The version of Apple iTunes installed on the remote Windows host is older than 10.5. Thus, it is reportedly affected by numerous issues in the following components :
- CoreFoundation
- ColorSync
- CoreAudio
- CoreMedia
- ImageIO
- WebKit
{"openvas": [{"lastseen": "2020-06-10T20:02:52", "description": "This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-10-20T00:00:00", "type": "openvas", "title": "Apple iTunes Multiple Vulnerabilities - Oct 11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2827", "CVE-2011-1293", "CVE-2011-0221", "CVE-2011-2790", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0259", "CVE-2011-2352", "CVE-2011-2792", "CVE-2010-1823", "CVE-2011-0215", "CVE-2011-2339", "CVE-2011-3234", "CVE-2011-1462", "CVE-2011-1451", "CVE-2011-0238", "CVE-2011-3233", "CVE-2011-0204", "CVE-2011-0223", "CVE-2011-1440", "CVE-2011-2359", "CVE-2011-1109", "CVE-2011-1457", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3241", "CVE-2011-0240", "CVE-2011-1204", "CVE-2011-2820", "CVE-2011-0218", "CVE-2011-0164", "CVE-2011-0254", "CVE-2011-2797", "CVE-2011-0255", "CVE-2011-1296", "CVE-2011-0981", "CVE-2011-2811", "CVE-2011-2788", "CVE-2011-3239", "CVE-2011-1115", "CVE-2011-3252", "CVE-2011-3244", "CVE-2011-1114", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-3238", "CVE-2011-1203", "CVE-2011-2356", "CVE-2011-0983", "CVE-2011-0222", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-2831", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-3232", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-2815", "CVE-2011-3237", "CVE-2011-3219", "CVE-2011-0253", "CVE-2011-1117", "CVE-2011-0200", "CVE-2011-0232", "CVE-2011-2814", "CVE-2011-1449", "CVE-2011-1121", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-1774", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-1188", "CVE-2011-0235", "CVE-2011-2809", "CVE-2011-2341"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310802193", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802193", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Multiple Vulnerabilities - Oct 11\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802193\");\n script_version(\"2020-06-09T06:40:15+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 06:40:15 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0259\", \"CVE-2011-0200\", \"CVE-2011-3252\", \"CVE-2011-3219\",\n \"CVE-2011-0204\", \"CVE-2011-0215\", \"CVE-2010-1823\", \"CVE-2011-0164\",\n \"CVE-2011-0218\", \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\",\n \"CVE-2011-0225\", \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\",\n \"CVE-2011-0235\", \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\",\n \"CVE-2011-0253\", \"CVE-2011-0254\", \"CVE-2011-0255\", \"CVE-2011-0981\",\n \"CVE-2011-0983\", \"CVE-2011-1109\", \"CVE-2011-1114\", \"CVE-2011-1115\",\n \"CVE-2011-1117\", \"CVE-2011-1121\", \"CVE-2011-1188\", \"CVE-2011-1203\",\n \"CVE-2011-1204\", \"CVE-2011-1288\", \"CVE-2011-1293\", \"CVE-2011-1296\",\n \"CVE-2011-1440\", \"CVE-2011-1449\", \"CVE-2011-1451\", \"CVE-2011-1453\",\n \"CVE-2011-1457\", \"CVE-2011-1462\", \"CVE-2011-1797\", \"CVE-2011-2338\",\n \"CVE-2011-2339\", \"CVE-2011-2341\", \"CVE-2011-2351\", \"CVE-2011-2352\",\n \"CVE-2011-2354\", \"CVE-2011-2356\", \"CVE-2011-2359\", \"CVE-2011-2788\",\n \"CVE-2011-2790\", \"CVE-2011-2792\", \"CVE-2011-2797\", \"CVE-2011-2799\",\n \"CVE-2011-2809\", \"CVE-2011-2811\", \"CVE-2011-2813\", \"CVE-2011-2814\",\n \"CVE-2011-2815\", \"CVE-2011-2816\", \"CVE-2011-2817\", \"CVE-2011-2818\",\n \"CVE-2011-2820\", \"CVE-2011-2823\", \"CVE-2011-2827\", \"CVE-2011-2831\",\n \"CVE-2011-3232\", \"CVE-2011-3233\", \"CVE-2011-3234\", \"CVE-2011-3235\",\n \"CVE-2011-3236\", \"CVE-2011-3237\", \"CVE-2011-3238\", \"CVE-2011-3239\",\n \"CVE-2011-3241\", \"CVE-2011-3244\", \"CVE-2011-1774\");\n script_bugtraq_id(50067, 48416, 50065, 50068, 48437, 48825, 43228, 46703,\n 48842, 48843, 48844, 48820, 48845, 48846, 48847, 48823,\n 48848, 48849, 48850, 48827, 48851, 48852, 48853, 46262,\n 46614, 46785, 48854, 48824, 47604, 48855, 48856, 48857,\n 48858, 51032, 48479, 48960, 49279, 49850, 49658, 50066,\n 48840, 47029);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple iTunes Multiple Vulnerabilities - Oct 11\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4981\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the user running the affected application. Failed attacks may cause denial of service conditions.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes version prior to 10.5 (10.5.0.142) on Windows.\");\n\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities refer to the links given below.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Apple iTunes version 10.5 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\n## Apple iTunes version < 10.5 (10.5.0.142)\nif( version_is_less( version:vers, test_version:\"10.5.0.142\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"10.5.0.142\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-20T13:27:54", "description": "This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-10-20T00:00:00", "type": "openvas", "title": "Apple iTunes Multiple Vulnerabilities - Oct 11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2827", "CVE-2011-1293", "CVE-2011-0221", "CVE-2011-2790", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0259", "CVE-2011-2352", "CVE-2011-2792", "CVE-2010-1823", "CVE-2011-0215", "CVE-2011-2339", "CVE-2011-3234", "CVE-2011-1462", "CVE-2011-1451", "CVE-2011-0238", "CVE-2011-3233", "CVE-2011-0204", "CVE-2011-0223", "CVE-2011-1440", "CVE-2011-2359", "CVE-2011-1109", "CVE-2011-1457", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3241", "CVE-2011-0240", "CVE-2011-1204", "CVE-2011-2820", "CVE-2011-0218", "CVE-2011-0164", "CVE-2011-0254", "CVE-2011-2797", "CVE-2011-0255", "CVE-2011-1296", "CVE-2011-0981", "CVE-2011-2811", "CVE-2011-2788", "CVE-2011-3239", "CVE-2011-1115", "CVE-2011-3252", "CVE-2011-3244", "CVE-2011-1114", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-3238", "CVE-2011-1203", "CVE-2011-2356", "CVE-2011-0983", "CVE-2011-0222", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-2831", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-3232", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-2815", "CVE-2011-3237", "CVE-2011-3219", "CVE-2011-0253", "CVE-2011-1117", "CVE-2011-0200", "CVE-2011-0232", "CVE-2011-2814", "CVE-2011-1449", "CVE-2011-1121", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-1774", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-1188", "CVE-2011-0235", "CVE-2011-2809", "CVE-2011-2341"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:802193", "href": "http://plugins.openvas.org/nasl.php?oid=802193", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_itunes_mult_vuln_oct11_win.nasl 8169 2017-12-19 08:42:31Z cfischer $\n#\n# Apple iTunes Multiple Vulnerabilities - Oct 11\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the user running the affected application. Failed attacks may\n cause denial of service conditions.\n Impact Level: System/Application\";\ntag_affected = \"Apple iTunes version prior to 10.5 (10.5.0.142) on Windows\";\ntag_insight = \"For more details about the vulnerabilities refer to the links given below.\";\ntag_solution = \"Upgrade to Apple Apple iTunes version 10.5 or later,\n For updates refer to http://www.apple.com/itunes/download/\";\ntag_summary = \"This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802193);\n script_version(\"$Revision: 8169 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 09:42:31 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0259\", \"CVE-2011-0200\", \"CVE-2011-3252\", \"CVE-2011-3219\",\n \"CVE-2011-0204\", \"CVE-2011-0215\", \"CVE-2010-1823\", \"CVE-2011-0164\",\n \"CVE-2011-0218\", \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\",\n \"CVE-2011-0225\", \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\",\n \"CVE-2011-0235\", \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\",\n \"CVE-2011-0253\", \"CVE-2011-0254\", \"CVE-2011-0255\", \"CVE-2011-0981\",\n \"CVE-2011-0983\", \"CVE-2011-1109\", \"CVE-2011-1114\", \"CVE-2011-1115\",\n \"CVE-2011-1117\", \"CVE-2011-1121\", \"CVE-2011-1188\", \"CVE-2011-1203\",\n \"CVE-2011-1204\", \"CVE-2011-1288\", \"CVE-2011-1293\", \"CVE-2011-1296\",\n \"CVE-2011-1440\", \"CVE-2011-1449\", \"CVE-2011-1451\", \"CVE-2011-1453\",\n \"CVE-2011-1457\", \"CVE-2011-1462\", \"CVE-2011-1797\", \"CVE-2011-2338\",\n \"CVE-2011-2339\", \"CVE-2011-2341\", \"CVE-2011-2351\", \"CVE-2011-2352\",\n \"CVE-2011-2354\", \"CVE-2011-2356\", \"CVE-2011-2359\", \"CVE-2011-2788\",\n \"CVE-2011-2790\", \"CVE-2011-2792\", \"CVE-2011-2797\", \"CVE-2011-2799\",\n \"CVE-2011-2809\", \"CVE-2011-2811\", \"CVE-2011-2813\", \"CVE-2011-2814\",\n \"CVE-2011-2815\", \"CVE-2011-2816\", \"CVE-2011-2817\", \"CVE-2011-2818\",\n \"CVE-2011-2820\", \"CVE-2011-2823\", \"CVE-2011-2827\", \"CVE-2011-2831\",\n \"CVE-2011-3232\", \"CVE-2011-3233\", \"CVE-2011-3234\", \"CVE-2011-3235\",\n \"CVE-2011-3236\", \"CVE-2011-3237\", \"CVE-2011-3238\", \"CVE-2011-3239\",\n \"CVE-2011-3241\", \"CVE-2011-3244\", \"CVE-2011-1774\");\n script_bugtraq_id(50067, 48416, 50065, 50068, 48437, 48825, 43228, 46703,\n 48842, 48843, 48844, 48820, 48845, 48846, 48847, 48823,\n 48848, 48849, 48850, 48827, 48851, 48852, 48853, 46262,\n 46614, 46785, 48854, 48824, 47604, 48855, 48856, 48857,\n 48858, 51032, 48479, 48960, 49279, 49850, 49658, 50066,\n 48840, 47029);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple iTunes Multiple Vulnerabilities - Oct 11\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4981\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n## Apple