Page 200 of 1351 results (0.014 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2011-3881

https://notcve.org/view.php?id=CVE-2011-3881

WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=96047 http://code.google.com/p/chromium/issues/detail?id=96885 http://code.google.com/p/chromium/issues/detail?id=98053 http://code.google.com/p/chromium/issues/detail?id=99512 http://code.google.com/p/chromium/issues/detail? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2011-3887

https://notcve.org/view.php?id=CVE-2011-3887

Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. Google Chrome en versiones anteriores a la 15.0.874.102 no maneja apropiadamente javascript: URLs, lo que permite a atacantes remotos evitar las restricciones previstas de acceso y leer cookies a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=98407 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/48288 http://secunia.com/advisories/48377 http://www.securitytracker.com/id?1026774 https://exchange.xforce.ibmcloud.com/vulnerabilities/70965 https://oval.cisecurity.org/repository/search/d • CWE-565: Reliance on Cookies without Validation and Integrity Checking •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2011-2845

https://notcve.org/view.php?id=CVE-2011-2845

Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. Google Chrome antes de v15.0.874.102 no maneja adecuadamente los datos del historial, lo que permite a atacantes remotos asistidos por el usuario falsificar la barra de URL a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=86758 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5400 http://support.apple.com/kb/HT5503 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13044 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 7%CPEs: 4EXPL: 0

CVE-2011-3888

https://notcve.org/view.php?id=CVE-2011-3888

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in. Vulnerabilidad de tipo "usar después de liberar" (use-after-free) en Google Chrome en versiones anteriores a la 15.0.874.102. Permite a atacantes remotos asistidos por el usuario provocar una denegación de servicio o posiblemente tener otro impacto sin especificar a través de vectores relacionados con operaciones de edicion junto con complementos ("plug-ins") desconocidos. • http://code.google.com/p/chromium/issues/detail?id=99138 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/48274 http://secunia.com/advisories/48288 http://secunia.com/advisories/48377 http://www.securitytracker.com/id • CWE-416: Use After Free •

CVSS: 7.5EPSS: 11%CPEs: 4EXPL: 0

CVE-2011-3885

https://notcve.org/view.php?id=CVE-2011-3885

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data. Vulnerabilidad de tipo "usar después de liberar" ("use-after-free") en Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos provocar una denegación de servicio o posiblemente realizar otras acciones sin especificar a través de vectores relacionados con los datos token-sequence de las hojas de estilo (CSS). • http://code.google.com/p/chromium/issues/detail?id=100059 http://code.google.com/p/chromium/issues/detail?id=97599 http://code.google.com/p/chromium/issues/detail?id=98064 http://code.google.com/p/chromium/issues/detail?id=98556 http://code.google.com/p/chromium/issues/detail? • CWE-416: Use After Free •