CVSS: 10.0EPSS: 6%CPEs: 132EXPL: 0CVE-2011-3106
https://notcve.org/view.php?id=CVE-2011-3106
The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. La implementación de WebSockets en Google Chrome antes de v19.0.1084.52 no controla correctamente el uso de SSL, que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=122654 http://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html http://osvdb.org/82251 http://secunia.com/advisories/49277 http://secunia.com/advisories/49306 http://security.gentoo.org/glsa/glsa-201205-04.xml http://www.securityfocus.com/bid/53679 http://www.securitytracker.com/id?1027098 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15470 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 3%CPEs: 1EXPL: 0CVE-2011-3090
https://notcve.org/view.php?id=CVE-2011-3090
Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes. Condición de carrera en Google Chrome anterior a v19.0.1084.46 permite a atacantes remotos causar una denegación de servicio o tener un impacto no especificado a través de vectores relacionados con los procesos de trabajo. • http://code.google.com/p/chromium/issues/detail?id=121223 http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html http://security.gentoo.org/glsa/glsa-201205-03.xml http://support. • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 4%CPEs: 49EXPL: 0CVE-2011-3102 – libxml: An off-by-one out-of-bounds write by XPointer part evaluation
https://notcve.org/view.php?id=CVE-2011-3102
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. Error de superación de límite (off-by-one) en libxml2, como el usado en Google Chrome anteriores a v19.0.1084.46, permite a atacantes remotos provocar una denegación de servicio (escritura fuera del límite) y posiblemente tener otros impactos no determinados a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=125462 http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html http://rhn.redhat.com/errata/RHSA-2013-0217.html http://secunia.c • CWE-189: Numeric Errors CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2011-3098
https://notcve.org/view.php?id=CVE-2011-3098
Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory. Google Chrome antes de v19.0.1084.46 en Windows utiliza una ruta de búsqueda incorrecta para el Windows Media Player plug-in, lo que podría permitir a usuarios locales conseguir privilegios a través de un caballo de Troya de plug-in en un directorio especificado. • http://code.google.com/p/chromium/issues/detail?id=124216 http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00009.html http://www.securityfocus.com/bid/53540 http://www.securitytracker.com/id?1027067 https://exchange.xforce.ibmcloud.com/vulnerabilities/75603 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-3083
https://notcve.org/view.php?id=CVE-2011-3083
browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page. browser/profiles/profile_impl_io_data.cc en Google Chrome anteriores a v19.0.1084.46 no gestionan de forma adecuada una URL de FTP mal escrita en el atributo SRC de un elemento vídeo, lo que permite a atacantes remotos a provocar una denegación de servicio (desreferencia a puntero Null y caída de la aplicación) a través de una página Web manipulada. • http://code.google.com/p/chromium/issues/detail?id=112983 http://code.google.com/p/chromium/issues/detail?id=127924 http://codereview.chromium.org/9372002 http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html http://security.gentoo.org/glsa/glsa-201205-03.xml http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/profiles/profile_impl_io_data.cc?r1=121378&r2=121377&pathrev=121378 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •