CVSS: 5.8EPSS: 0%CPEs: 65EXPL: 0CVE-2011-0166
https://notcve.org/view.php?id=CVE-2011-0166
The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778. La funcionalidad arrastrar y soltar de HTML5 de WebKit en Apple Safari anterior a v5.0.4, permite a atacantes remotos asistidos por el usuario evitar la Same Origin Policy y obtener información sensible a través de vectores relacionados con el contenido arrastrado NOTA: esto puede superponerse con CVE-2011-0778. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://support.apple.com/kb/HT4566 http://support.apple.com/kb/HT4999 http://www.securityfocus.com/bid/46811 http://www.securitytracker.com/id?1025183 https://exchange.xforce.ibmcloud.com/vulnerabilities/66004 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 65EXPL: 1CVE-2011-0167 – WebKit 1.2.x - Local Webpage Cross Domain Information Disclosure
https://notcve.org/view.php?id=CVE-2011-0167
The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. La funcionalidad de ventanas en WebKit de Apple Safari anterior a v5.0.4, permite a atacantes remotos evitar la Same Origin Policy, y forzar la carga de ficheros locales desde un equipo cliente, a través de un sitio web manipulado. • https://www.exploit-db.com/exploits/35434 http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://support.apple.com/kb/HT4566 http://www.securityfocus.com/bid/46816 http://www.securitytracker.com/id?1025183 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2011-1188
https://notcve.org/view.php?id=CVE-2011-1188
Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Google Chrome anterior a v10.0.648.127, no maneja correctamente los nodos de contadores, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=69628 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://www.secu •
CVSS: 6.8EPSS: 2%CPEs: 4EXPL: 0CVE-2011-1204
https://notcve.org/view.php?id=CVE-2011-1204
Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document. Google Chrome anterior a v10.0.648.127 no controla correctamente los atributos, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción del árbol DOM) o tener un impacto no especificado a través de un documento hecho a mano. • http://code.google.com/p/chromium/issues/detail?id=74030 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://www.secu • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1CVE-2011-1190
https://notcve.org/view.php?id=CVE-2011-1190
The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." La implementación de Web Workers en Google Chrome anterior a v10.0.648.127 permite a atacantes remotos evitar la "política del mismo origen" (Same Origin Policy) a través de vectores no especificados, relacionados con un "error message leak". • http://code.google.com/p/chromium/issues/detail?id=70336 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4999 http://www.securityfocus.com/bid/46785 http://www.vupen.com/english/advisories/2011/0628 https://exchange.xforce.ibmcloud.com/vul • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •