CVSS: 5.0EPSS: 0%CPEs: 96EXPL: 0CVE-2011-0160
https://notcve.org/view.php?id=CVE-2011-0160
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. WebKit, tal como se utiliza en Apple Safari antes de v5.0.4 e iOS antes de v4.3, no controla correctamente las redirecciones en conjunto con la autenticación básica HTTP, lo que podría permitir a los servidores Web remotos capturar las credenciales de registro de la cabecera HTTP de autorización. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 http://www.securitytracker.com/id?1025182 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 31EXPL: 0CVE-2011-0157
https://notcve.org/view.php?id=CVE-2011-0157
WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1. WebKit, tal como se utiliza en Apple iOS antes de 4.3, permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente de CVE otra lista de APPLE-SA-2011-03-09-1. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://support.apple.com/kb/HT4564 http://www.securityfocus.com/bid/46807 https://exchange.xforce.ibmcloud.com/vulnerabilities/66007 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 96EXPL: 0CVE-2011-0161
https://notcve.org/view.php?id=CVE-2011-0161
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. WebKit, como se usa en Apple Safari anterior a v5.0.4 e iOS antes de v4.3, no maneja adecuada mente el acceso a Attr.style, lo que permite a atacantes remotos evitar la Same Origin Policy e inyectar secuencias de hojas de estilo en cascada (CSS) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 http://www.securityfocus.com/bid/46814 http://www.securitytracker.com/id?1025182 https://exchange.xforce.ibmcloud.com/vulnerabilities/66000 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 2%CPEs: 30EXPL: 0CVE-2011-0158
https://notcve.org/view.php?id=CVE-2011-0158
MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code. MobileSafari en Apple iOS antes de v4.3 no implementa adecuadamente la aplicación de lanzamiento a través de controladores de URL, lo que permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación persistente) a través de código JavaScript malicioso. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://support.apple.com/kb/HT4564 http://www.securityfocus.com/bid/46806 http://www.securitytracker.com/id?1025182 https://exchange.xforce.ibmcloud.com/vulnerabilities/66002 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 3%CPEs: 38EXPL: 0CVE-2011-0162
https://notcve.org/view.php?id=CVE-2011-0162
Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network. Wi-Fi de Apple iOS antes de v4.3 y Apple TV antes de v4.2 no lleva a cabo todas comprobación de límites para los marcos de Wi-Fi, lo que permite a atacantes remotos provocar una denegación de servicio (reinicio del dispositivo) a través de tráfico sin especificar en la red inalámbrica local. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4565 http://www.securityfocus.com/bid/46813 http://www.securitytracker.com/id?1025182 https://exchange.xforce.ibmcloud.com/vulnerabilities/65998 • CWE-20: Improper Input Validation •