CVSS: 6.8EPSS: 2%CPEs: 4EXPL: 0CVE-2011-1204
https://notcve.org/view.php?id=CVE-2011-1204
Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document. Google Chrome anterior a v10.0.648.127 no controla correctamente los atributos, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción del árbol DOM) o tener un impacto no especificado a través de un documento hecho a mano. • http://code.google.com/p/chromium/issues/detail?id=74030 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://www.secu • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1CVE-2011-1190
https://notcve.org/view.php?id=CVE-2011-1190
The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." La implementación de Web Workers en Google Chrome anterior a v10.0.648.127 permite a atacantes remotos evitar la "política del mismo origen" (Same Origin Policy) a través de vectores no especificados, relacionados con un "error message leak". • http://code.google.com/p/chromium/issues/detail?id=70336 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4999 http://www.securityfocus.com/bid/46785 http://www.vupen.com/english/advisories/2011/0628 https://exchange.xforce.ibmcloud.com/vul • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 4%CPEs: 142EXPL: 0CVE-2011-1344 – WebKit WBR Tag Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1344
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. Vulnerabilidad sin especificar en WebKit. Tal como se utiliza en Apple Safari 5.0.4 en Mac OS X 10.6.6, permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, como ha demostrado Chaouki Bekrar durante el concurso Pwn2Own de la CanSecWest 2011. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the Webkit library handles WBR tags on a webpage. • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html http://secunia.com/advisories/44151 http://secunia.com/advisories/44154 http://support.apple.com/kb/HT4596 http://support.apple.com/kb/HT4607 http://twitter.com/aaronportnoy/statuses/45632544967901187&# • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2011-1109
https://notcve.org/view.php?id=CVE-2011-1109
Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Google Chrome anterior a v9.0.597.107 no procesa correctamente los nodos en las hojas de estilo en cascada (CSS), lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que llevan a un "stale pointer". • http://code.google.com/p/chromium/issues/detail?id=68263 http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://www&# • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2011-1114
https://notcve.org/view.php?id=CVE-2011-1114
Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." Google Chrome anterior a v9.0.597.107 no controla correctamente las tablas, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que dan lugar a un "stale node". • http://code.google.com/p/chromium/issues/detail?id=71114 http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://www&# •