CVSS: 4.3EPSS: 0%CPEs: 96EXPL: 0CVE-2011-0161
https://notcve.org/view.php?id=CVE-2011-0161
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. WebKit, como se usa en Apple Safari anterior a v5.0.4 e iOS antes de v4.3, no maneja adecuada mente el acceso a Attr.style, lo que permite a atacantes remotos evitar la Same Origin Policy e inyectar secuencias de hojas de estilo en cascada (CSS) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 http://www.securityfocus.com/bid/46814 http://www.securitytracker.com/id?1025182 https://exchange.xforce.ibmcloud.com/vulnerabilities/66000 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 2%CPEs: 30EXPL: 0CVE-2011-0158
https://notcve.org/view.php?id=CVE-2011-0158
MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code. MobileSafari en Apple iOS antes de v4.3 no implementa adecuadamente la aplicación de lanzamiento a través de controladores de URL, lo que permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación persistente) a través de código JavaScript malicioso. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://support.apple.com/kb/HT4564 http://www.securityfocus.com/bid/46806 http://www.securitytracker.com/id?1025182 https://exchange.xforce.ibmcloud.com/vulnerabilities/66002 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 3%CPEs: 38EXPL: 0CVE-2011-0162
https://notcve.org/view.php?id=CVE-2011-0162
Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network. Wi-Fi de Apple iOS antes de v4.3 y Apple TV antes de v4.2 no lleva a cabo todas comprobación de límites para los marcos de Wi-Fi, lo que permite a atacantes remotos provocar una denegación de servicio (reinicio del dispositivo) a través de tráfico sin especificar en la red inalámbrica local. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4565 http://www.securityfocus.com/bid/46813 http://www.securitytracker.com/id?1025182 https://exchange.xforce.ibmcloud.com/vulnerabilities/65998 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 38EXPL: 0CVE-2011-1418
https://notcve.org/view.php?id=CVE-2011-1418
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses. La funcionalidad de configuración automática de direcciones sin estado (también conocido como SLAAC) en la aplicación de redes IPv6 en Apple iOS antes de v4.3 y Apple TV antes de v4.2 los lugares situan la dirección MAC en la dirección IPv6, lo cual lo hace más fácil para los servidores remotos IPv6 rastrear a los usuarios por el registro fuente de direcciones IPv6. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4565 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 4%CPEs: 142EXPL: 0CVE-2011-1344 – WebKit WBR Tag Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1344
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. Vulnerabilidad sin especificar en WebKit. Tal como se utiliza en Apple Safari 5.0.4 en Mac OS X 10.6.6, permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, como ha demostrado Chaouki Bekrar durante el concurso Pwn2Own de la CanSecWest 2011. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the Webkit library handles WBR tags on a webpage. • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html http://secunia.com/advisories/44151 http://secunia.com/advisories/44154 http://support.apple.com/kb/HT4596 http://support.apple.com/kb/HT4607 http://twitter.com/aaronportnoy/statuses/45632544967901187&# • CWE-399: Resource Management Errors •