CVSS: 9.3EPSS: 20%CPEs: 79EXPL: 0CVE-2011-0233 – Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0233
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit, como se usa en el navegaodor Safari de Apple antes de v5.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio ( corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit que figuran en APPLE-SA-2011-07-20-1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's implementation of a FrameOwner element. When building this tree, the application will create a duplicate reference of an element. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 6%CPEs: 79EXPL: 0CVE-2011-0218
https://notcve.org/view.php?id=CVE-2011-0218
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit, empleado en Safari anterior a v5.0.6, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria o caída de aplicación) a través de un sitio web manipulado. Vulnerabilidad distinta de APPLE-SA-2011-07-20-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 79EXPL: 0CVE-2011-0240
https://notcve.org/view.php?id=CVE-2011-0240
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit, empleado en Safari anterior a v5.0.6, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria o caída de aplicación) a través de un sitio web manipulado. Vulnerabilidad distinta de APPLE-SA-2011-07-20-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 54%CPEs: 79EXPL: 2CVE-2011-0222 – Apple Safari 5.0.6/5.1 - SVG DOM Processing (PoC)
https://notcve.org/view.php?id=CVE-2011-0222
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit, como se usa en el navegaodor Safari de Apple antes de v5.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio ( corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit que figuran en APPLE-SA-2011-07-20-1. • https://www.exploit-db.com/exploits/17567 https://www.exploit-db.com/exploits/17575 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://securityreason.com/securityalert/8313 http://securityreason.com/securityalert/8315 http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://suppo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 4%CPEs: 4EXPL: 0CVE-2011-2351
https://notcve.org/view.php?id=CVE-2011-2351
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements. Vulnerabilidad de uso después de liberación (use-after-free) en Google Chrome v12.0.742.112 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que implican el uso de elementos SVG. • http://code.google.com/p/chromium/issues/detail?id=85211 http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://secunia.com/advisories/45097 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support& • CWE-416: Use After Free •