CVSS: 4.3EPSS: 0%CPEs: 200EXPL: 1CVE-2011-2379
https://notcve.org/view.php?id=CVE-2011-2379
Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Bugzilla 2.4 hasta la versión 2.22.7, 3.0.x hasta la 3.3.x, 3.4.x anteriores a 3.4.12, 3.5.x, 3.6.x anteriores a 3.6.6, 3.7.x, 4.0.x anteriores a 4.0.2 y 4.1.x anteriores a 4.1.3, si se utiliza Internet Explorer anterior a la versión 9 o Safari anterior a la 5.0.6 para el modo "Raw Unified", permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de una solución ("patch") modificada. Relacionado con captura de contenido ("sniffing"). • http://secunia.com/advisories/45501 http://www.bugzilla.org/security/3.4.11 http://www.debian.org/security/2011/dsa-2322 http://www.osvdb.org/74297 http://www.securityfocus.com/bid/49042 https://bugzilla.mozilla.org/show_bug.cgi?id=637981 https://exchange.xforce.ibmcloud.com/vulnerabilities/69033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0CVE-2011-2819
https://notcve.org/view.php?id=CVE-2011-2819
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI. Google Chrome anterior a v13.0.782.107 permite a atacantes remotos evitar la política del mismo origen (Same Origin Policy)a través de vectores relacionado con el manejo de la URI. • http://code.google.com/p/chromium/issues/detail?id=90222 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/74258 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 https://exchange.xforce.ibmcloud.com/vulnerabilities/68969 https://oval.cisecurity.org/repository/search/definition •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0CVE-2011-2805
https://notcve.org/view.php?id=CVE-2011-2805
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors. Google Chrome anterior a v13.0.782.107 permite a atacantes remotos la Política de Mismo Origen (Same Origin Policy) y producir un ataque de inyección de secuencias de comandos, a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=89520 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/74257 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 https://exchange.xforce.ibmcloud.com/vulnerabilities/68967 https://oval.cisecurity.org/repository/search/definition • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.8EPSS: 2%CPEs: 6EXPL: 0CVE-2011-2359
https://notcve.org/view.php?id=CVE-2011-2359
Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Google Chrome antes de v13.0.782.107 no sigue correctamente cajas de línea durante la búsqueda, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que conducen a un "puntero viejo". • http://code.google.com/p/chromium/issues/detail?id=78841 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/74229 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 4%CPEs: 4EXPL: 0CVE-2011-2797
https://notcve.org/view.php?id=CVE-2011-2797
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching. Vulnerabilidad use-after-free en Google Chrome anterior a v13.0.782.107 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores relacionados con recursos de caché. • http://code.google.com/p/chromium/issues/detail?id=87729 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/74247 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb • CWE-416: Use After Free •