Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value.
Max CVSS
4.4
EPSS Score
0.04%
Published
2012-08-26
Updated
2012-08-27
The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.
Max CVSS
1.2
EPSS Score
0.04%
Published
2012-08-26
Updated
2012-08-27
Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.
Max CVSS
6.8
EPSS Score
1.22%
Published
2012-08-29
Updated
2013-03-26
Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process.
Max CVSS
1.2
EPSS Score
0.04%
Published
2012-08-26
Updated
2012-08-27
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event.
Max CVSS
6.9
EPSS Score
0.04%
Published
2012-08-26
Updated
2012-08-27

CVE-2012-3485

Public exploit
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.
Max CVSS
7.2
EPSS Score
0.23%
Published
2012-08-26
Updated
2013-12-13
Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share.
Max CVSS
7.2
EPSS Score
0.04%
Published
2012-08-26
Updated
2012-08-27
Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.
Max CVSS
6.2
EPSS Score
0.05%
Published
2012-08-26
Updated
2012-08-27
Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-08-31
Updated
2018-10-30
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
Max CVSS
6.8
EPSS Score
1.55%
Published
2012-08-31
Updated
2017-08-29
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
Max CVSS
4.3
EPSS Score
2.29%
Published
2012-08-31
Updated
2014-01-28
Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer."
Max CVSS
7.5
EPSS Score
0.92%
Published
2012-08-31
Updated
2018-10-30
Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object.
Max CVSS
6.8
EPSS Score
0.96%
Published
2012-08-31
Updated
2018-10-30
The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
Max CVSS
5.0
EPSS Score
1.10%
Published
2012-08-31
Updated
2018-10-30
Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
Max CVSS
7.5
EPSS Score
0.96%
Published
2012-08-31
Updated
2018-10-30
Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
Max CVSS
4.3
EPSS Score
1.02%
Published
2012-08-31
Updated
2018-10-30
Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."
Max CVSS
10.0
EPSS Score
5.37%
Published
2012-08-22
Updated
2014-02-12
The PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.
Max CVSS
7.5
EPSS Score
0.40%
Published
2012-08-09
Updated
2017-09-19
Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
Max CVSS
6.8
EPSS Score
0.74%
Published
2012-08-09
Updated
2017-09-19
The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.
Max CVSS
6.8
EPSS Score
0.35%
Published
2012-08-06
Updated
2017-09-19
Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.16%
Published
2012-08-06
Updated
2012-08-07
Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image.
Max CVSS
6.8
EPSS Score
0.41%
Published
2012-08-06
Updated
2017-09-19
Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
Max CVSS
6.8
EPSS Score
1.55%
Published
2012-08-06
Updated
2017-09-19
The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.
Max CVSS
7.5
EPSS Score
0.40%
Published
2012-08-06
Updated
2017-09-19
Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
Max CVSS
6.8
EPSS Score
0.27%
Published
2012-08-06
Updated
2017-09-19
34 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!