CVSS: 7.6EPSS: 0%CPEs: 76EXPL: 0CVE-2011-0259
https://notcve.org/view.php?id=CVE-2011-0259
CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. CoreFoundation, tal como se usa en Apple iTunes en versiones anteriores a 10.5, no realiza apropiadamente el "string tokenization", lo que permite a atacantes "man-in-the-middle" ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores sin especificar. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16919 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0CVE-2011-2877
https://notcve.org/view.php?id=CVE-2011-2877
Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font." Google Chrome antes de v14.0.835.202 no controla correctamente el texto SVG, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que conducen a una fuente de letra bloqueada. • http://code.google.com/p/chromium/issues/detail?id=95072 http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/48274 http://secunia.com/advisories/48288 http://secunia.com/advisories/48377 http://www.securitytracker.com/id •
CVSS: 6.8EPSS: 2%CPEs: 4EXPL: 0CVE-2011-2855
https://notcve.org/view.php?id=CVE-2011-2855
Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." Google Chrome antes de la v14.0.835.163 no controla correctamente secuencias de señal Cascading Style Sheets (CSS), lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que conducen a un "stale node." • http://code.google.com/p/chromium/issues/detail?id=92959 http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://osvdb.org/75557 http://secunia.com/advisories/48274 http://secunia.com/advisories/48288 http://secunia.com/advisories/48377 htt • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.8EPSS: 7%CPEs: 4EXPL: 0CVE-2011-2854
https://notcve.org/view.php?id=CVE-2011-2854
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing." Vulnerabilidad de uso después de liberación en Google Chrome antes de v14.0.835.163 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con "el manejo del estilo ruby/table." • http://code.google.com/p/chromium/issues/detail?id=92651 http://code.google.com/p/chromium/issues/detail?id=94800 http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://osvdb.org/75556 http://secunia.com/advisories/48274 http://secunia • CWE-416: Use After Free •
CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 1CVE-2011-3234
https://notcve.org/view.php?id=CVE-2011-3234
Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Google Chrome antes de v14.0.835.163 no maneja adecuadamente las cajas, lo que permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=89991 http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/75550 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com& • CWE-125: Out-of-bounds Read •