| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complex
ity
|
Authen
tication
|
Confiden
tiality
|
Integrity
|
Availa
bility
|
|
1 |
CVE-2012-1846 |
264 |
|
Bypass |
2012-03-22 |
2012-04-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." |
|
2 |
CVE-2012-1845 |
399 |
|
Exec Code Bypass |
2012-03-22 |
2012-04-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." |
|
3 |
CVE-2012-1521 |
399 |
|
DoS |
2012-05-01 |
2012-05-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
4 |
CVE-2012-1418 |
|
|
|
2012-02-29 |
2012-04-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. |
|
5 |
CVE-2012-0773 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-03-28 |
2012-04-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
|
6 |
CVE-2012-0725 |
119 |
|
DoS Overflow Mem. Corr. |
2012-04-06 |
2012-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724. |
|
7 |
CVE-2012-0724 |
119 |
|
DoS Overflow Mem. Corr. |
2012-04-06 |
2012-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725. |
|
8 |
CVE-2012-0695 |
|
|
|
2012-01-12 |
2012-02-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. |
|
9 |
CVE-2011-5037 |
20 |
|
DoS |
2011-12-29 |
2011-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js. |
|
10 |
CVE-2011-4783 |
20 |
|
Exec Code |
2011-12-27 |
2011-12-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory. |
|
11 |
CVE-2011-4719 |
|
|
|
2011-12-09 |
2012-04-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. |
|
12 |
CVE-2011-4692 |
264 |
|
|
2011-12-07 |
2011-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. |
|
13 |
CVE-2011-4691 |
264 |
|
|
2011-12-07 |
2011-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. |
|
14 |
CVE-2011-4548 |
|
|
|
2011-11-23 |
2012-04-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. |
|
15 |
CVE-2011-4276 |
200 |
|
+Info |
2012-01-25 |
2012-01-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. |
|
16 |
CVE-2011-4213 |
264 |
|
Exec Code Bypass |
2011-10-30 |
2012-04-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. |
|
17 |
CVE-2011-4212 |
264 |
|
Exec Code Bypass |
2011-10-30 |
2011-10-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. |
|
18 |
CVE-2011-4211 |
264 |
|
Exec Code Bypass |
2011-10-30 |
2011-10-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. |
|
19 |
CVE-2011-3975 |
200 |
|
+Info |
2011-10-03 |
2011-10-20 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port. |
|
20 |
CVE-2011-3972 |
119 |
|
DoS Overflow |
2012-02-08 |
2012-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
21 |
CVE-2011-3971 |
399 |
|
DoS |
2012-02-08 |
2012-02-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. |
|
22 |
CVE-2011-3970 |
119 |
|
DoS Overflow |
2012-02-08 |
2012-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
23 |
CVE-2011-3969 |
399 |
|
DoS |
2012-02-08 |
2012-02-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. |
|
24 |
CVE-2011-3968 |
399 |
|
DoS |
2012-02-08 |
2012-02-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. |
|
25 |
CVE-2011-3967 |
|
|
DoS |
2012-02-08 |
2012-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate. |
|
26 |
CVE-2011-3966 |
399 |
|
DoS |
2012-02-08 |
2012-02-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data. |
|
27 |
CVE-2011-3965 |
20 |
|
DoS |
2012-02-08 |
2012-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
|
28 |
CVE-2011-3964 |
|
|
|
2012-02-08 |
2012-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors. |
|
29 |
CVE-2011-3963 |
119 |
|
DoS Overflow |
2012-02-08 |
2012-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
30 |
CVE-2011-3962 |
119 |
|
DoS Overflow |
2012-02-08 |
2012-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
31 |
CVE-2011-3961 |
362 |
|
Exec Code |
2012-02-08 |
2012-02-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process. |
|
32 |
CVE-2011-3960 |
119 |
|
DoS Overflow |
2012-02-08 |
2012-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
33 |
CVE-2011-3959 |
119 |
|
DoS Overflow |
2012-02-08 |
2012-02-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
34 |
CVE-2011-3958 |
|
|
DoS |
2012-02-08 |
2012-02-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. |
|
35 |
CVE-2011-3957 |
399 |
|
DoS |
2012-02-08 |
2012-02-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents. |
|
36 |
CVE-2011-3956 |
264 |
|
Bypass |
2012-02-08 |
2012-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. |
|
37 |
CVE-2011-3955 |
|
|
DoS |
2012-02-08 |
2012-02-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction. |
|
38 |
CVE-2011-3954 |
|
|
DoS |
2012-02-08 |
2012-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. |
|
39 |
CVE-2011-3953 |
|
|
|
2012-02-08 |
2012-02-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors. |
|
40 |
CVE-2011-3928 |
399 |
|
DoS |
2012-01-23 |
2012-03-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling. |
|
41 |
CVE-2011-3927 |
|
|
DoS |
2012-01-23 |
2012-02-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
42 |
CVE-2011-3926 |
119 |
|
DoS Overflow |
2012-01-23 |
2012-02-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
43 |
CVE-2011-3925 |
399 |
|
DoS Mem. Corr. |
2012-01-23 |
2012-02-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation entry and an interstitial page. |
|
44 |
CVE-2011-3924 |
399 |
|
DoS |
2012-01-23 |
2012-02-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections. |
|
45 |
CVE-2011-3922 |
119 |
|
DoS Overflow |
2012-01-07 |
2012-02-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling. |
|
46 |
CVE-2011-3921 |
399 |
|
DoS |
2012-01-07 |
2012-02-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving animation frames. |
|
47 |
CVE-2011-3919 |
119 |
|
DoS Overflow |
2012-01-07 |
2012-05-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
48 |
CVE-2011-3917 |
119 |
|
DoS Overflow |
2011-12-13 |
2011-12-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in FileWatcher in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
49 |
CVE-2011-3916 |
119 |
|
DoS Overflow |
2011-12-13 |
2011-12-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 16.0.912.63 does not properly handle PDF cross references, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
50 |
CVE-2011-3915 |
119 |
|
DoS Overflow |
2011-12-13 |
2011-12-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts. |