iTunes version < 10.5 (10.5.0.142)\nif( version_is_less( version:vers, test_version:\"10.5.0.142\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"10.5.0.142\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:58", "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2012-05-24T00:00:00", "type": "openvas", "title": "Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2827", "CVE-2011-3229", "CVE-2011-2790", "CVE-2011-2352", "CVE-2011-2792", "CVE-2011-2339", "CVE-2011-3234", "CVE-2011-3233", "CVE-2011-1440", "CVE-2011-2359", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3241", "CVE-2011-2820", "CVE-2011-3243", "CVE-2011-2797", "CVE-2011-2805", "CVE-2011-2811", "CVE-2011-2788", "CVE-2011-3239", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-2819", "CVE-2011-3238", "CVE-2011-2356", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-2831", "CVE-2011-3232", "CVE-2011-2815", "CVE-2011-3237", "CVE-2011-2814", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-2800", "CVE-2011-2809", "CVE-2011-2341"], "modified": "2017-04-12T00:00:00", "id": "OPENVAS:903029", "href": "http://plugins.openvas.org/nasl.php?oid=903029", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_apple_safari_mult_vuln_win_oct11.nasl 5940 2017-04-12 09:02:05Z teissa $\n#\n# Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to opening a maliciously\n crafted files, which leads to an unexpected application termination or\n arbitrary code execution.\n Impact Level: System/Application\";\ntag_affected = \"Apple Safari versions prior to 5.1.1 on Windows\";\ntag_insight = \"The flaws are due to\n - A directory traversal issue existed in the handling of 'safari-extension://'\n URLs.\n - A policy issue existed in the handling of 'file://' URLs.\n - An uninitialized memory access issue existed in the handling of SSL\n certificates.\n - Multiple memory corruption issues existed in WebKit.\n - A cross origin issue existed in the handling of the beforeload event,\n 'window.open' method, 'document.documentURI' property and inactive DOM\n windows in webkit.\n - A logic issue existed in the handling of cookies in Private Browsing mode.\";\ntag_solution = \"Upgrade to Apple Safari version 5.1.1 or later,\n For updates refer to http://www.apple.com/safari/download/\";\ntag_summary = \"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(903029);\n script_version(\"$Revision: 5940 $\");\n script_cve_id(\"CVE-2011-3229\", \"CVE-2011-1440\", \"CVE-2011-2338\", \"CVE-2011-2339\",\n \"CVE-2011-2341\", \"CVE-2011-2351\", \"CVE-2011-2352\", \"CVE-2011-2354\",\n \"CVE-2011-2356\", \"CVE-2011-2359\", \"CVE-2011-2788\", \"CVE-2011-2790\",\n \"CVE-2011-2792\", \"CVE-2011-2797\", \"CVE-2011-2799\", \"CVE-2011-2809\",\n \"CVE-2011-2811\", \"CVE-2011-2813\", \"CVE-2011-2814\", \"CVE-2011-2815\",\n \"CVE-2011-2816\", \"CVE-2011-2817\", \"CVE-2011-2818\", \"CVE-2011-2820\",\n \"CVE-2011-2823\", \"CVE-2011-2827\", \"CVE-2011-2831\", \"CVE-2011-3232\",\n \"CVE-2011-3233\", \"CVE-2011-3234\", \"CVE-2011-3235\", \"CVE-2011-3236\",\n \"CVE-2011-3237\", \"CVE-2011-3238\", \"CVE-2011-3239\", \"CVE-2011-3241\",\n \"CVE-2011-2800\", \"CVE-2011-2805\", \"CVE-2011-2819\", \"CVE-2011-3243\");\n script_bugtraq_id(50163, 47604, 50066, 51032, 48479, 48960, 49279, 49850, 49658,\n 50088);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-24 18:22:12 +0530 (Thu, 24 May 2012)\");\n script_name(\"Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5000\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/Security-announce//2011/Oct/msg00004.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_require_keys(\"AppleSafari/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nsafVer = \"\";\n\nsafVer = get_kb_item(\"AppleSafari/Version\");\nif(!safVer){\n exit(0);\n}\n\n## Grep for Apple Safari Versions prior to 5.1.1 (5.34.51.22)\nif(version_is_less(version:safVer, test_version:\"5.34.51.22\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-03-03T21:00:01", "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2012-05-24T00:00:00", "type": "openvas", "title": "Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2827", "CVE-2011-3229", "CVE-2011-2790", "CVE-2011-2352", "CVE-2011-2792", "CVE-2011-2339", "CVE-2011-3234", "CVE-2011-3233", "CVE-2011-1440", "CVE-2011-2359", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3241", "CVE-2011-2820", "CVE-2011-3243", "CVE-2011-2797", "CVE-2011-2805", "CVE-2011-2811", "CVE-2011-2788", "CVE-2011-3239", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-2819", "CVE-2011-3238", "CVE-2011-2356", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-2831", "CVE-2011-3232", "CVE-2011-2815", "CVE-2011-3237", "CVE-2011-2814", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-2800", "CVE-2011-2809", "CVE-2011-2341"], "modified": "2020-02-28T00:00:00", "id": "OPENVAS:1361412562310903029", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903029", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903029\");\n script_version(\"2020-02-28T13:41:47+0000\");\n script_cve_id(\"CVE-2011-3229\", \"CVE-2011-1440\", \"CVE-2011-2338\", \"CVE-2011-2339\",\n \"CVE-2011-2341\", \"CVE-2011-2351\", \"CVE-2011-2352\", \"CVE-2011-2354\",\n \"CVE-2011-2356\", \"CVE-2011-2359\", \"CVE-2011-2788\", \"CVE-2011-2790\",\n \"CVE-2011-2792\", \"CVE-2011-2797\", \"CVE-2011-2799\", \"CVE-2011-2809\",\n \"CVE-2011-2811\", \"CVE-2011-2813\", \"CVE-2011-2814\", \"CVE-2011-2815\",\n \"CVE-2011-2816\", \"CVE-2011-2817\", \"CVE-2011-2818\", \"CVE-2011-2820\",\n \"CVE-2011-2823\", \"CVE-2011-2827\", \"CVE-2011-2831\", \"CVE-2011-3232\",\n \"CVE-2011-3233\", \"CVE-2011-3234\", \"CVE-2011-3235\", \"CVE-2011-3236\",\n \"CVE-2011-3237\", \"CVE-2011-3238\", \"CVE-2011-3239\", \"CVE-2011-3241\",\n \"CVE-2011-2800\", \"CVE-2011-2805\", \"CVE-2011-2819\", \"CVE-2011-3243\");\n script_bugtraq_id(50163, 47604, 50066, 51032, 48479, 48960, 49279, 49850, 49658,\n 50088);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-28 13:41:47 +0000 (Fri, 28 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-05-24 18:22:12 +0530 (Thu, 24 May 2012)\");\n script_name(\"Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5000\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/Security-announce/2011/Oct/msg00004.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_mandatory_keys(\"AppleSafari/Version\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to opening a maliciously\n crafted files, which leads to an unexpected application termination or arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions prior to 5.1.1 on Windows.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - A directory traversal issue existed in the handling of 'safari-extension://'\n URLs.\n\n - A policy issue existed in the handling of 'file://' URLs.\n\n - An uninitialized memory access issue existed in the handling of SSL\n certificates.\n\n - Multiple memory corruption issues existed in WebKit.\n\n - A cross origin issue existed in the handling of the beforeload event,\n 'window.open' method, 'document.documentURI' property and inactive DOM\n windows in webkit.\n\n - A logic issue existed in the handling of cookies in Private Browsing mode.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 5.1.1 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"5.34.51.22\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Safari 5.1.1 (5.34.51.22)\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-04T19:00:06", "description": "This host is installed with Safari and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-10-20T00:00:00", "type": "openvas", "title": "Apple MAC OS X v10.6.8 Safari Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2827", "CVE-2011-3229", "CVE-2011-2790", "CVE-2011-3231", "CVE-2011-2352", "CVE-2011-2792", "CVE-2011-2339", "CVE-2011-1440", "CVE-2011-2359", "CVE-2011-3230", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3241", "CVE-2011-2820", "CVE-2011-2832", "CVE-2011-3243", "CVE-2011-2797", "CVE-2011-2805", "CVE-2011-2811", "CVE-2011-2788", "CVE-2011-3239", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-2819", "CVE-2011-3238", "CVE-2011-2356", "CVE-2011-2834", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-2831", "CVE-2011-2815", "CVE-2011-3237", "CVE-2011-3242", "CVE-2011-2833", "CVE-2011-2814", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-2800", "CVE-2011-2809", "CVE-2011-2341"], "modified": "2020-03-02T00:00:00", "id": "OPENVAS:1361412562310802192", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple MAC OS X v10.6.8 Safari Multiple Vulnerabilities\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802192\");\n script_version(\"2020-03-02T13:53:38+0000\");\n script_cve_id(\"CVE-2011-3229\", \"CVE-2011-3230\", \"CVE-2011-3231\", \"CVE-2011-1440\",\n \"CVE-2011-2338\", \"CVE-2011-2339\", \"CVE-2011-2341\", \"CVE-2011-2351\",\n \"CVE-2011-2352\", \"CVE-2011-2354\", \"CVE-2011-2356\", \"CVE-2011-2359\",\n \"CVE-2011-2788\", \"CVE-2011-2790\", \"CVE-2011-2792\", \"CVE-2011-2797\",\n \"CVE-2011-2799\", \"CVE-2011-2809\", \"CVE-2011-2811\", \"CVE-2011-2813\",\n \"CVE-2011-2814\", \"CVE-2011-2815\", \"CVE-2011-2816\", \"CVE-2011-2817\",\n \"CVE-2011-2818\", \"CVE-2011-2820\", \"CVE-2011-2823\", \"CVE-2011-2827\",\n \"CVE-2011-2831\", \"CVE-2011-2832\", \"CVE-2011-2833\", \"CVE-2011-2834\",\n \"CVE-2011-3235\", \"CVE-2011-3236\", \"CVE-2011-3237\", \"CVE-2011-3238\",\n \"CVE-2011-3239\", \"CVE-2011-3241\", \"CVE-2011-2800\", \"CVE-2011-2805\",\n \"CVE-2011-2819\", \"CVE-2011-3243\", \"CVE-2011-3242\");\n script_bugtraq_id(50163, 50162, 50169, 47604, 50066, 51032, 48479, 48960, 49279,\n 49850, 49658, 50088, 50180);\n script_tag(name:\"last_modification\", value:\"2020-03-02 13:53:38 +0000 (Mon, 02 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple MAC OS X v10.6.8 Safari Multiple Vulnerabilities\");\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5000\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/Security-announce//2011/Oct/msg00004.html\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to opening a maliciously\n crafted files, which leads to an unexpected application termination or arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"Safari version prior to 5.1.1 on MAC OS X/Mac OS X Server 10.6.8.