CVE-2011-1296
https://notcve.org/view.php?id=CVE-2011-1296
Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Google Chrome antes de v10.0.648.204 no controla correctamente el texto SVG, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que dan lugar a un puntero bloqueado. • http://code.google.com/p/chromium/issues/detail?id=75170 http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://secunia.com/advisories/43859 http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.app • CWE-20: Improper Input Validation •
CVE-2011-1465
https://notcve.org/view.php?id=CVE-2011-1465
The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream. La implementación de SPDY en net/http/http_network_transaction.cc en Google Chrome anterior a v11.0.696.14 desecha los cuerpos de las respuestas SPDY, lo que podría permitir a servidores remotos SPDY causar una denegación de servicio (salida de la aplicación) mediante la cancelación de una descarga de visualización mientras se descarga. • http://code.google.com/p/chromium/issues/detail?id=75657 http://googlechromereleases.blogspot.com/2011/03/dev-channel-update_17.html http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_network_transaction.cc?r1=77893&r2=77892&pathrev=77893 https://exchange.xforce.ibmcloud.com/vulnerabilities/66195 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14564 •
CVE-2011-0609 – Adobe Flash Player Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2011-0609
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011. Vulnerabilidad sin especificar en Adobe Flash Player 10.2.154.13 y versiones anteriores en Windows, Mac OS X, Linux y Solaris, y 10.1.106.16 y anteriores en Android, y Authplay.dll (AuthPlayLib.bundle) de Adobe Reader y Acrobat 9.x hasta 9.4.2 y 10.x hasta 10.0.1 en Windows y Mac OS X. Permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de contenido Flash modificado, como se ha demostrado con un fichero .swf embebido en una hoja de cálculo Excel. Se ha explotado en Internet en Marzo del 2011. Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). • https://www.exploit-db.com/exploits/17027 http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://secunia.com/advisories/43751 http://secunia.com/advisories/43757 http://secunia.com/advisories/43772 http://secunia.com/advisories/43856 http://securityreason.com/securityalert/8152 http://www.ado •
CVE-2011-1192
https://notcve.org/view.php?id=CVE-2011-1192
Google Chrome before 10.0.648.127 on Linux does not properly handle Unicode ranges, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Google Chrome en versiones anteriores a la 10.0.648.127 en Linux no maneja apropiadamente los rangos Unicode, lo que permite a atacantes remotos provocar una denegación de servicio (lectura fuera de los límites) a través de vectos sin especificar. • http://code.google.com/p/chromium/issues/detail?id=70779 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://www.securityfocus.com/bid/46785 http://www.vupen.com/english/advisories/2011/0628 https://docs.google.com/a/google.com/document/d/1YoJbpG0uTz0TI3VhRPLQxGP6hkOYwpv4t7ZJDofBC-A/edit?hl=en&authkey=CPWzgZAG https://exchange.xforce.ibmcloud.com/vulnerabilities/65956 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13990 • CWE-125: Out-of-bounds Read •
CVE-2011-1286
https://notcve.org/view.php?id=CVE-2011-1286
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory. Google V8, tal como se usa en Google Chrome anterior a v10.0.648.127, permite a atacantes remotos provocar una denegación de servicio o tener un impacto no especificado a través de vectores desconocidos que provocan acceso incorrecto en memoria. • http://code.google.com/p/chromium/issues/detail?id=74675 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://www.securityfocus.com/bid/46785 http://www.vupen.com/english/advisories/2011/0628 https://exchange.xforce.ibmcloud.com/vulnerabilities/65970 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14455 •