CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3881
https://notcve.org/view.php?id=CVE-2011-3881
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=96047 http://code.google.com/p/chromium/issues/detail?id=96885 http://code.google.com/p/chromium/issues/detail?id=98053 http://code.google.com/p/chromium/issues/detail?id=99512 http://code.google.com/p/chromium/issues/detail? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 26%CPEs: 124EXPL: 0CVE-2011-2424 – flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)
https://notcve.org/view.php?id=CVE-2011-2424
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures." Adobe Flash Player anterior a v10.3.183.5 en Windows, Mac OS X, Linux y Solaris, y anterior a v10.3.186.3 en Android, y Adobe AIR anterior a v2.7.1 en Windows y Mac OS X y anterior a v2.7.1.1961 en Android, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo SWF espacialmente manipulado, como lo demuestran los "cerca de 400 firmas de caída". • http://blogs.adobe.com/asset/2011/08/how-did-you-get-to-that-number.html http://googleonlinesecurity.blogspot.com/2011/08/fuzzing-at-scale.html http://twitter.com/taviso/statuses/101046246277521409 http://twitter.com/taviso/statuses/101046396790128640 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.us-cert.gov/cas/techalerts/TA11-222A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 123EXPL: 0CVE-2011-2425 – flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)
https://notcve.org/view.php?id=CVE-2011-2425
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417. Adobe Flash Player en versiones anteriores a la 10.3.183.5 para Windows, Mac OS X, Linux y Solaris y anteriores a 10.3.186.3 en Android, y Adobe AIR anteriores 2.7.1 en Windows y Mac OS X y anteriores a 2.7.1.1961 en Android, permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de vectores sin especificar, una vulnerabilidad distinta a la CVE-2011-2135, CVE-2011-2140 y CVE-2011-2417. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.securityfocus.com/bid/49085 http://www.us-cert.gov/cas/techalerts/TA11-222A.html https://oval&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 123EXPL: 0CVE-2011-2139 – flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)
https://notcve.org/view.php?id=CVE-2011-2139
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. El programa Adobe Flash Player anterior a la versión 10.3.183.5 en Windows, Mac OS X, Linux y Solaris y anterior a 10.3.186.3 en Android, y Adobe AIR anterior a la versión 2.7.1 en Windows y Mac OS X y anterior a la versión 2.7.1.1961 en Android, permite a los atacantes remotos omitir la misma política de origen para así obtener información confidencial por medio de vectores no específicos. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.us-cert.gov/cas/techalerts/TA11-222A.html https://oval.cisecurity.org/repository/search/definition/oval • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 123EXPL: 0CVE-2011-2135 – flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)
https://notcve.org/view.php?id=CVE-2011-2135
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425. Adobe Flash Player anterior a v10.3.183.5 en Windows, Mac OS X, Linux, y Solaris y anterior a v10.3.186.3 en Android, y Adobe AIR anterior a v2.7.1 en Windows y Mac OS X y anterior a v2.7.1.1961 en Android, permite a atacantes ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente que CVE-2011-2140, CVE-2011-2417, y CVE-2011-2425 • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.us-cert.gov/cas/techalerts/TA11-222A.html https://oval.cisecurity.org/repository/search/definition/oval • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •