CVE-2011-1193
https://notcve.org/view.php?id=CVE-2011-1193
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Google V8, tal como se usa en Google Chrome anterior a v10.0.648.127, permite a atacantes remotos eludir la "política del mismo origen" (Same Origin Policy) a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=70877 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://www.securityfocus.com/bid/46785 http://www.vupen.com/english/advisories/2011/0628 https://exchange.xforce.ibmcloud.com/vulnerabilities/65957 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14035 •
CVE-2011-1195
https://notcve.org/view.php?id=CVE-2011-1195
Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling." Vulnerabilidad de "usar después de liberar" (Use-after-free) en Google Chrome anterior a v10.0.648.127 permite a atacantes remotos provocar una denegación de servicio o tener un impacto no especificado a través de vectores relacionados con "document script lifetime handling" • http://code.google.com/p/chromium/issues/detail?id=71763 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://www.securityfocus.com/bid/46785 http://www.vupen.com/english/advisories/2011/0628 https://exchange.xforce.ibmcloud.com/vulnerabilities/65959 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14575 • CWE-416: Use After Free •
CVE-2011-1202 – libxslt: Heap address leak in XLST
https://notcve.org/view.php?id=CVE-2011-1202
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. Vulnerabilidad no especificada en la implementación XSLT en Google Chrome anterior a v10.0.648.127 permite a atacantes remotos obtener información sensible acerca de las direcciones de memoria en el montón mediante vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=73716 http://downloads.avaya.com/css/P8/documents/100144158 http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 http://www& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-1198
https://notcve.org/view.php?id=CVE-2011-1198
The video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure." La funcionalidad de vídeo en Google Chrome anterior a v10.0.648.127 permite a atacantes remotos provocar una denegación de servicio o tener un impacto no especificado a través de vectores desconocidos que generan el uso de una estructura "out-of-bounds" incorrecta. • http://code.google.com/p/chromium/issues/detail?id=73026 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://www.securityfocus.com/bid/46785 http://www.vupen.com/english/advisories/2011/0628 https://exchange.xforce.ibmcloud.com/vulnerabilities/65962 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14555 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1186
https://notcve.org/view.php?id=CVE-2011-1186
Google Chrome before 10.0.648.127 on Linux does not properly handle parallel execution of calls to the print method, which might allow remote attackers to cause a denial of service (application crash) via crafted JavaScript code. Google Chrome en versiones anteriores a la 10.0.648.127 en Linux no maneja apropiadamente la ejecución paralela de llamadas al método print, lo que permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un código JavaScript modificado. • http://code.google.com/p/chromium/issues/detail?id=66962 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://www.securityfocus.com/bid/46785 http://www.vupen.com/english/advisories/2011/0628 https://exchange.xforce.ibmcloud.com/vulnerabilities/65950 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14255 • CWE-20: Improper Input Validation •