CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2011-3928 – Webkit.org Webkit copyNonAttributeProperties Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3928
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling. Una vulnerabilidad de uso después de liberación en Google Chrome antes de v16.0.912.77 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con la manipulación de DOM. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the WebCore component as used by WebKit. Specifically within the handling of element properties. • http://code.google.com/p/chromium/issues/detail?id=108461 http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/47694 http://secunia.com/advisories/48288 http://secunia.com/advisories/48377 http://www.securitytracker.com/id?1026569 http://www.securitytracker.com/id?1026774 https://exchange • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2011-3922 – qt: Stack-based buffer overflow in embedded harfbuzz code
https://notcve.org/view.php?id=CVE-2011-3922
Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling. Desbordamiento de búfer basado en pila en Google Chrome antes de v16.0.912.75 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con el manejo de glifos. • http://code.google.com/p/chromium/issues/detail?id=108006 http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html http://secunia.com/advisories/47449 http://www.securityfocus.com/bid/51300 http://www.securitytracker.com/id?1026487 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14871 https://access.redhat.com/security/cve/CVE-2011-3922 https://bugzilla.redhat.com/show_bug.cgi?id=772125 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2011-3921
https://notcve.org/view.php?id=CVE-2011-3921
Use-after-free vulnerability in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving animation frames. Una vulnerabilidad de uso después de liberación en Google Chrome antes de v16.0.912.75 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con los frames de animación. • http://code.google.com/p/chromium/issues/detail?id=106672 http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html http://secunia.com/advisories/47449 http://www.securityfocus.com/bid/51300 http://www.securitytracker.com/id?1026487 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13995 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 3%CPEs: 11EXPL: 0CVE-2011-3919 – libxml2: Heap-based buffer overflow when decoding an entity reference with a long name
https://notcve.org/view.php?id=CVE-2011-3919
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Un desbordamiento de pila basado en memoria dinámica (monticulo) en libxml2, tal y como se utiliza en Google Chrome antes de v16.0.912.75, permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=107128 http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html http://rhn.redhat.com/errata/RHSA-2013-0217.html http://secunia.com/advisories/47449 http://secunia.com/advisories/55568 http://support&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3907
https://notcve.org/view.php?id=CVE-2011-3907
The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors. La función de visualización de código de Google Chrome antes de v16.0.912.63 permite a atacantes remotos falsificar la barra de URL a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=99016 http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14299 • CWE-20: Improper Input Validation •