CVE-2011-3064
https://notcve.org/view.php?id=CVE-2011-3064
Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping. Vulnerabilidad por error de memoria en ejecución (use-after-free) en Google Chrome anterior a v18.0.1025.142 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con la operación de recorte en el formato SVG. • http://code.google.com/p/chromium/issues/detail?id=117471 http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/80742 http://secunia.com/advisories/48618 http://secunia.com/advisories/48691 http://secunia.com/advis • CWE-416: Use After Free •
CVE-2011-3062 – Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31)
https://notcve.org/view.php?id=CVE-2011-3062
Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file. Error de tipo "Off-by-one" en OpenType Sanitizer en Google Chrome anterior a v18.0.1025.142 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de un archivo modificado de OpenType. • http://code.google.com/p/chromium/issues/detail?id=116524 http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html http://osvdb.org/80740 http://secunia.com/advisories/48618 http://secunia.com/advisories/48691 http://secunia.com/advisories/48763 http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/secu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-682: Incorrect Calculation •
CVE-2011-3061
https://notcve.org/view.php?id=CVE-2011-3061
Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. Las versiones de Google Chrome anteriores a v18.0.1025.142 no comprueban correctamente los certificados X.509 antes de su uso en un proxy SPDY, lo cual podría permitir un ataque del hombre en el medio (man-in-the-middle) suplantando los servidodores u obtener información sensible a través de un certificado modificado. • http://code.google.com/p/chromium/issues/detail?id=116398 http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html http://osvdb.org/80739 http://secunia.com/advisories/48618 http://secunia.com/advisories/48691 http://secunia.com/advisories/48763 http://www.securityfocus.com/bid/52762 http://www.securitytracker.com/id?1026877 https://exchange.xforce.ibmcloud.com/vulnerabilities/74411 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre& • CWE-295: Improper Certificate Validation •
CVE-2011-3065
https://notcve.org/view.php?id=CVE-2011-3065
Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Skia, tal como se utiliza en Google Chrome anteriores a v18.0.1025.142, permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=117588 http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html http://osvdb.org/80743 http://secunia.com/advisories/48618 http://secunia.com/advisories/48691 http://secunia.com/advisories/48763 http://www.securityfocus.com/bid/52762 http://www.securitytracker.com/id?1026877 https://exchange.xforce.ibmcloud.com/vulnerabilities/74415 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre& • CWE-190: Integer Overflow or Wraparound •
CVE-2011-3058
https://notcve.org/view.php?id=CVE-2011-3058
Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. Las versiones de Google Chrome anteriores a v18.0.1025.142 no manejan correctamente el sistema de codificación EUC-JP, lo que podría permitir a atacantes remotos producir ataques de ejecución de comandos en sitios cruzados(XSS) a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=109574 http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html http://secunia.com/advisories/48618 http://secunia.com/advisories/48691 http://secunia.com/advisories/48763 http://support.apple.com/kb/HT5642 http://www.securityfocus.com/bid/52762 http:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •