CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4851 CVE-2011-3099 399 DoS 2012-05-16 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding.
4852 CVE-2011-3098 264 +Priv 2012-05-16 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory.
4853 CVE-2011-3097 20 DoS 2012-05-16 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions.
4854 CVE-2011-3096 399 DoS 2012-05-16 2017-12-29
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an error in the GTK implementation of the omnibox.
4855 CVE-2011-3095 20 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
4856 CVE-2011-3094 20 DoS 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
4857 CVE-2011-3093 20 DoS 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
4858 CVE-2011-3092 20 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.
4859 CVE-2011-3091 399 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
4860 CVE-2011-3090 362 DoS 2012-05-16 2017-12-29
7.6
None Remote High Not required Complete Complete Complete
Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes.
4861 CVE-2011-3089 399 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.
4862 CVE-2011-3088 119 DoS Overflow 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
4863 CVE-2011-3087 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors.
4864 CVE-2011-3086 399 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.
4865 CVE-2011-3085 119 DoS Overflow 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values.
4866 CVE-2011-3084 264 Bypass 2012-05-16 2017-12-29
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page.
4867 CVE-2011-3083 119 DoS Overflow 2012-05-16 2017-12-29
5.0
None Remote Low Not required None None Partial
browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page.
4868 CVE-2011-3081 416 DoS 2012-05-01 2020-04-13
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.
4869 CVE-2011-3080 362 Bypass 2012-05-01 2020-04-14
7.6
None Remote High Not required Complete Complete Complete
Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors.
4870 CVE-2011-3079 399 2012-05-01 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.
4871 CVE-2011-3078 416 DoS 2012-05-01 2020-04-13
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.
4872 CVE-2011-3077 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the script bindings, related to a "read-after-free" issue.
4873 CVE-2011-3076 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.
4874 CVE-2011-3075 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.
4875 CVE-2011-3074 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.
4876 CVE-2011-3073 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.
4877 CVE-2011-3072 346 Bypass 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.
4878 CVE-2011-3071 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
4879 CVE-2011-3070 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.
4880 CVE-2011-3069 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.
4881 CVE-2011-3068 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.
4882 CVE-2011-3067 346 Bypass 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
4883 CVE-2011-3066 125 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
4884 CVE-2011-3065 190 DoS Mem. Corr. 2012-03-30 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
4885 CVE-2011-3064 416 DoS 2012-03-30 2020-04-14
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.
4886 CVE-2011-3063 20 2012-03-30 2020-04-14
4.3
None Remote Medium Not required None Partial None
Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.
4887 CVE-2011-3062 682 DoS 2012-03-30 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
4888 CVE-2011-3061 295 +Info 2012-03-30 2020-04-14
5.8
None Remote Medium Not required Partial Partial None
Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.
4889 CVE-2011-3060 125 DoS 2012-03-30 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
4890 CVE-2011-3059 125 DoS 2012-03-30 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
4891 CVE-2011-3058 79 XSS 2012-03-30 2020-04-14
4.3
None Remote Medium Not required None Partial None
Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
4892 CVE-2011-3057 125 DoS 2012-03-22 2020-04-14
4.3
None Remote Medium Not required None None Partial
Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation.
4893 CVE-2011-3056 346 Bypass 2012-03-22 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
4894 CVE-2011-3055 306 2012-03-22 2020-04-14
4.3
None Remote Medium Not required None Partial None
The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension.
4895 CVE-2011-3054 269 Bypass 2012-03-22 2020-04-14
4.3
None Remote Medium Not required None Partial None
The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
4896 CVE-2011-3053 416 DoS 2012-03-22 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.
4897 CVE-2011-3052 119 DoS Overflow Mem. Corr. 2012-03-22 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
4898 CVE-2011-3051 416 DoS 2012-03-22 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the cross-fade function.
4899 CVE-2011-3050 416 DoS 2012-03-22 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.
4900 CVE-2011-3049 DoS 2012-03-23 2020-04-16
5.0
None Remote Low Not required None None Partial
Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension.
Total number of vulnerabilities : 5297   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 (This Page)99 100 101 102 103 104 105 106
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.