CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0CVE-2012-3515 – qemu: VT100 emulation vulnerability
https://notcve.org/view.php?id=CVE-2012-3515
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." Qemu, tal como se utiliza en Xen v4.0, v4.1 y posiblemente otros productos, al emular ciertos dispositivos con una consola virtual, permite a los usuarios locales del SO invitado obtener privilegios a través de una secuencia VT100 de escape manipulada que desencadena la sobrescritura del espacio de direcciones de un "device model's address space." • http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.ht • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 54EXPL: 0CVE-2012-2865
https://notcve.org/view.php?id=CVE-2012-2865
Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. Google Chrome anterior a v21.0.1180.89 no realiza correctamente los saltos de línea, permitiendo a atacantes remotos provocar una denegación de servicio (fuera de límites leer) a través de un documento elaborado. • http://code.google.com/p/chromium/issues/detail?id=121347 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html http://osvdb.org/85030 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14866 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2012-2869
https://notcve.org/view.php?id=CVE-2012-2869
Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer." Google Chrome anterior a v21.0.1180.89 no carga correctamente las direcciones URL, permitiendo a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores que provocan un "colchón viejo." • http://code.google.com/p/chromium/issues/detail?id=137778 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html http://osvdb.org/85034 https://exchange.xforce.ibmcloud.com/vulnerabilities/78178 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15710 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 54EXPL: 0CVE-2012-2866
https://notcve.org/view.php?id=CVE-2012-2866
Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. Google Chrome anterior a v21.0.1180.89 no realiza debidamente una conversión de una variable no especificada durante la manipulación de ejecución en los elementos, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto desconocido a través de un documento elaborado. • http://code.google.com/p/chromium/issues/detail?id=134897 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html http://osvdb.org/85031 https://exchange.xforce.ibmcloud.com/vulnerabilities/78175 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15609 •
CVSS: 6.8EPSS: 1%CPEs: 54EXPL: 0CVE-2012-2868
https://notcve.org/view.php?id=CVE-2012-2868
Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object. Condición de carrera en Google Chrome antes de v21.0.1180.89 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con una interacción inadecuada entre los procesos de trabajo y un objeto XMLHttpRequest (o XHR). • http://code.google.com/p/chromium/issues/detail?id=136881 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html http://osvdb.org/85033 https://exchange.xforce.ibmcloud.com/vulnerabilities/78177 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15842 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •