CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3056
https://notcve.org/view.php?id=CVE-2011-3056
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe." Google Chrome antes de v17.0.963.83 permite a atacantes remotos evitar la política de mismo origen a través de vectores relacionados con un "magic iframe". • http://code.google.com/p/chromium/issues/detail?id=117550 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html http://lists.apple.com/archives/security-announce/2012/May/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html http://osvdb.org/80294 http://osvdb.org/81794 http://secunia.com/advisories/47292 http://secunia.com/advisories/48512 http:// • CWE-346: Origin Validation Error •
CVSS: 6.8EPSS: 2%CPEs: 5EXPL: 0CVE-2011-3053
https://notcve.org/view.php?id=CVE-2011-3053
Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting. Una vulnerabilidad de uso después de liberación en Google Chrome antes de v17.0.963.83 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con la división de bloques. • http://code.google.com/p/chromium/issues/detail?id=116746 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html http://osvdb.org/80291 http://secunia.com/advisories/48512 http&# • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 1CVE-2011-3050
https://notcve.org/view.php?id=CVE-2011-3050
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. Una vulnerabilidad de uso después de liberación de vulnerabilidad en la implementación de las Hojas de Estilo en Cascada (CSS) en Google Chrome v17.0.963.83 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con el pseudo-elemento :first-letter . • http://code.google.com/p/chromium/issues/detail?id=113902 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html http://osvdb.org/80288 http://secunia.com/advisories/48512 http&# • CWE-416: Use After Free •
CVSS: 6.4EPSS: 1%CPEs: 97EXPL: 0CVE-2012-0584
https://notcve.org/view.php?id=CVE-2012-0584
The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs. El nombre de dominio ("Internationalized Domain Name" o IDN) en Apple Safari anteriores a 5.1.4 en Windows no restringe apropiadamente los caracteres en URLs, lo que facilita a atacantes remotos suplantar un nombre de dominio a través de símbolos sin especificar. • http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://osvdb.org/80088 http://secunia.com/advisories/48377 http://www.securitytracker.com/id?1026785 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 99EXPL: 0CVE-2012-0647
https://notcve.org/view.php?id=CVE-2012-0647
WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. WebKit de Apple Safari anteriores a 5.1.4 no maneja apropiadamente las redirecciones junto con autenticación HTTP, lo que permite a servidores web remotos capturar las credenciales a través de la cabecera "Authorization HTTP". • http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/48377 http://www.securitytracker.com/id?1026785 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •