Page 541 of 3368 results (0.008 seconds)

CVSS: 6.8EPSS: 1%CPEs: 53EXPL: 0

Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. Google Chrome anterior a 22.0.1220.79 no maneja adecuadamente las estructuras de datos "graphics-content", lo que permite a atacantes remotos provocar una denegación de servicio (Caída de aplicación) o posiblemente otro tipo de impacto sin especificar a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html https://code.google.com/p/chromium/issues/detail?id=144899 https://exchange.xforce.ibmcloud.com/vulnerabilities/78830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15855 • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 63%CPEs: 70EXPL: 0

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability." Los controladores de modo kernel en Microsoft Windows XP versiones SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 versiones SP2, R2 y R2 SP1, Windows 7 versiones Gold y SP1, Windows 8, Windows Server 2012 y Windows RT, usados por Google Chrome anterior a versión 22.0.1229.79 y otros programas, no manejan apropiadamente los objetos en la memoria, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo fuente TrueType creado, también se conoce como "Windows Font Parsing Vulnerability" o "TrueType Font Parsing Vulnerability". • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://secunia.com/advisories/51239 http://www.securitytracker.com/id?1027750 http://www.us-cert.gov/cas/techalerts/TA12-318A.html https://code.google.com/p/chromium/issues/detail?id=146254 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075 https://exchange.xforce.ibmcloud.com/vulnerabilities/78822 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15847 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0

Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2883. Skia usado en Google Chrome anterior a v22.0.1229.79, permite a atacantes remotos provocar una denegación de servicio u otro tipo de impacto a través de vectores que provocan una operación de escritura fuera de rango. Vulnerabilidad distinta de CVE-2012-2883. • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html https://code.google.com/p/chromium/issues/detail?id=132398 https://exchange.xforce.ibmcloud.com/vulnerabilities/78835 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15856 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 56EXPL: 0

Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Chrome anteriores a v22.0.1229.79, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que implican "frames" también conocido como "Universal XSS (UXSS)." • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html http://support.apple.com/kb/HT5642 https://code.google.com/p/chromium/issues/detail?id=143439 https://exchange.xforce.ibmcloud.com/vulnerabilities/78823 https://oval.cisecurity.org/repository/search/de • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 1%CPEs: 55EXPL: 0

FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue. FFmpeg usado en Google Chrome anterior a v22.0.1229.79 no maneja adecuadamente los contenedores OGG, lo que permite a atacantes remotos provocar una denegación de servicio u otro tipo de impacto a través de vectores desconocidos relativos al tema "wild pointer". • http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html https://chromiumcodereview.appspot.com/10829204 https://code.google.com/p/chromium/issues/detail?id=140647 https://exchange.xforce.ibmcloud.com/vulnerabilities/78839 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15688 https://src.chromium.org/viewvc/chrome?view=rev&revision=150239 • CWE-20: Improper Input Validation •