CVSS: 6.8EPSS: 1%CPEs: 179EXPL: 0CVE-2012-3979
https://notcve.org/view.php?id=CVE-2012-3979
Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function. Mozilla Firefox anterior a v15.0 en Android no implementa correctamente los (callers) de la función __android_log_print, lo que permite a atacantes remotos ejecutar código arbitrario a través de una página web diseñada que llama a la función de volcado JavaScript. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://www.mozilla.org/security/announce/2012/mfsa2012-71.html http://www.securityfocus.com/bid/55344 https://bugzilla.mozilla.org/show_bug.cgi?id=769265 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2012-1405
https://notcve.org/view.php?id=CVE-2012-1405
Unspecified vulnerability in the GO Note Widget (com.gau.go.launcherex.gowidget.notewidget) application 1.5 and 1.9 for Android has unknown impact and attack vectors. Vulnerabilidad no especificada en la aplicación GO Note Widget (com.gau.go.launcherex.gowidget.notewidget) v1.5 y v1.9 para Android tiene un impacto y vectores de ataque desconocidos. • http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1405-vulnerability-in-GONoteWidget.html •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3881
https://notcve.org/view.php?id=CVE-2011-3881
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=96047 http://code.google.com/p/chromium/issues/detail?id=96885 http://code.google.com/p/chromium/issues/detail?id=98053 http://code.google.com/p/chromium/issues/detail?id=99512 http://code.google.com/p/chromium/issues/detail? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 26%CPEs: 124EXPL: 0CVE-2011-2424 – flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)
https://notcve.org/view.php?id=CVE-2011-2424
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures." Adobe Flash Player anterior a v10.3.183.5 en Windows, Mac OS X, Linux y Solaris, y anterior a v10.3.186.3 en Android, y Adobe AIR anterior a v2.7.1 en Windows y Mac OS X y anterior a v2.7.1.1961 en Android, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo SWF espacialmente manipulado, como lo demuestran los "cerca de 400 firmas de caída". • http://blogs.adobe.com/asset/2011/08/how-did-you-get-to-that-number.html http://googleonlinesecurity.blogspot.com/2011/08/fuzzing-at-scale.html http://twitter.com/taviso/statuses/101046246277521409 http://twitter.com/taviso/statuses/101046396790128640 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.us-cert.gov/cas/techalerts/TA11-222A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 123EXPL: 0CVE-2011-2136 – flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)
https://notcve.org/view.php?id=CVE-2011-2136
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416. Desbordamiento de entero en Adobe Flash Player en versiones anteriores a la 10.3.183.5 para Windows, Mac OS X, Linux y Solaris y anteriores a 10.3.186.3 en Android, y Adobe AIR anteriores 2.7.1 en Windows y Mac OS X y anteriores a 2.7.1.1961 en Android, permite a atacantes ejecutar código arbitrario a través de vectores sin especificar, una vulnerabilidad distinta a la CVE-2011-2138 y CVE-2011-2416. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.us-cert.gov/cas/techalerts/TA11-222A.html https://oval.cisecurity.org/repository/search/definition/oval • CWE-189: Numeric Errors •