CVSS: 7.6EPSS: 0%CPEs: 59EXPL: 0CVE-2011-3237
https://notcve.org/view.php?id=CVE-2011-3237
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, como el se usa en iTunes de Apple anterior a v10.5, permite atacantes man-in-the-miidle ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de vectores relacionados con la navegación en iTunes Store, una vulnerabilidad diferente a otros CVEs que figuran en APPLE-SA-2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76351 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50066 https://exchange.xforce.ibmcloud.com/vulnerabilities/70514 https://oval.cisecurity.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 0%CPEs: 59EXPL: 0CVE-2011-3239
https://notcve.org/view.php?id=CVE-2011-3239
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, como el usado en iTunes de Apple anterior a v10.5, permite que a atacantes man-in-the-middle ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de vectores relacionados con la navegación en iTunes Store, una vulnerabilidad diferente a otros CVEs que figuran en APPLE-SA-2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76386 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50066 https://exchange.xforce.ibmcloud.com/vulnerabilities/70516 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17483 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 0%CPEs: 76EXPL: 0CVE-2011-0259
https://notcve.org/view.php?id=CVE-2011-0259
CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. CoreFoundation, tal como se usa en Apple iTunes en versiones anteriores a 10.5, no realiza apropiadamente el "string tokenization", lo que permite a atacantes "man-in-the-middle" ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores sin especificar. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16919 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0CVE-2011-2877
https://notcve.org/view.php?id=CVE-2011-2877
Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font." Google Chrome antes de v14.0.835.202 no controla correctamente el texto SVG, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que conducen a una fuente de letra bloqueada. • http://code.google.com/p/chromium/issues/detail?id=95072 http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/48274 http://secunia.com/advisories/48288 http://secunia.com/advisories/48377 http://www.securitytracker.com/id •
CVSS: 6.8EPSS: 8%CPEs: 4EXPL: 0CVE-2011-2854
https://notcve.org/view.php?id=CVE-2011-2854
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing." Vulnerabilidad de uso después de liberación en Google Chrome antes de v14.0.835.163 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con "el manejo del estilo ruby/table." • http://code.google.com/p/chromium/issues/detail?id=92651 http://code.google.com/p/chromium/issues/detail?id=94800 http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://osvdb.org/75556 http://secunia.com/advisories/48274 http://secunia • CWE-416: Use After Free •