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - A directory traversal issue existed in the handling of safari-extension:// URLs.\n\n - A policy issue existed in the handling of file:// URLs.\n\n - An uninitialized memory access issue existed in the handling of SSL certificates.\n\n - Multiple memory corruption issues existed in WebKit.\n\n - A cross-origin issue existed in the handling of the beforeload event,\n window.open method, document.documentURI property and inactive DOM windows\n in webkit.\n\n - A logic issue existed in the handling of cookies in Private Browsing mode.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Safari version 5.1.1 on later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Safari and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName || \"Mac OS X\" >!< osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(version_is_equal(version:osVer, test_version:\"10.6.8\")) {\n\n if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\n vers = infos[\"version\"];\n path = infos[\"location\"];\n\n if(version_is_less(version:vers, test_version:\"5.1.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"5.1.1\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n }\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:19:53", "description": "This host is installed with Safari and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-10-20T00:00:00", "type": "openvas", "title": "Apple MAC OS X v10.6.8 Safari Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2827", "CVE-2011-3229", "CVE-2011-2790", "CVE-2011-3231", "CVE-2011-2352", "CVE-2011-2792", "CVE-2011-2339", "CVE-2011-1440", "CVE-2011-2359", "CVE-2011-3230", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3241", "CVE-2011-2820", "CVE-2011-2832", "CVE-2011-3243", "CVE-2011-2797", "CVE-2011-2805", "CVE-2011-2811", "CVE-2011-2788", "CVE-2011-3239", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-2819", "CVE-2011-3238", "CVE-2011-2356", "CVE-2011-2834", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-2831", "CVE-2011-2815", "CVE-2011-3237", "CVE-2011-3242", "CVE-2011-2833", "CVE-2011-2814", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-2800", "CVE-2011-2809", "CVE-2011-2341"], "modified": "2017-08-30T00:00:00", "id": "OPENVAS:802192", "href": "http://plugins.openvas.org/nasl.php?oid=802192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_safari_mult_vuln_macosx.nasl 7024 2017-08-30 11:51:43Z teissa $\n#\n# Apple MAC OS X v10.6.8 Safari Multiple Vulnerabilities\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to opening a maliciously\n crafted files, which leads to an unexpected application termination or\n arbitrary code execution.\n Impact Level: System/Application\";\ntag_affected = \"Safari version prior to 5.1.1 on MAC OS X/Mac OS X Server 10.6.8\";\ntag_insight = \"The flaws are due to\n - A directory traversal issue existed in the handling of safari-extension://\n URLs.\n - A policy issue existed in the handling of file:// URLs.\n - An uninitialized memory access issue existed in the handling of SSL\n certificates.\n - Multiple memory corruption issues existed in WebKit.\n - A cross-origin issue existed in the handling of the beforeload event,\n window.open method, document.documentURI property and inactive DOM windows\n in webkit.\n - A logic issue existed in the handling of cookies in Private Browsing mode.\";\ntag_solution = \"Upgrade to Safari version 5.1.1 on later\n For updates refer to http://www.apple.com/safari/download/\";\ntag_summary = \"This host is installed with Safari and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802192);\n script_version(\"$Revision: 7024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-30 13:51:43 +0200 (Wed, 30 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-3229\", \"CVE-2011-3230\", \"CVE-2011-3231\", \"CVE-2011-1440\",\n \"CVE-2011-2338\", \"CVE-2011-2339\", \"CVE-2011-2341\", \"CVE-2011-2351\",\n \"CVE-2011-2352\", \"CVE-2011-2354\", \"CVE-2011-2356\", \"CVE-2011-2359\",\n \"CVE-2011-2788\", \"CVE-2011-2790\", \"CVE-2011-2792\", \"CVE-2011-2797\",\n \"CVE-2011-2799\", \"CVE-2011-2809\", \"CVE-2011-2811\", \"CVE-2011-2813\",\n \"CVE-2011-2814\", \"CVE-2011-2815\", \"CVE-2011-2816\", \"CVE-2011-2817\",\n \"CVE-2011-2818\", \"CVE-2011-2820\", \"CVE-2011-2823\", \"CVE-2011-2827\",\n \"CVE-2011-2831\", \"CVE-2011-2832\", \"CVE-2011-2833\", \"CVE-2011-2834\",\n \"CVE-2011-3235\", \"CVE-2011-3236\", \"CVE-2011-3237\", \"CVE-2011-3238\",\n \"CVE-2011-3239\", \"CVE-2011-3241\", \"CVE-2011-2800\", \"CVE-2011-2805\",\n \"CVE-2011-2819\", \"CVE-2011-3243\", \"CVE-2011-3242\");\n script_bugtraq_id(50163, 50162, 50169, 47604, 50066, 51032, 48479, 48960, 49279,\n 49850, 49658, 50088, 50180);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple MAC OS X v10.6.8 Safari Multiple Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5000\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/Security-announce//2011/Oct/msg00004.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X\nif(\"Mac OS X\" >< osName || \"Mac OS X Server\" >< osName)\n{\n ## Check the affected OS version\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n safVer = get_kb_item(\"AppleSafari/MacOSX/Version\");\n if(safVer)\n {\n if(version_is_less(version:safVer, test_version:\"5.1.1\")){\n security_message(0);\n }\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-03-04T18:59:44", "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0223", "CVE-2011-0241", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-0219", "CVE-2011-0218", "CVE-2011-0217", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0242", "CVE-2011-0222", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2011-1774", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "modified": "2020-03-02T00:00:00", "id": "OPENVAS:1361412562310802233", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802233", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802233\");\n script_version(\"2020-03-02T13:53:38+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-02 13:53:38 +0000 (Mon, 02 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 14:44:50 +0200 (Fri, 12 Aug 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4808\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2011/Jul/msg00002.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions prior to 5.0.6/5.1.\");\n\n script_tag(name:\"insight\", value:\"Please see the references for more details about the vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 5.0.6/5.1 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"5.0.6\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"5.0.6\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:19:46", "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2011-07-27T00:00:00", "type": "openvas", "title": "Apple Safari Multiple Vulnerabilities - July 2011", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0223", "CVE-2011-0241", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-0219", "CVE-2011-0218", "CVE-2011-0217", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0242", "CVE-2011-0222", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2011-1774", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "modified": "2017-08-30T00:00:00", "id": "OPENVAS:902543", "href": "http://plugins.openvas.org/nasl.php?oid=902543", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_apple_safari_mult_vuln_july11.nasl 7024 2017-08-30 11:51:43Z teissa $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\n Impact Level: System/Application\";\ntag_affected = \"Apple Safari versions prior to 5.1\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to Apple Safari version 5.1 or later,\n For updates refer to http://www.apple.com/safari/download/\";\ntag_summary = \"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(902543);\n script_version(\"$Revision: 7024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-30 13:51:43 +0200 (Wed, 30 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4808\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_require_keys(\"AppleSafari/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/Version\");\nif(!safVer){\n exit(0);\n}\n\n## Grep for Apple Safari Versions prior to 5.1 (5.34.50.0)\nif(version_is_less(version:safVer, test_version:\"5.34.50.0\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-03-03T21:00:49", "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2011-07-27T00:00:00", "type": "openvas", "title": "Apple Safari Multiple Vulnerabilities - July 2011", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0223", "CVE-2011-0241", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-0219", "CVE-2011-0218", "CVE-2011-0217", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0242", "CVE-2011-0222", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2011-1774", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "modified": "2020-02-28T00:00:00", "id": "OPENVAS:1361412562310902543", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902543", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Multiple Vulnerabilities - July 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902543\");\n script_version(\"2020-02-28T13:41:47+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-28 13:41:47 +0000 (Fri, 28 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4808\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2011/Jul/msg00002.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_mandatory_keys(\"AppleSafari/Version\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions prior to 5.1\");\n\n script_tag(name:\"insight\", value:\"Please see the references for more details about the vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 5.1 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"5.34.50.0\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Safari 5.1 (5.34.50.0)\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:19:56", "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0223", "CVE-2011-0241", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-0219", "CVE-2011-0218", "CVE-2011-0217", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0242", "CVE-2011-0222", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2011-1774", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "modified": "2017-09-01T00:00:00", "id": "OPENVAS:802233", "href": "http://plugins.openvas.org/nasl.php?oid=802233", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_safari_mult_vuln_july11_macosx.nasl 7044 2017-09-01 11:50:59Z teissa $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\n Impact Level: System/Application\";\ntag_affected = \"Apple Safari versions prior to 5.0.6/5.1\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to Apple Safari version 5.0.6/5.1 or later,\n For updates refer to http://www.apple.com/safari/download/\";\ntag_summary = \"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802233);\n script_version(\"$Revision: 7044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-01 13:50:59 +0200 (Fri, 01 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 14:44:50 +0200 (Fri, 12 Aug 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4808\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_require_keys(\"AppleSafari/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/MacOSX/Version\");\nif(!safVer){\n exit(0);\n}\n\n## Grep for Apple Safari Versions prior to 5.0.6\nif(version_is_less(version:safVer, test_version:\"5.0.6\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:30", "description": "The remote host is missing an update to chromium-browser\nannounced via advisory DSA 2245-1.", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2245-1 (chromium-browser)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1293", "CVE-2011-1444", "CVE-2011-1799", "CVE-2011-1440", "CVE-2011-1797", "CVE-2011-1292"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:69744", "href": "http://plugins.openvas.org/nasl.php?oid=69744", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2245_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2245-1 (chromium-browser)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n\nCVE-2011-1292\n\nUse-after-free vulnerability in the frame-loader implementation in Google\nChrome allows remote attackers to cause a denial of service or possibly\nhave unspecified other impact via unknown vectors.\n\n\nCVE-2011-1293\n\nUse-after-free vulnerability in the HTMLCollection implementation in Google\nChrome allows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors.\n\n\nCVE-2011-1440\n\nUse-after-free vulnerability in Google Chrome allows remote attackers to cause\na denial of service or possibly have unspecified other impact via vectors\nrelated to the ruby element and Cascading Style Sheets (CSS) token sequences.\n\n\nCVE-2011-1444\n\nRace condition in the sandbox launcher implementation in Google Chrome on\nLinux allows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors.\n\n\nCVE-2011-1797\n\nGoogle Chrome does not properly render tables, which allows remote attackers\nto cause a denial of service or possibly have unspecified other impact via\nunknown vectors that lead to a stale pointer.\n\n\nCVE-2011-1799\n\nGoogle Chrome does not properly perform casts of variables during interaction\nwith the WebKit engine, which allows remote attackers to cause a denial of\nservice or possibly have unspecified other impact via unknown vectors.\n\n\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 6.0.472.63~r59945-5+squeeze5.\n\nFor the testing distribution (wheezy), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 11.0.696.68~r84545-1.\n\nWe recommend that you upgrade your chromium-browser packages.\";\ntag_summary = \"The remote host is missing an update to chromium-browser\nannounced via advisory DSA 2245-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202245-1\";\n\n\nif(description)\n{\n script_id(69744);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-1292\", \"CVE-2011-1293\", \"CVE-2011-1440\", \"CVE-2011-1444\", \"CVE-2011-1797\", \"CVE-2011-1799\");\n script_name(\"Debian Security Advisory DSA 2245-1 (chromium-browser)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"6.0.472.63~r59945-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"6.0.472.63~r59945-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"6.0.472.63~r59945-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"6.0.472.63~r59945-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:37", "description": "The remote host is missing an update to chromium-browser\nannounced via advisory DSA 2245-1.", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2245-1 (chromium-browser)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1293", "CVE-2011-1444", "CVE-2011-1799", "CVE-2011-1440", "CVE-2011-1797", "CVE-2011-1292"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231069744", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069744", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2245_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2245-1 (chromium-browser)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69744\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-1292\", \"CVE-2011-1293\", \"CVE-2011-1440\", \"CVE-2011-1444\", \"CVE-2011-1797\", \"CVE-2011-1799\");\n script_name(\"Debian Security Advisory DSA 2245-1 (chromium-browser)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202245-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n\nCVE-2011-1292\n\nUse-after-free vulnerability in the frame-loader implementation in Google\nChrome allows remote attackers to cause a denial of service or possibly\nhave unspecified other impact via unknown vectors.\n\n\nCVE-2011-1293\n\nUse-after-free vulnerability in the HTMLCollection implementation in Google\nChrome allows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors.\n\n\nCVE-2011-1440\n\nUse-after-free vulnerability in Google Chrome allows remote attackers to cause\na denial of service or possibly have unspecified other impact via vectors\nrelated to the ruby element and Cascading Style Sheets (CSS) token sequences.\n\n\nCVE-2011-1444\n\nRace condition in the sandbox launcher implementation in Google Chrome on\nLinux allows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors.\n\n\nCVE-2011-1797\n\nGoogle Chrome does not properly render tables, which allows remote attackers\nto cause a denial of service or possibly have unspecified other impact via\nunknown vectors that lead to a stale pointer.\n\n\nCVE-2011-1799\n\nGoogle Chrome does not properly perform casts of variables during interaction\nwith the WebKit engine, which allows remote attackers to cause a denial of\nservice or possibly have unspecified other impact via unknown vectors.\n\n\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 6.0.472.63~r59945-5+squeeze5.\n\nFor the testing distribution (wheezy), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 11.0.696.68~r84545-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to chromium-browser\nannounced via advisory DSA 2245-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"6.0.472.63~r59945-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"6.0.472.63~r59945-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"6.0.472.63~r59945-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"6.0.472.63~r59945-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:22", "description": "The remote host is missing an update to chromium-browser\nannounced via advisory DSA 2307-1.", "cvss3": {}, "published": "2011-09-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2307-1 (chromium-browser)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2359", "CVE-2011-2818", "CVE-2011-2800"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70240", "href": "http://plugins.openvas.org/nasl.php?oid=70240", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2307_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2307-1 (chromium-browser)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2011-2818\n\nUse-after-free vulnerability in Google Chrome allows remote attackers to\ncause a denial of service or possibly have unspecified other impact via\nvectors related to display box rendering.\n\n\nCVE-2011-2800\n\nGoogle Chrome before allows remote attackers to obtain potentially sensitive\ninformation about client-side redirect targets via a crafted web site.\n\n\nCVE-2011-2359\n\nGoogle Chrome does not properly track line boxes during rendering, which\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors that lead to a stale pointer.\n\n\nSeveral unauthorised SSL certificates have been found in the wild issued\nfor the DigiNotar Certificate Authority, obtained through a security\ncompromise with said company.\nThis update blacklists SSL certificates issued by DigiNotar-controlled\nintermediate CAs used by the Dutch PKIoverheid program.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.472.63~r59945-5+squeeze6.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 13.0.782.220~r99552-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 13.0.782.220~r99552-1.\n\nWe recommend that you upgrade your chromium-browser packages.\";\ntag_summary = \"The remote host is missing an update to chromium-browser\nannounced via advisory DSA 2307-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202307-1\";\n\n\nif(description)\n{\n script_id(70240);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2359\", \"CVE-2011-2800\", \"CVE-2011-2818\");\n script_name(\"Debian Security Advisory DSA 2307-1 (chromium-browser)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"6.0.472.63~r59945-5+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"6.0.472.63~r59945-5+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"6.0.472.63~r59945-5+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"6.0.472.63~r59945-5+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-05-27T19:45:09", "description": "The remote host is missing an update to chromium-browser\nannounced via advisory DSA 2307-1.", "cvss3": {}, "published": "2011-09-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2307-1 (chromium-browser)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2359", "CVE-2011-2818", "CVE-2011-2800"], "modified": "2020-05-26T00:00:00", "id": "OPENVAS:136141256231070240", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070240", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Auto-generated from advisory DSA 2307-1 (chromium-browser)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (C) 2011 E-Soft Inc. http://www.securityspace.com\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70240\");\n script_version(\"2020-05-26T08:07:04+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-26 08:07:04 +0000 (Tue, 26 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2359\", \"CVE-2011-2800\", \"CVE-2011-2818\");\n script_name(\"Debian Security Advisory DSA 2307-1 (chromium-browser)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202307-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2011-2818\n\nUse-after-free vulnerability in Google Chrome allows remote attackers to\ncause a denial of service or possibly have unspecified other impact via\nvectors related to display box rendering.\n\n\nCVE-2011-2800\n\nGoogle Chrome before allows remote attackers to obtain potentially sensitive\ninformation about client-side redirect targets via a crafted web site.\n\n\nCVE-2011-2359\n\nGoogle Chrome does not properly track line boxes during rendering, which\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors that lead to a stale pointer.\n\n\nSeveral unauthorised SSL certificates have been found in the wild issued\nfor the DigiNotar Certificate Authority, obtained through a security\ncompromise with said company.\nThis update blacklists SSL certificates issued by DigiNotar-controlled\nintermediate CAs used by the Dutch PKIoverheid program.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.472.63~r59945-5+squeeze6.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 13.0.782.220~r99552-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 13.0.782.220~r99552-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to chromium-browser\nannounced via advisory DSA 2307-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"6.0.472.63~r59945-5+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"6.0.472.63~r59945-5+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"6.0.472.63~r59945-5+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"6.0.472.63~r59945-5+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"13.0.782.220~r99552-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-27T19:22:42", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-03-04T00:00:00", "type": "openvas", "title": "Google Chrome multiple vulnerabilities - March 11 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1120", "CVE-2011-1107", "CVE-2011-1110", "CVE-2011-1109", "CVE-2011-1116", "CVE-2011-1125", "CVE-2011-1122", "CVE-2011-1115", "CVE-2011-1114", "CVE-2011-1123", "CVE-2011-1112", "CVE-2011-1124", "CVE-2011-1117", "CVE-2011-1111", "CVE-2011-1121", "CVE-2011-1119", "CVE-2011-1118", "CVE-2011-1108"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310801856", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801856", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome multiple vulnerabilities - March 11 (Linux)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801856\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-03-04 14:32:35 +0100 (Fri, 04 Mar 2011)\");\n script_bugtraq_id(46614);\n script_cve_id(\"CVE-2011-1107\", \"CVE-2011-1108\", \"CVE-2011-1109\", \"CVE-2011-1110\",\n \"CVE-2011-1111\", \"CVE-2011-1112\", \"CVE-2011-1114\", \"CVE-2011-1115\",\n \"CVE-2011-1116\", \"CVE-2011-1117\", \"CVE-2011-1118\", \"CVE-2011-1119\",\n \"CVE-2011-1120\", \"CVE-2011-1121\", \"CVE-2011-1122\", \"CVE-2011-1123\",\n \"CVE-2011-1124\", \"CVE-2011-1125\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome multiple vulnerabilities - March 11 (Linux)\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html\");\n\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code\n in the context of the browser, perform spoofing attacks, or cause denial of\n service condition.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 9.0.597.107 on Linux\");\n script_tag(name:\"insight\", value:\"- An unspecified error related to the URL bar can be exploited to conduct\n spoofing attacks.\n\n - An unspecified error exists in the handling of JavaScript dialogs.\n\n - An error when handling stylesheet nodes can lead to a stale pointer.\n\n - An error when handling key frame rules can lead to a stale pointer.\n\n - An unspecified error exists in the handling of form controls.\n\n - An unspecified error exists while rendering SVG content.\n\n - An unspecified error in table handling can lead to a stale node.\n\n - An unspecified error in table rendering can lead to a stale pointer.\n\n - An unspecified error in SVG animations can lead to a stale pointer.\n\n - An unspecified error when handling XHTML can lead to a stale node.\n\n - An unspecified error exists in the textarea handling.\n\n - An unspecified error when handling device orientation can lead to a stale\n pointer.\n\n - An unspecified error in WebGL can be exploited to cause out-of-bounds reads.\n\n - An integer overflow exists in the textarea handling.\n\n - An unspecified error in WebGL can be exploited to cause out-of-bounds reads.\n\n - An unspecified error can lead to exposure of internal extension functions.\n\n - A use-after-free error exists within the handling of blocked plug-ins.\n\n - An unspecified error when handling layouts can lead to a stale pointer.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 9.0.597.107 or later.\");\n script_tag(name:\"summary\", value:\"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"9.0.597.107\")){\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"9.0.597.107\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-27T19:22:29", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-03-04T00:00:00", "type": "openvas", "title": "Google Chrome multiple vulnerabilities - March 11 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1120", "CVE-2011-1107", "CVE-2011-1110", "CVE-2011-1109", "CVE-2011-1116", "CVE-2011-1125", "CVE-2011-1122", "CVE-2011-1115", "CVE-2011-1114", "CVE-2011-1123", "CVE-2011-1112", "CVE-2011-1124", "CVE-2011-1117", "CVE-2011-1111", "CVE-2011-1121", "CVE-2011-1119", "CVE-2011-1118", "CVE-2011-1108"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310801855", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801855", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome multiple vulnerabilities - March 11 (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801855\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-03-04 14:32:35 +0100 (Fri, 04 Mar 2011)\");\n script_bugtraq_id(46614);\n script_cve_id(\"CVE-2011-1107\", \"CVE-2011-1108\", \"CVE-2011-1109\", \"CVE-2011-1110\",\n \"CVE-2011-1111\", \"CVE-2011-1112\", \"CVE-2011-1114\", \"CVE-2011-1115\",\n \"CVE-2011-1116\", \"CVE-2011-1117\", \"CVE-2011-1118\", \"CVE-2011-1119\",\n \"CVE-2011-1120\", \"CVE-2011-1121\", \"CVE-2011-1122\", \"CVE-2011-1123\",\n \"CVE-2011-1124\", \"CVE-2011-1125\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome multiple vulnerabilities - March 11 (Windows)\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html\");\n\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code\n in the context of the browser, perform spoofing attacks, or cause denial of\n service condition.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 9.0.597.107 on Windows\");\n script_tag(name:\"insight\", value:\"- An unspecified error related to the URL bar can be exploited to conduct\n spoofing attacks.\n\n - An unspecified error exists in the handling of JavaScript dialogs.\n\n - An error when handling stylesheet nodes can lead to a stale pointer.\n\n - An error when handling key frame rules can lead to a stale pointer.\n\n - An unspecified error exists in the handling of form controls.\n\n - An unspecified error exists while rendering SVG content.\n\n - An unspecified error in table handling can lead to a stale node.\n\n - An unspecified error in table rendering can lead to a stale pointer.\n\n - An unspecified error in SVG animations can lead to a stale pointer.\n\n - An unspecified error when handling XHTML can lead to a stale node.\n\n - An unspecified error exists in the textarea handling.\n\n - An unspecified error when handling device orientation can lead to a stale\n pointer.\n\n - An unspecified error in WebGL can be exploited to cause out-of-bounds reads.\n\n - An integer overflow exists in the textarea handling.\n\n - An unspecified error in WebGL can be exploited to cause out-of-bounds reads.\n\n - An unspecified error can lead to exposure of internal extension functions.\n\n - A use-after-free error exists within the handling of blocked plug-ins.\n\n - An unspecified error when handling layouts can lead to a stale pointer.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 9.0.597.107 or later.\");\n script_tag(name:\"summary\", value:\"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"9.0.597.107\")){\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"9.0.597.107\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-09-04T14:19:41", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-03-04T00:00:00", "type": "openvas", "title": "Google Chrome multiple vulnerabilities - March 11 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1120", "CVE-2011-1107", "CVE-2011-1110", "CVE-2011-1109", "CVE-2011-1116", "CVE-2011-1125", "CVE-2011-1122", "CVE-2011-1115", "CVE-2011-1114", "CVE-2011-1123", "CVE-2011-1112", "CVE-2011-1124", "CVE-2011-1117", "CVE-2011-1111", "CVE-2011-1121", "CVE-2011-1119", "CVE-2011-1118", "CVE-2011-1108"], "modified": "2017-09-01T00:00:00", "id": "OPENVAS:801855", "href": "http://plugins.openvas.org/nasl.php?oid=801855", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln_mar11_win.nasl 7044 2017-09-01 11:50:59Z teissa $\n#\n# Google Chrome multiple vulnerabilities - March 11 (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code\n in the context of the browser, perform spoofing attacks, or cause denial of\n service condition.\n Impact Level: Application\";\ntag_affected = \"Google Chrome version prior to 9.0.597.107 on Windows\";\ntag_insight = \"- An unspecified error related to the URL bar can be exploited to conduct\n spoofing attacks.\n - An unspecified error exists in the handling of JavaScript dialogs.\n - An error when handling stylesheet nodes can lead to a stale pointer.\n - An error when handling key frame rules can lead to a stale pointer.\n - An unspecified error exists in the handling of form controls.\n - An unspecified error exists while rendering SVG content.\n - An unspecified error in table handling can lead to a stale node.\n - An unspecified error in table rendering can lead to a stale pointer.\n - An unspecified error in SVG animations can lead to a stale pointer.\n - An unspecified error when handling XHTML can lead to a stale node.\n - An unspecified error exists in the textarea handling.\n - An unspecified error when handling device orientation can lead to a stale\n pointer.\n - An unspecified error in WebGL can be exploited to cause out-of-bounds reads.\n - An integer overflow exists in the textarea handling.\n - An unspecified error in WebGL can be exploited to cause out-of-bounds reads.\n - An unspecified error can lead to exposure of internal extension functions.\n - A use-after-free error exists within the handling of blocked plug-ins.\n - An unspecified error when handling layouts can lead to a stale pointer.\";\ntag_solution = \"Upgrade to the Google Chrome 9.0.597.107 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(801855);\n script_version(\"$Revision: 7044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-01 13:50:59 +0200 (Fri, 01 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-04 14:32:35 +0100 (Fri, 04 Mar 2011)\");\n script_bugtraq_id(46614);\n script_cve_id(\"CVE-2011-1107\", \"CVE-2011-1108\", \"CVE-2011-1109\", \"CVE-2011-1110\",\n \"CVE-2011-1111\", \"CVE-2011-1112\", \"CVE-2011-1114\", \"CVE-2011-1115\",\n \"CVE-2011-1116\", \"CVE-2011-1117\", \"CVE-2011-1118\", \"CVE-2011-1119\",\n \"CVE-2011-1120\", \"CVE-2011-1121\", \"CVE-2011-1122\", \"CVE-2011-1123\",\n \"CVE-2011-1124\", \"CVE-2011-1125\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome multiple vulnerabilities - March 11 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_require_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 9.0.597.107\nif(version_is_less(version:chromeVer, test_version:\"9.0.597.107\")){\n security_message(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-04T14:20:09", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-03-04T00:00:00", "type": "openvas", "title": "Google Chrome multiple vulnerabilities - March 11 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1120", "CVE-2011-1107", "CVE-2011-1110", "CVE-2011-1109", "CVE-2011-1116", "CVE-2011-1125", "CVE-2011-1122", "CVE-2011-1115", "CVE-2011-1114", "CVE-2011-1123", "CVE-2011-1112", "CVE-2011-1124", "CVE-2011-1117", "CVE-2011-1111", "CVE-2011-1121", "CVE-2011-1119", "CVE-2011-1118", "CVE-2011-1108"], "modified": "2017-08-30T00:00:00", "id": "OPENVAS:801856", "href": "http://plugins.openvas.org/nasl.php?oid=801856", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln_mar11_lin.nasl 7024 2017-08-30 11:51:43Z teissa $\n#\n# Google Chrome multiple vulnerabilities - March 11 (Linux)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code\n in the context of the browser, perform spoofing attacks, or cause denial of\n service condition.\n Impact Level: Application\";\ntag_affected = \"Google Chrome version prior to 9.0.597.107 on Linux\";\ntag_insight = \"- An unspecified error related to the URL bar can be exploited to conduct\n spoofing attacks.\n - An unspecified error exists in the handling of JavaScript dialogs.\n - An error when handling stylesheet nodes can lead to a stale pointer.\n - An error when handling key frame rules can lead to a stale pointer.\n - An unspecified error exists in the handling of form controls.\n - An unspecified error exists while rendering SVG content.\n - An unspecified error in table handling can lead to a stale node.\n - An unspecified error in table rendering can lead to a stale pointer.\n - An unspecified error in SVG animations can lead to a stale pointer.\n - An unspecified error when handling XHTML can lead to a stale node.\n - An unspecified error exists in the textarea handling.\n - An unspecified error when handling device orientation can lead to a stale\n pointer.\n - An unspecified error in WebGL can be exploited to cause out-of-bounds reads.\n - An integer overflow exists in the textarea handling.\n - An unspecified error in WebGL can be exploited to cause out-of-bounds reads.\n - An unspecified error can lead to exposure of internal extension functions.\n - A use-after-free error exists within the handling of blocked plug-ins.\n - An unspecified error when handling layouts can lead to a stale pointer.\";\ntag_solution = \"Upgrade to the Google Chrome 9.0.597.107 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(801856);\n script_version(\"$Revision: 7024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-30 13:51:43 +0200 (Wed, 30 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-04 14:32:35 +0100 (Fri, 04 Mar 2011)\");\n script_bugtraq_id(46614);\n script_cve_id(\"CVE-2011-1107\", \"CVE-2011-1108\", \"CVE-2011-1109\", \"CVE-2011-1110\",\n \"CVE-2011-1111\", \"CVE-2011-1112\", \"CVE-2011-1114\", \"CVE-2011-1115\",\n \"CVE-2011-1116\", \"CVE-2011-1117\", \"CVE-2011-1118\", \"CVE-2011-1119\",\n \"CVE-2011-1120\", \"CVE-2011-1121\", \"CVE-2011-1122\", \"CVE-2011-1123\",\n \"CVE-2011-1124\", \"CVE-2011-1125\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome multiple vulnerabilities - March 11 (Linux)\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_require_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 9.0.597.107\nif(version_is_less(version:chromeVer, test_version:\"9.0.597.107\")){\n security_message(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-27T19:22:53", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-02-17T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0984", "CVE-2011-0981", "CVE-2011-0982", "CVE-2011-0983", "CVE-2011-0985"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310801747", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801747", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801747\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-02-17 16:08:28 +0100 (Thu, 17 Feb 2011)\");\n script_cve_id(\"CVE-2011-0981\", \"CVE-2011-0982\", \"CVE-2011-0983\",\n \"CVE-2011-0984\", \"CVE-2011-0985\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows)\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html\");\n\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to cause denial-of-service.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 9.0.597.94\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - Not properly performing event handling for animations\n\n - a use-after-free error in SVG font faces\n\n - Not properly handling anonymous blocks\n\n - Out-of-bounds read in plug-in handling\n\n - Not properly performing process termination upon memory exhaustion\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 9.0.597.94 or later.\");\n script_tag(name:\"summary\", value:\"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"9.0.597.94\")){\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"9.0.597.94\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-27T19:22:57", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-02-17T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0984", "CVE-2011-0981", "CVE-2011-0982", "CVE-2011-0983", "CVE-2011-0985"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310801748", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801748", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801748\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-02-17 16:08:28 +0100 (Thu, 17 Feb 2011)\");\n script_cve_id(\"CVE-2011-0981\", \"CVE-2011-0982\", \"CVE-2011-0983\",\n \"CVE-2011-0984\", \"CVE-2011-0985\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Linux)\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html\");\n\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to cause denial-of-service.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 9.0.597.94\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - Not properly performing event handling for animations\n\n - Use-after-free error in SVG font faces\n\n - Not properly handling anonymous blocks\n\n - Out-of-bounds read in plug-in handling\n\n - Not properly performing process termination upon memory exhaustion\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 9.0.597.94 or later.\");\n script_tag(name:\"summary\", value:\"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"9.0.597.94\")){\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"9.0.597.94\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:20:11", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-02-17T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0984", "CVE-2011-0981", "CVE-2011-0982", "CVE-2011-0983", "CVE-2011-0985"], "modified": "2017-08-28T00:00:00", "id": "OPENVAS:801747", "href": "http://plugins.openvas.org/nasl.php?oid=801747", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_dos_vuln_feb11_win.nasl 7015 2017-08-28 11:51:24Z teissa $\n#\n# Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to cause denial-of-service.\n Impact Level: Application\";\ntag_affected = \"Google Chrome version prior to 9.0.597.94\";\ntag_insight = \"The flaws are due to\n - Not properly performing event handling for animations\n - a use-after-free error in SVG font faces\n - Not properly handling anonymous blocks\n - Out-of-bounds read in plug-in handling\n - Not properly performing process termination upon memory exhaustion\";\ntag_solution = \"Upgrade to the Google Chrome 9.0.597.94 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(801747);\n script_version(\"$Revision: 7015 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-28 13:51:24 +0200 (Mon, 28 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-17 16:08:28 +0100 (Thu, 17 Feb 2011)\");\n script_cve_id(\"CVE-2011-0981\", \"CVE-2011-0982\", \"CVE-2011-0983\",\n \"CVE-2011-0984\", \"CVE-2011-0985\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows)\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_require_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 9.0.597.94\nif(version_is_less(version:chromeVer, test_version:\"9.0.597.94\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-04T14:19:57", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-02-17T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0984", "CVE-2011-0981", "CVE-2011-0982", "CVE-2011-0983", "CVE-2011-0985"], "modified": "2017-08-28T00:00:00", "id": "OPENVAS:801748", "href": "http://plugins.openvas.org/nasl.php?oid=801748", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_dos_vuln_feb11_lin.nasl 7015 2017-08-28 11:51:24Z teissa $\n#\n# Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to cause denial-of-service.\n Impact Level: Application\";\ntag_affected = \"Google Chrome version prior to 9.0.597.94\";\ntag_insight = \"The flaws are due to\n - Not properly performing event handling for animations\n - Use-after-free error in SVG font faces\n - Not properly handling anonymous blocks\n - Out-of-bounds read in plug-in handling\n - Not properly performing process termination upon memory exhaustion\";\ntag_solution = \"Upgrade to the Google Chrome 9.0.597.94 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(801748);\n script_version(\"$Revision: 7015 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-28 13:51:24 +0200 (Mon, 28 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-17 16:08:28 +0100 (Thu, 17 Feb 2011)\");\n script_cve_id(\"CVE-2011-0981\", \"CVE-2011-0982\", \"CVE-2011-0983\",\n \"CVE-2011-0984\", \"CVE-2011-0985\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Linux)\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_require_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 9.0.597.94\nif(version_is_less(version:chromeVer, test_version:\"9.0.597.94\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-27T19:22:47", "description": "The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to code execution vulnerability.", "cvss3": {}, "published": "2011-10-04T00:00:00", "type": "openvas", "title": "Mozilla Products 'YARR' Code Execution Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3232"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310802173", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802173", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Products 'YARR' Code Execution Vulnerability (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802173\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-10-04 16:55:13 +0200 (Tue, 04 Oct 2011)\");\n script_cve_id(\"CVE-2011-3232\");\n script_bugtraq_id(49850);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products 'YARR' Code Execution Vulnerability (Windows)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/46171/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-42.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\",\n \"gb_seamonkey_detect_win.nasl\",\n \"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to execute arbitrary code in the\n context of the user running the affected application.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version prior to 2.4\n Thunderbird version prior to 7.0\n Mozilla Firefox version prior to 7\");\n script_tag(name:\"insight\", value:\"The flaw is due to an unspecified error within the YARR regular\n expression library can be exploited to corrupt memory.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to code execution vulnerability.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 7 or later, Upgrade to SeaMonkey version to 2.4 or later,\n Upgrade to Thunderbird version to 7.0 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/projects/seamonkey/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"7.0\")){\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"7.0\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nseaVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(seaVer)\n{\n if(version_is_less(version:seaVer, test_version:\"2.4\"))\n {\n report = report_fixed_ver(installed_version:seaVer, fixed_version:\"2.4\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer != NULL)\n{\n if(version_is_less(version:tbVer, test_version:\"7.0\")){\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"7.0\");\n security_message(port: 0, data: report);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-27T19:22:25", "description": "The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to code execution vulnerability.", "cvss3": {}, "published": "2011-10-14T00:00:00", "type": "openvas", "title": "Mozilla Products 'YARR' Code Execution Vulnerability (MAC OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3232"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310802184", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802184", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Products 'YARR' Code Execution Vulnerability (MAC OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802184\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_cve_id(\"CVE-2011-3232\");\n script_bugtraq_id(49850);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products 'YARR' Code Execution Vulnerability (MAC OS X)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/46171/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-42.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Mac/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to execute arbitrary code in the\n context of the user running the affected application.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version prior to 2.4\n Thunderbird version prior to 7.0\n Mozilla Firefox version prior to 7\");\n script_tag(name:\"insight\", value:\"The flaw is due to an unspecified error within the YARR regular\n expression library can be exploited to corrupt memory.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to code execution vulnerability.