CVE-2012-1846

HIGH Year: 2012
CVSS v2 Score
10.0
Critical
Weakness Type
CWE-668
View all →

Vulnerability Description

Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."

Related Vulnerabilities

CVE-2019-8779

CRITICAL
CVSS:10.0(Critical)

A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app...

CWE-6682019

CVE-2020-10271

CRITICAL
CVSS:10.0(Critical)

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad se...

CWE-6682020

CVE-2019-16541

CRITICAL
CVSS:9.9(Critical)

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.

CWE-6682019

CVE-2022-1467

CRITICAL
CVSS:9.9(Critical)

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA In...

CWE-6682022

CVE-2008-7291

CRITICAL
CVSS:9.8(Critical)

gri before 2.12.18 generates temporary files in an insecure way.

CWE-6682008

CVE-2017-18129

CRITICAL
CVSS:9.8(Critical)

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelera...

CWE-6682017