CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2012-2881
https://notcve.org/view.php?id=CVE-2012-2881
Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via unknown vectors. Google Chrome anterio r av22.0.1229.79 no maneja adecuadamente los plugin, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de árbol DOM) u otro tipo de impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html https://code.google.com/p/chromium/issues/detail?id=139814 https://exchange.xforce.ibmcloud.com/vulnerabilities/78825 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14920 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 53EXPL: 0CVE-2012-2893 – libxslt: Heap-double-free in xmlFreeNodeList
https://notcve.org/view.php?id=CVE-2012-2893
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms. Vulnerabilidad de doble liberación en libxslt en Google Chrome anterior a 22.0.1229.79, permite a atacantes remotos provocar una denegación de servicio u otro tipo de impacto a través de vectores relacionados con las transformaciones XSL. • http://git.chromium.org/gitweb/?p=chromium.git%3Ba=commit%3Bh=9a5da8e7d4b6f3454614b0331a51bf29c966f556 http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html http://secunia.com/advisories/50838 http://www.debian.org/security/2012/dsa-2555 http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 https://chromiumcodereview.appspot.com/10919019 https://code.google.com/p/chromium/issues/detail?id=144799 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 1%CPEs: 53EXPL: 0CVE-2012-2894
https://notcve.org/view.php?id=CVE-2012-2894
Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. Google Chrome anterior a 22.0.1220.79 no maneja adecuadamente las estructuras de datos "graphics-content", lo que permite a atacantes remotos provocar una denegación de servicio (Caída de aplicación) o posiblemente otro tipo de impacto sin especificar a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html https://code.google.com/p/chromium/issues/detail?id=144899 https://exchange.xforce.ibmcloud.com/vulnerabilities/78830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15855 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 63%CPEs: 70EXPL: 0CVE-2012-2897
https://notcve.org/view.php?id=CVE-2012-2897
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability." Los controladores de modo kernel en Microsoft Windows XP versiones SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 versiones SP2, R2 y R2 SP1, Windows 7 versiones Gold y SP1, Windows 8, Windows Server 2012 y Windows RT, usados por Google Chrome anterior a versión 22.0.1229.79 y otros programas, no manejan apropiadamente los objetos en la memoria, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo fuente TrueType creado, también se conoce como "Windows Font Parsing Vulnerability" o "TrueType Font Parsing Vulnerability". • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://secunia.com/advisories/51239 http://www.securitytracker.com/id?1027750 http://www.us-cert.gov/cas/techalerts/TA12-318A.html https://code.google.com/p/chromium/issues/detail?id=146254 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075 https://exchange.xforce.ibmcloud.com/vulnerabilities/78822 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15847 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 55EXPL: 0CVE-2012-2879
https://notcve.org/view.php?id=CVE-2012-2879
Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document. Google Chrome anterior a v22.1229.79 permite a a atacantes remotos provocar una denegación de servicio (corrupción de topología DOM) a través de un documento manipulado. • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html https://code.google.com/p/chromium/issues/detail?id=139168 https://exchange.xforce.ibmcloud.com/vulnerabilities/78833 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15634 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •