CVSS: 4.3EPSS: 0%CPEs: 96EXPL: 0CVE-2011-0161
https://notcve.org/view.php?id=CVE-2011-0161
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. WebKit, como se usa en Apple Safari anterior a v5.0.4 e iOS antes de v4.3, no maneja adecuada mente el acceso a Attr.style, lo que permite a atacantes remotos evitar la Same Origin Policy e inyectar secuencias de hojas de estilo en cascada (CSS) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 http://www.securityfocus.com/bid/46814 http://www.securitytracker.com/id?1025182 https://exchange.xforce.ibmcloud.com/vulnerabilities/66000 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2011-1188
https://notcve.org/view.php?id=CVE-2011-1188
Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Google Chrome anterior a v10.0.648.127, no maneja correctamente los nodos de contadores, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=69628 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://www.secu •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2011-1203
https://notcve.org/view.php?id=CVE-2011-1203
Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Google Chrome anterior a v10.0.648.127 no maneja correctamente cursores SVG, lo que permite a atacantes remotos provocar una denegación de servicio o tener un impacto no especificado a través de vectores desconocidos que dan lugar a un "stale pointer". • http://code.google.com/p/chromium/issues/detail?id=73746 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://www.secu •
CVSS: 6.8EPSS: 2%CPEs: 4EXPL: 0CVE-2011-1204
https://notcve.org/view.php?id=CVE-2011-1204
Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document. Google Chrome anterior a v10.0.648.127 no controla correctamente los atributos, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción del árbol DOM) o tener un impacto no especificado a través de un documento hecho a mano. • http://code.google.com/p/chromium/issues/detail?id=74030 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://www.secu • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1CVE-2011-1190
https://notcve.org/view.php?id=CVE-2011-1190
The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." La implementación de Web Workers en Google Chrome anterior a v10.0.648.127 permite a atacantes remotos evitar la "política del mismo origen" (Same Origin Policy) a través de vectores no especificados, relacionados con un "error message leak". • http://code.google.com/p/chromium/issues/detail?id=70336 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4999 http://www.securityfocus.com/bid/46785 http://www.vupen.com/english/advisories/2011/0628 https://exchange.xforce.ibmcloud.com/vul • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •