CVSS: 4.3EPSS: 1%CPEs: 96EXPL: 0CVE-2011-0163
https://notcve.org/view.php?id=CVE-2011-0163
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. WebKit, tal como se utiliza en Apple Safari v5.0.4 e iOS antes de v4.3, no controla correctamente "los recursos almacenados en caché" sin especificar, lo que permite a atacantes remotos provocar una denegación de servicio (falta de disponibilidad de recursos) a través de un sitio web manipulad que lleva a cabo un ataque de envenenamiento de caché. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 http://www.securitytracker.com/id?1025182 https://exchange.xforce.ibmcloud.com/vulnerabilities/66001 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 38EXPL: 0CVE-2011-1418
https://notcve.org/view.php?id=CVE-2011-1418
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses. La funcionalidad de configuración automática de direcciones sin estado (también conocido como SLAAC) en la aplicación de redes IPv6 en Apple iOS antes de v4.3 y Apple TV antes de v4.2 los lugares situan la dirección MAC en la dirección IPv6, lo cual lo hace más fácil para los servidores remotos IPv6 rastrear a los usuarios por el registro fuente de direcciones IPv6. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4565 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 96EXPL: 0CVE-2011-0161
https://notcve.org/view.php?id=CVE-2011-0161
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. WebKit, como se usa en Apple Safari anterior a v5.0.4 e iOS antes de v4.3, no maneja adecuada mente el acceso a Attr.style, lo que permite a atacantes remotos evitar la Same Origin Policy e inyectar secuencias de hojas de estilo en cascada (CSS) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 http://www.securityfocus.com/bid/46814 http://www.securitytracker.com/id?1025182 https://exchange.xforce.ibmcloud.com/vulnerabilities/66000 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 31EXPL: 0CVE-2011-0157
https://notcve.org/view.php?id=CVE-2011-0157
WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1. WebKit, tal como se utiliza en Apple iOS antes de 4.3, permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente de CVE otra lista de APPLE-SA-2011-03-09-1. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://support.apple.com/kb/HT4564 http://www.securityfocus.com/bid/46807 https://exchange.xforce.ibmcloud.com/vulnerabilities/66007 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 4%CPEs: 142EXPL: 0CVE-2011-1344 – WebKit WBR Tag Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1344
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. Vulnerabilidad sin especificar en WebKit. Tal como se utiliza en Apple Safari 5.0.4 en Mac OS X 10.6.6, permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, como ha demostrado Chaouki Bekrar durante el concurso Pwn2Own de la CanSecWest 2011. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the Webkit library handles WBR tags on a webpage. • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html http://secunia.com/advisories/44151 http://secunia.com/advisories/44154 http://support.apple.com/kb/HT4596 http://support.apple.com/kb/HT4607 http://twitter.com/aaronportnoy/statuses/45632544967901187&# • CWE-399: Resource Management Errors •