CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2011-1107
https://notcve.org/view.php?id=CVE-2011-1107
01 Mar 2011 — Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors. Vulnerabilidad no especificada en Google Chrome anterior a v9.0.597.107 permite a atacantes remotos falsificar la barra de direcciones a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=54262 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2011-0981
https://notcve.org/view.php?id=CVE-2011-0981
10 Feb 2011 — Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Google Chrome anterior a v9.0.597.94 no realiza adecuadamente el manejo de los eventos de animación, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos que llevan a un "puntero invál... • http://code.google.com/p/chromium/issues/detail?id=67234 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2011-0983
https://notcve.org/view.php?id=CVE-2011-0983
10 Feb 2011 — Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Google Chrome anterior a v9.0.597.94 no gestiona correctamente los bloques anónimos, permitiendo a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que dan lugar a un "stale pointer" • http://code.google.com/p/chromium/issues/detail?id=69556 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 20EXPL: 1CVE-2010-4494 – libxml2: double-free in XPath processing code
https://notcve.org/view.php?id=CVE-2010-4494
07 Dec 2010 — Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. Vulnerabilidad de liberación doble en libxml2 2.7.8 y otras versiones, tal como se utiliza en Google Chrome en versiones anteriores a 8.0.552.215 y otros productos, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener o... • http://code.google.com/p/chromium/issues/detail?id=63444 • CWE-415: Double Free •
CVSS: 9.8EPSS: 3%CPEs: 126EXPL: 0CVE-2010-3805
https://notcve.org/view.php?id=CVE-2010-3805
20 Nov 2010 — Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. Un desbordamiento de enteros en el WebKit de Apple Safari v5.0.3 antes en Mac OS X v10.5 a v10.6 y Windows, y antes de v4.1.3 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o ... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 6%CPEs: 126EXPL: 0CVE-2010-3824
https://notcve.org/view.php?id=CVE-2010-3824
20 Nov 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements. Vulnerabilidad de uso después de la liberación en WebKit en Apple Safari anteriores a v5.0.3 en Mac OS X 10.5 hasta v10.6 y Windows, y anteriores a v4.1.3 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su ele... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 1%CPEs: 126EXPL: 0CVE-2010-3820
https://notcve.org/view.php?id=CVE-2010-3820
20 Nov 2010 — WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit de Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, accede a memoria sin iniciar durante el proceso de editar elementos, esto perm... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 1%CPEs: 126EXPL: 0CVE-2010-3822
https://notcve.org/view.php?id=CVE-2010-3822
20 Nov 2010 — WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, accede a un puntero sin inicializar durante el p... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 126EXPL: 0CVE-2010-3813 – webkit: HTMLLinkElement ignores dnsPrefetchingEnabled setting
https://notcve.org/view.php?id=CVE-2010-3813
20 Nov 2010 — The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To ... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 126EXPL: 0CVE-2010-3819
https://notcve.org/view.php?id=CVE-2010-3819
20 Nov 2010 — WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, no realiza adecuadamente una co... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •