CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 1CVE-2011-3234
https://notcve.org/view.php?id=CVE-2011-3234
Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Google Chrome antes de v14.0.835.163 no maneja adecuadamente las cajas, lo que permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=89991 http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/75550 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com& • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2011-2827
https://notcve.org/view.php?id=CVE-2011-2827
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching. Vulnerabilidad de uso después de la liberación en Google Chrome v13.0.782.215, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario mediante vectores relacionados con la búsqueda de texto. • http://code.google.com/p/chromium/issues/detail?id=90668 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 https://oval • CWE-416: Use After Free •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2011-2823
https://notcve.org/view.php?id=CVE-2011-2823
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box. Vulnerabilidad de uso después de la liberación en Google Chrome v13.0.782.215, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario mediante vectores relacionados con los "line box" • http://code.google.com/p/chromium/issues/detail?id=82552 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 https://oval • CWE-416: Use After Free •
CVSS: 9.3EPSS: 13%CPEs: 4EXPL: 0CVE-2011-2825 – Webkit fontface Invalid Font Family Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2825
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts. Vulnerabilidad de uso después de la liberación en Google Chrome v13.0.782.215, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario mediante las fuentes personalizadas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing and utilization of font objects. When the code parses the @font-face CSS element it does not validate that the font-family is legitimate. • http://code.google.com/p/chromium/issues/detail?id=88670 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/48274 http://secunia.com/advisories/48288 http://secunia.com/advisories/48377 http://www.securitytracker.com& • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 200EXPL: 1CVE-2011-2379
https://notcve.org/view.php?id=CVE-2011-2379
Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Bugzilla 2.4 hasta la versión 2.22.7, 3.0.x hasta la 3.3.x, 3.4.x anteriores a 3.4.12, 3.5.x, 3.6.x anteriores a 3.6.6, 3.7.x, 4.0.x anteriores a 4.0.2 y 4.1.x anteriores a 4.1.3, si se utiliza Internet Explorer anterior a la versión 9 o Safari anterior a la 5.0.6 para el modo "Raw Unified", permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de una solución ("patch") modificada. Relacionado con captura de contenido ("sniffing"). • http://secunia.com/advisories/45501 http://www.bugzilla.org/security/3.4.11 http://www.debian.org/security/2011/dsa-2322 http://www.osvdb.org/74297 http://www.securityfocus.com/bid/49042 https://bugzilla.mozilla.org/show_bug.cgi?id=637981 https://exchange.xforce.ibmcloud.com/vulnerabilities/69033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •