EXPL: 0CVE-2012-5136
https://notcve.org/view.php?id=CVE-2012-5136
Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document. Google Chrome antes de v23.0.1271.91 no realiza adecuadamente una conversión de una variable específica durante la manipulación del elemento INPUT, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente otro impacto a través de un documento HTML manipulado. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html http://osvdb.org/87885 http://www.securityfocus.com/bid/56684 http://www.securitytracker.com/id?1027815 https://code.google.com/p/chromium/issues/detail?id=159829 https://exchange.xforce.ibmcloud.com/vulnerabilities/80296 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15929 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 4%CPEs: 226EXPL: 0CVE-2012-5134 – libxml2: Heap-buffer-underflow in xmlParseAttValueComplex
https://notcve.org/view.php?id=CVE-2012-5134
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. Desbordamiento de búfer basado en memoria dinámica en la función xmlParseAttValueComplex en parser.c en libxml2 2.9.0 y anteriores, como las usadas en Google Chrome anteriores a 23.0.1271.91,permite a atacantes remotos causar una denegación de servicio (cuelgue) o ejecutar código a través de una entidad manipulada en un fichero XML. • http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2013- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 64EXPL: 0CVE-2012-5133
https://notcve.org/view.php?id=CVE-2012-5133
Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters. Vulnerabilidad de uso después de la liberación en Google Chrome anteriores a 23.0.1271.91, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) o posiblemente tener otro impacto a través de vectores que implican filtros SVG. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html http://www.securityfocus.com/bid/56684 http://www.securitytracker.com/id?1027815 https://code.google.com/p/chromium/issues/detail?id=156567 https://exchange.xforce.ibmcloud.com/vulnerabilities/80291 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15954 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 2%CPEs: 64EXPL: 0CVE-2012-5135
https://notcve.org/view.php?id=CVE-2012-5135
Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing. Vulnerabilidad de uso después de liberación en Google Chrome antes de v23.0.1271.91 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con la impresión. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html http://osvdb.org/87886 http://www.securityfocus.com/bid/56684 http://www.securitytracker.com/id?1027815 https://code.google.com/p/chromium/issues/detail?id=159165 https://exchange.xforce.ibmcloud.com/vulnerabilities/80295 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15768 • CWE-399: Resource Management Errors •