CVSS: 7.5EPSS: 11%CPEs: 4EXPL: 0CVE-2011-3885
https://notcve.org/view.php?id=CVE-2011-3885
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data. Vulnerabilidad de tipo "usar después de liberar" ("use-after-free") en Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos provocar una denegación de servicio o posiblemente realizar otras acciones sin especificar a través de vectores relacionados con los datos token-sequence de las hojas de estilo (CSS). • http://code.google.com/p/chromium/issues/detail?id=100059 http://code.google.com/p/chromium/issues/detail?id=97599 http://code.google.com/p/chromium/issues/detail?id=98064 http://code.google.com/p/chromium/issues/detail?id=98556 http://code.google.com/p/chromium/issues/detail? • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 99EXPL: 0CVE-2011-3242
https://notcve.org/view.php?id=CVE-2011-3242
The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. La característica de navegación privada en Apple Safari antes de v5.1.1 en Mac OS X no reconoce adecuadamente el valor "Always" de la caracteristica "Block Cookies", lo que hace más sencillo para servidores remotos localizar a usuarios a través de una cookie. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76391 http://support.apple.com/kb/HT5000 https://exchange.xforce.ibmcloud.com/vulnerabilities/70569 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 97EXPL: 0CVE-2011-3229 – Apple Safari Directory Traversal
https://notcve.org/view.php?id=CVE-2011-3229
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. Vulnerabilidad de salto de directorio en Apple Safari antes de v5.1.1 permite a atacantes remotos ejecutar código JavaScript de su elección en un contexto de extensiones de Safari a través de una extensión safari manipulada: URL. Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76388 http://support.apple.com/kb/HT5000 https://exchange.xforce.ibmcloud.com/vulnerabilities/70566 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 99EXPL: 0CVE-2011-3231
https://notcve.org/view.php?id=CVE-2011-3231
The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. La implementación SSL en Apple Safari anterior a v5.1.1 en MAC OS X anterior a v10.7 accede a memoria no inicializada durante el procesamiento de certificados X.509, permitiendo a servidores web remotos ejecutar código arbitrario mediante una certificado manipulado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76390 http://support.apple.com/kb/HT5000 https://exchange.xforce.ibmcloud.com/vulnerabilities/70568 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 93%CPEs: 99EXPL: 1CVE-2011-3230 – Apple Safari - 'file://' Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2011-3230
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. Apple Safari anterior a v5.1.1 en Mac OS X no aplica una política destinada a archivo: URLs, que permiten a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado. Apple Safari versions prior to 5.1.1 fail to enforce an intended policy for file:// URLs and in turn allows for remote attackers to execute code. • https://www.exploit-db.com/exploits/17986 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76389 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50162 https://exchange.xforce.ibmcloud.com/vulnerabilities/70567 • CWE-264: Permissions, Privileges, and Access Controls •