CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 1CVE-2011-3050
https://notcve.org/view.php?id=CVE-2011-3050
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. Una vulnerabilidad de uso después de liberación de vulnerabilidad en la implementación de las Hojas de Estilo en Cascada (CSS) en Google Chrome v17.0.963.83 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con el pseudo-elemento :first-letter . • http://code.google.com/p/chromium/issues/detail?id=113902 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html http://osvdb.org/80288 http://secunia.com/advisories/48512 http&# • CWE-416: Use After Free •
CVSS: 6.4EPSS: 1%CPEs: 97EXPL: 0CVE-2012-0584
https://notcve.org/view.php?id=CVE-2012-0584
The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs. El nombre de dominio ("Internationalized Domain Name" o IDN) en Apple Safari anteriores a 5.1.4 en Windows no restringe apropiadamente los caracteres en URLs, lo que facilita a atacantes remotos suplantar un nombre de dominio a través de símbolos sin especificar. • http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://osvdb.org/80088 http://secunia.com/advisories/48377 http://www.securitytracker.com/id?1026785 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 99EXPL: 0CVE-2012-0647
https://notcve.org/view.php?id=CVE-2012-0647
WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. WebKit de Apple Safari anteriores a 5.1.4 no maneja apropiadamente las redirecciones junto con autenticación HTTP, lo que permite a servidores web remotos capturar las credenciales a través de la cabecera "Authorization HTTP". • http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/48377 http://www.securitytracker.com/id?1026785 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 98EXPL: 0CVE-2012-0640
https://notcve.org/view.php?id=CVE-2012-0640
WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie. WebKit de Apple Safari anteriores a 5.1.4 no implementa apropiadamente el bloqueo de cookies "de terceras partes y anunciantes", lo que facilita a servidores web remotos realizar un segumiento del usuario a través de una cookie. • http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/48377 http://www.securitytracker.com/id?1026785 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2011-3046
https://notcve.org/view.php?id=CVE-2011-3046
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue. El subsistema de extensión en Google Chrome antes de v17.0.963.78 no gestiona adecuadamente el historial de navegación, lo que permite a atacantes remotos ejecutar código de su elección qaprovechandose de un problema "XSS universal(UXSS)". • http://code.google.com/p/chromium/issues/detail?id=117226 http://code.google.com/p/chromium/issues/detail?id=117230 http://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-update.html http://lists.apple.com/archives/security-announce/2012/May/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html http://secunia.com/advisories/47292 http://secunia.com/advisories/48321 http • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •