CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2011-1295
https://notcve.org/view.php?id=CVE-2011-1295
25 Mar 2011 — WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors. WebKit, tal y como es usado en Google Chrome anterior a versión 10.0.648.204 y Apple Safari anterior a la versión 5.0.6, no maneja apropiadamente el parentesco entre nodos, lo que permite a los atac... • http://code.google.com/p/chromium/issues/detail?id=74991 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 96EXPL: 0CVE-2011-0161
https://notcve.org/view.php?id=CVE-2011-0161
11 Mar 2011 — WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. WebKit, como se usa en Apple Safari anterior a v5.0.4 e iOS antes de v4.3, no maneja adecuada mente el acceso a Attr.style, lo que permite a atacantes remotos evitar la Same Origin Policy e inyectar secuencias de hojas de estilo en cascada (CSS) a través... • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 65EXPL: 0CVE-2011-0166
https://notcve.org/view.php?id=CVE-2011-0166
11 Mar 2011 — The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778. La funcionalidad arrastrar y soltar de HTML5 de WebKit en Apple Safari anterior a v5.0.4, permite a atacantes remotos asistidos por el usuario evitar la Same Origin Policy y obtener información sensible a través de vectores relacionados con el... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 65EXPL: 1CVE-2011-0167 – WebKit 1.2.x - Local Webpage Cross Domain Information Disclosure
https://notcve.org/view.php?id=CVE-2011-0167
11 Mar 2011 — The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. La funcionalidad de ventanas en WebKit de Apple Safari anterior a v5.0.4, permite a atacantes remotos evitar la Same Origin Policy, y forzar la carga de ficheros locales desde un equipo cliente, a través de un sitio web manipulado. • https://www.exploit-db.com/exploits/35434 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 65EXPL: 0CVE-2011-0169
https://notcve.org/view.php?id=CVE-2011-0169
11 Mar 2011 — WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. WebKit en Apple Safari antes de v5.0.4, cuando el Inspector Web se utiliza, no controla correctamente la propiedad window.console._inspectorCommandLineAPI, que permite a atacantes remotos asistidos por el usuario elu... • http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 96EXPL: 0CVE-2011-0163
https://notcve.org/view.php?id=CVE-2011-0163
11 Mar 2011 — WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. WebKit, tal como se utiliza en Apple Safari v5.0.4 e iOS antes de v4.3, no controla correctamente "los recursos almacenados en caché" sin especificar, lo que permite a atacantes remotos provocar una denegación de servicio (falta de disponibil... • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 96EXPL: 0CVE-2011-0160
https://notcve.org/view.php?id=CVE-2011-0160
11 Mar 2011 — WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. WebKit, tal como se utiliza en Apple Safari antes de v5.0.4 e iOS antes de v4.3, no controla correctamente las redirecciones en conjunto con la autenticación básica HTTP, lo que podría permitir a los servidores Web remotos capturar las credenciales de registro de... • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 1CVE-2011-1190
https://notcve.org/view.php?id=CVE-2011-1190
11 Mar 2011 — The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." La implementación de Web Workers en Google Chrome anterior a v10.0.648.127 permite a atacantes remotos evitar la "política del mismo origen" (Same Origin Policy) a través de vectores no especificados, relacionados con un "error message leak". • http://code.google.com/p/chromium/issues/detail?id=70336 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2011-1203
https://notcve.org/view.php?id=CVE-2011-1203
11 Mar 2011 — Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Google Chrome anterior a v10.0.648.127 no maneja correctamente cursores SVG, lo que permite a atacantes remotos provocar una denegación de servicio o tener un impacto no especificado a través de vectores desconocidos que dan lugar a un "stale pointer". • http://code.google.com/p/chromium/issues/detail?id=73746 •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1CVE-2011-1188
https://notcve.org/view.php?id=CVE-2011-1188
11 Mar 2011 — Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Google Chrome anterior a v10.0.648.127, no maneja correctamente los nodos de contadores, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=69628 •