CVSS: 5.0EPSS: 1%CPEs: 64EXPL: 0CVE-2012-5130
https://notcve.org/view.php?id=CVE-2012-5130
Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Skia, como se usa en Google Chrome antes de v23.0.1271.91 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de vectores no especificados • http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html http://osvdb.org/87888 http://www.securityfocus.com/bid/56684 http://www.securitytracker.com/id?1027815 https://code.google.com/p/chromium/issues/detail?id=148638 https://exchange.xforce.ibmcloud.com/vulnerabilities/80292 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15734 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 64EXPL: 0CVE-2012-5133
https://notcve.org/view.php?id=CVE-2012-5133
Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters. Vulnerabilidad de uso después de la liberación en Google Chrome anteriores a 23.0.1271.91, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) o posiblemente tener otro impacto a través de vectores que implican filtros SVG. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html http://www.securityfocus.com/bid/56684 http://www.securitytracker.com/id?1027815 https://code.google.com/p/chromium/issues/detail?id=156567 https://exchange.xforce.ibmcloud.com/vulnerabilities/80291 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15954 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 4%CPEs: 226EXPL: 0CVE-2012-5134 – libxml2: Heap-buffer-underflow in xmlParseAttValueComplex
https://notcve.org/view.php?id=CVE-2012-5134
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. Desbordamiento de búfer basado en memoria dinámica en la función xmlParseAttValueComplex en parser.c en libxml2 2.9.0 y anteriores, como las usadas en Google Chrome anteriores a 23.0.1271.91,permite a atacantes remotos causar una denegación de servicio (cuelgue) o ejecutar código a través de una entidad manipulada en un fichero XML. • http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2013- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 63EXPL: 3CVE-2012-5851 – WebKit Cross-Site Scripting Filter - 'Cross-Site ScriptingAuditor.cpp' Security Bypass
https://notcve.org/view.php?id=CVE-2012-5851
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108. html/parser/XSSAuditor.cpp en WebCore en WebKit, tal y como se utiliza en Google Chrome hasta v22 y Safari v5.1.7, no tiene en cuenta todos los contextos de salida posibles de los datos reflejados, lo que hace que sea más fácil para los atacantes remotos saltarse el mecanismo de protección ante ataques de ejecución de comandos en sitios cruzados (XSS) a través de una cadena hecha a mano. Se trata de un problema también conocido como "rdar problem 12019108". • https://www.exploit-db.com/exploits/38024 http://blog.opensecurityresearch.com/2012/09/simple-cross-site-scripting-vector-that.html https://bugs.webkit.org/show_bug.cgi?id=92692 https://exchange.xforce.ibmcloud.com/vulnerabilities/80072 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5119
https://notcve.org/view.php?id=CVE-2012-5119
Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to buffers. Condición de carrera en Pepper, tal como se utiliza en Google Chrome antes de v23.0.1271.64, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con buffers. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html http://osvdb.org/87072 http://www.securityfocus.com/bid/56413 https://code.google.com/p/chromium/issues/detail?id=149759 https://exchange.xforce.ibmcloud.com/vulnerabilities/79866 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15977 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •