CVSS: 4.3EPSS: 0%CPEs: 63EXPL: 3CVE-2012-5851 – WebKit Cross-Site Scripting Filter - 'Cross-Site ScriptingAuditor.cpp' Security Bypass
https://notcve.org/view.php?id=CVE-2012-5851
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108. html/parser/XSSAuditor.cpp en WebCore en WebKit, tal y como se utiliza en Google Chrome hasta v22 y Safari v5.1.7, no tiene en cuenta todos los contextos de salida posibles de los datos reflejados, lo que hace que sea más fácil para los atacantes remotos saltarse el mecanismo de protección ante ataques de ejecución de comandos en sitios cruzados (XSS) a través de una cadena hecha a mano. Se trata de un problema también conocido como "rdar problem 12019108". • https://www.exploit-db.com/exploits/38024 http://blog.opensecurityresearch.com/2012/09/simple-cross-site-scripting-vector-that.html https://bugs.webkit.org/show_bug.cgi?id=92692 https://exchange.xforce.ibmcloud.com/vulnerabilities/80072 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5119
https://notcve.org/view.php?id=CVE-2012-5119
Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to buffers. Condición de carrera en Pepper, tal como se utiliza en Google Chrome antes de v23.0.1271.64, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con buffers. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html http://osvdb.org/87072 http://www.securityfocus.com/bid/56413 https://code.google.com/p/chromium/issues/detail?id=149759 https://exchange.xforce.ibmcloud.com/vulnerabilities/79866 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15977 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 1%CPEs: 54EXPL: 0CVE-2012-5125
https://notcve.org/view.php?id=CVE-2012-5125
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs. Vulnerabilidad de uso después de liberación en Google Chrome antes de v23.0.1271.64 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con el manejo del complemento tabs. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html http://osvdb.org/87083 http://www.securityfocus.com/bid/56413 https://code.google.com/p/chromium/issues/detail?id=156051 https://exchange.xforce.ibmcloud.com/vulnerabilities/79872 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15341 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2012-5117
https://notcve.org/view.php?id=CVE-2012-5117
Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors. Google Chrome antes v23.0.1271.64 no restringe correctamente la carga de un subrecurso SVG en el contexto de un elemento IMG, lo que tiene un impacto no especificado y vectores de ataque remotos. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html http://osvdb.org/87076 http://www.securityfocus.com/bid/56413 https://code.google.com/p/chromium/issues/detail?id=145915 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15912 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2012-5118
https://notcve.org/view.php?id=CVE-2012-5118
Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Google Chrome antes v23.0.1271.64 en Mac OS X no valida correctamente un valor entero en el manejo de buffers de comandos GPU, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html http://osvdb.org/87074 http://www.securityfocus.com/bid/56413 https://code.google.com/p/chromium/issues/detail?id=149717 https://exchange.xforce.ibmcloud.com/vulnerabilities/79865 • CWE-20: Improper Input Validation •