CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2011-2827
https://notcve.org/view.php?id=CVE-2011-2827
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching. Vulnerabilidad de uso después de la liberación en Google Chrome v13.0.782.215, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario mediante vectores relacionados con la búsqueda de texto. • http://code.google.com/p/chromium/issues/detail?id=90668 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 https://oval • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2828
https://notcve.org/view.php?id=CVE-2011-2828
Google V8, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write. Google V8, como se usa en Google Chrome antes de 13.0.782.215, permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que provocan una escritura fuera de los límites. • http://code.google.com/p/chromium/issues/detail?id=91517 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14265 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 0CVE-2011-2821 – libxml2: double free caused by malformed XPath expression in XSLT
https://notcve.org/view.php?id=CVE-2011-2821
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. Doble vulnerabilidad libre en libxml2, como se usa en Google Chrome antes de v13.0.782.215, permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de una expresión XPath manipulada. • http://code.google.com/p/chromium/issues/detail?id=89402 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-0217.html http://support.apple.com/kb/HT5281 http://support.apple.com/kb/HT5503 http:&#x • CWE-415: Double Free CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 9.3EPSS: 13%CPEs: 4EXPL: 0CVE-2011-2825 – Webkit fontface Invalid Font Family Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2825
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts. Vulnerabilidad de uso después de la liberación en Google Chrome v13.0.782.215, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario mediante las fuentes personalizadas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing and utilization of font objects. When the code parses the @font-face CSS element it does not validate that the font-family is legitimate. • http://code.google.com/p/chromium/issues/detail?id=88670 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/48274 http://secunia.com/advisories/48288 http://secunia.com/advisories/48377 http://www.securitytracker.com& • CWE-416: Use After Free •
CVSS: 5.8EPSS: 0%CPEs: 59EXPL: 0CVE-2008-7294
https://notcve.org/view.php?id=CVE-2008-7294
Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. Google Chrome en versiones anteriors a la 4.0.211.0 no restringe apropiadamente las modificaciones a las cookies establecidas en las sesiones HTTPS, lo que facilita a atacantes "man-in-the-middle" sobreescribir o borrar cookies arbitrarias a través de una cabecera Set-Cookie en una respuesta HTTP, relacionado con una fallo en la funcionalidad HTTP Strict Transport Security (HSTS) includeSubDomains. También conocido como un problema "cookie forcing". • http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/1148.html http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html https://bugzilla.mozilla.org/show_bug.cgi?id=660053 • CWE-264: Permissions, Privileges, and Access Controls •