CVSS: 7.5EPSS: 1%CPEs: 54EXPL: 0CVE-2012-2866
https://notcve.org/view.php?id=CVE-2012-2866
Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. Google Chrome anterior a v21.0.1180.89 no realiza debidamente una conversión de una variable no especificada durante la manipulación de ejecución en los elementos, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto desconocido a través de un documento elaborado. • http://code.google.com/p/chromium/issues/detail?id=134897 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html http://osvdb.org/85031 https://exchange.xforce.ibmcloud.com/vulnerabilities/78175 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15609 •
CVSS: 6.8EPSS: 1%CPEs: 54EXPL: 0CVE-2012-2868
https://notcve.org/view.php?id=CVE-2012-2868
Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object. Condición de carrera en Google Chrome antes de v21.0.1180.89 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con una interacción inadecuada entre los procesos de trabajo y un objeto XMLHttpRequest (o XHR). • http://code.google.com/p/chromium/issues/detail?id=136881 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html http://osvdb.org/85033 https://exchange.xforce.ibmcloud.com/vulnerabilities/78177 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15842 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 1%CPEs: 118EXPL: 0CVE-2012-2870 – libxslt: Use-after-free when processing an invalid XPath expression
https://notcve.org/view.php?id=CVE-2012-2870
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. libxslt v1.1.26 y anteriores, tal como se utiliza en Google Chrome anterior a v21.0.1180.89, no gestiona adecuadamente la memoria, lo que podría permitir a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de una elaborada expresión XSLT que no esté debidamente identificado durante XPath navegación, en relación con (1) la función xsltCompileLocationPathPattern en libxslt / pattern.c y (2) la función xsltGenerateIdFunction en libxslt / functions.c. • http://code.google.com/p/chromium/issues/detail?id=138672 http://code.google.com/p/chromium/issues/detail?id=140368 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html http://secunia.com/advisories/50838 http://secunia.com/advisories/54886 http: • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 6.8EPSS: 1%CPEs: 101EXPL: 0CVE-2012-2871 – libxslt: Heap-buffer overflow caused by bad cast in XSL transforms
https://notcve.org/view.php?id=CVE-2012-2871
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. libxml2 v2.9.0-rc1 y anteriores, tal como se utiliza en Google Chrome antes de v21.0.1180.89, no admite correctamente un conversión de una variable no especificada durante la manipulación de las transformaciones XSL, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto desconocido a través de un documento diseñado para tal fin. Se trata de un problema relacionado con la estructura de datos _xmlNs en include/libxml/tree.h. • http://code.google.com/p/chromium/issues/detail?id=138673 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html http://secunia.com/advisories/50838 http://secunia.com/advisories/54886 http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libx • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.0EPSS: 1%CPEs: 54EXPL: 0CVE-2012-2867
https://notcve.org/view.php?id=CVE-2012-2867
The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. La implementación SPDY en Google Chrome anterior a v21.0.1180.89 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=135485 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html http://osvdb.org/85032 https://exchange.xforce.ibmcloud.com/vulnerabilities/78176 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15130 •