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 7 or later, Upgrade to SeaMonkey version to 2.4 or later,\n Upgrade to Thunderbird version to 7.0 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/projects/seamonkey/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Mozilla/Firefox/MacOSX/Version\");\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"7.0\"))\n {\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"7.0\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nseaVer = get_kb_item(\"SeaMonkey/MacOSX/Version\");\nif(seaVer)\n{\n if(version_is_less(version:seaVer, test_version:\"2.4\"))\n {\n report = report_fixed_ver(installed_version:seaVer, fixed_version:\"2.4\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\ntbVer = get_kb_item(\"Thunderbird/MacOSX/Version\");\nif(tbVer != NULL)\n{\n if(version_is_less(version:tbVer, test_version:\"7.0\")){\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"7.0\");\n security_message(port: 0, data: report);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:19:33", "description": "The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to code execution vulnerability.", "cvss3": {}, "published": "2011-10-04T00:00:00", "type": "openvas", "title": "Mozilla Products 'YARR' Code Execution Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3232"], "modified": "2017-08-29T00:00:00", "id": "OPENVAS:802173", "href": "http://plugins.openvas.org/nasl.php?oid=802173", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_yarr_code_exec_vuln_win.nasl 7019 2017-08-29 11:51:27Z teissa $\n#\n# Mozilla Products 'YARR' Code Execution Vulnerability (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to Mozilla Firefox version 7 or later,\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\n\n Upgrade to SeaMonkey version to 2.4 or later\n http://www.mozilla.org/projects/seamonkey/\n\n Upgrade to Thunderbird version to 7.0 or later\n http://www.mozilla.org/en-US/thunderbird/\";\n\ntag_impact = \"Successful exploitation will let attackers to execute arbitrary code in the\n context of the user running the affected application.\n Impact Level: System/Application\";\ntag_affected = \"SeaMonkey version prior to 2.4\n Thunderbird version prior to 7.0\n Mozilla Firefox version prior to 7\";\ntag_insight = \"The flaw is due to an unspecified error within the YARR regular\n expression library can be exploited to corrupt memory.\";\ntag_summary = \"The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to code execution vulnerability.\";\n\nif(description)\n{\n script_id(802173);\n script_version(\"$Revision: 7019 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-29 13:51:27 +0200 (Tue, 29 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-04 16:55:13 +0200 (Tue, 04 Oct 2011)\");\n script_cve_id(\"CVE-2011-3232\");\n script_bugtraq_id(49850);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products 'YARR' Code Execution Vulnerability (Windows)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/46171/\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2011/mfsa2011-42.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\",\n \"gb_seamonkey_detect_win.nasl\",\n \"gb_thunderbird_detect_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Firefox Check\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n # Grep for Firefox version\n if(version_is_less(version:ffVer, test_version:\"7.0\")){\n security_message(0);\n exit(0);\n }\n}\n\n# SeaMonkey Check\nseaVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(seaVer)\n{\n # Grep for SeaMonkey version\n if(version_is_less(version:seaVer, test_version:\"2.4\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Thunderbird Check\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer != NULL)\n{\n # Grep for Thunderbird version\n if(version_is_less(version:tbVer, test_version:\"7.0\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-05T11:22:14", "description": "The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to code execution vulnerability.", "cvss3": {}, "published": "2011-10-14T00:00:00", "type": "openvas", "title": "Mozilla Products 'YARR' Code Execution Vulnerability (MAC OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3232"], "modified": "2017-09-04T00:00:00", "id": "OPENVAS:802184", "href": "http://plugins.openvas.org/nasl.php?oid=802184", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_yarr_code_exec_vuln_macosx.nasl 7052 2017-09-04 11:50:51Z teissa $\n#\n# Mozilla Products 'YARR' Code Execution Vulnerability (MAC OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to Mozilla Firefox version 7 or later,\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\n\n Upgrade to SeaMonkey version to 2.4 or later\n http://www.mozilla.org/projects/seamonkey/\n\n Upgrade to Thunderbird version to 7.0 or later\n http://www.mozilla.org/en-US/thunderbird/\";\n\ntag_impact = \"Successful exploitation will let attackers to execute arbitrary code in the\n context of the user running the affected application.\n Impact Level: System/Application\";\ntag_affected = \"SeaMonkey version prior to 2.4\n Thunderbird version prior to 7.0\n Mozilla Firefox version prior to 7\";\ntag_insight = \"The flaw is due to an unspecified error within the YARR regular\n expression library can be exploited to corrupt memory.\";\ntag_summary = \"The host is installed with Mozilla firefox/thunderbird/seamonkey\n and is prone to code execution vulnerability.\";\n\nif(description)\n{\n script_id(802184);\n script_version(\"$Revision: 7052 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-04 13:50:51 +0200 (Mon, 04 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_cve_id(\"CVE-2011-3232\");\n script_bugtraq_id(49850);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products 'YARR' Code Execution Vulnerability (MAC OS X)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/46171/\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2011/mfsa2011-42.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Mac/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Firefox Check\nffVer = get_kb_item(\"Mozilla/Firefox/MacOSX/Version\");\nif(ffVer)\n{\n # Grep for Firefox version\n if(version_is_less(version:ffVer, test_version:\"7.0\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# SeaMonkey Check\nseaVer = get_kb_item(\"SeaMonkey/MacOSX/Version\");\nif(seaVer)\n{\n # Grep for SeaMonkey version\n if(version_is_less(version:seaVer, test_version:\"2.4\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Thunderbird Check\ntbVer = get_kb_item(\"ThunderBird/MacOSX/Version\");\nif(tbVer != NULL)\n{\n # Grep for Thunderbird version\n if(version_is_less(version:tbVer, test_version:\"7.0\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:58:52", "description": "CVE ID: CVE-2010-1823,CVE-2011-0164,CVE-2011-0200,CVE-2011-0204,CVE-2011-0215,CVE-2011-0218,CVE-2011-0221,CVE-2011-0222,CVE-2011-0223,CVE-2011-0225,CVE-2011-0232,CVE-2011-0233,CVE-2011-0234,CVE-2011-0235,CVE-2011-0237,CVE-2011-0238,CVE-2011-0240,CVE-2011-0253,CVE-2011-0254,CVE-2011-0255,CVE-2011-0259,CVE-2011-0981,CVE-2011-0983,CVE-2011-1109,CVE-2011-1114,CVE-2011-1115,CVE-2011-1117,CVE-2011-1121,CVE-2011-1188,CVE-2011-1203,CVE-2011-1204,CVE-2011-1288,CVE-2011-1293,CVE-2011-1296,CVE-2011-1440,CVE-2011-1449,CVE-2011-1451,CVE-2011-1453,CVE-2011-1457,CVE-2011-1462,CVE-2011-1774,CVE-2011-1797,CVE-2011-2338,CVE-2011-2339,CVE-2011-2341,CVE-2011-2351,CVE-2011-2352,CVE-2011-2354,CVE-2011-2356,CVE-2011-2359,CVE-2011-2788,CVE-2011-2790,CVE-2011-2792,CVE-2011-2797,CVE-2011-2799,CVE-2011-2809,CVE-2011-2811,CVE-2011-2813,CVE-2011-2814,CVE-2011-2815,CVE-2011-2816,CVE-2011-2817,CVE-2011-2818,CVE-2011-2820,CVE-2011-2823,CVE-2011-2827,CVE-2011-2831,CVE-2011-3219,CVE-2011-3232,CVE-2011-3233,CVE-2011-3234,CVE-2011-3235,CVE-2011-3236,CVE-2011-3237,CVE-2011-3238,CVE-2011-3239,CVE-2011-3241,CVE-2011-3244,CVE-2011-3252\r\n\r\niTunes\u662f\u4e00\u6b3e\u5a92\u4f53\u64ad\u653e\u5668\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c2001\u5e741\u670810\u65e5\u7531\u82f9\u679c\u7535\u8111\u5728\u65e7\u91d1\u5c71\u7684Macworld Expo\u63a8\u51fa\uff0c\u7528\u6765\u64ad\u653e\u4ee5\u53ca\u7ba1\u7406\u6570\u5b57\u97f3\u4e50\u548c\u4e0e\u89c6\u9891\u6587\u4ef6\uff0c\u662f\u7ba1\u7406\u82f9\u679ciPod\u7684\u6587\u4ef6\u7684\u4e3b\u8981\u5de5\u5177\u3002\r\n\r\nApple iTunes\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u53ef\u88ab\u6076\u610f\u7528\u6237\u5229\u7528\u6cc4\u9732\u654f\u611f\u4fe1\u606f\uff0c\u64cd\u4f5c\u67d0\u4e9b\u6570\u636e\u3001\u6267\u884c\u8de8\u7ad9\u811a\u672c\u548c\u6b3a\u9a97\u653b\u51fb\u3001\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u3001\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n1\uff09\u5728\u5904\u7406\u5b57\u7b26\u4e32\u6807\u5fd7\u5316\u65f6\uff0cCoreFoundation\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u901a\u8fc7\u4e2d\u95f4\u4eba\u653b\u51fb\u7834\u574f\u5185\u5b58\u3002\r\n\r\n2\uff09\u5904\u7406AAC\u6d41\u65f6CoreAudio\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u53ef\u9020\u6210\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\n\r\n3\uff09\u5904\u7406H.264\u7f16\u7801\u6587\u4ef6\u65f6CoreMedia\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u53ef\u9020\u6210\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\n\r\n4\uff09\u4f7f\u7528AddressSanitizer\u65f6WebKit\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u53ef\u9020\u6210\u5185\u5b58\u7834\u574f\uff1b\r\n\r\n5\uff09WebKit\u7ec4\u4ef6\u7684\u591a\u4e2a\u9519\u8bef\u53ef\u88ab\u5229\u7528\u7834\u574f\u5185\u5b58\u3002\n\nApple iTunes 10.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "cvss3": {}, "published": "2011-10-13T00:00:00", "title": "Apple iTunes\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2010-1823", "CVE-2011-0164", "CVE-2011-0200", "CVE-2011-0204", "CVE-2011-0215", "CVE-2011-0218", "CVE-2011-0221", "CVE-2011-0222", "CVE-2011-0223", "CVE-2011-0225", "CVE-2011-0232", "CVE-2011-0233", "CVE-2011-0234", "CVE-2011-0235", "CVE-2011-0237", "CVE-2011-0238", "CVE-2011-0240", "CVE-2011-0253", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0259", "CVE-2011-0981", "CVE-2011-0983", "CVE-2011-1109", "CVE-2011-1114", "CVE-2011-1115", "CVE-2011-1117", "CVE-2011-1121", "CVE-2011-1188", "CVE-2011-1203", "CVE-2011-1204", "CVE-2011-1288", "CVE-2011-1293", "CVE-2011-1296", "CVE-2011-1440", "CVE-2011-1449", "CVE-2011-1451", "CVE-2011-1453", "CVE-2011-1457", "CVE-2011-1462", "CVE-2011-1774", "CVE-2011-1797", "CVE-2011-2338", "CVE-2011-2339", "CVE-2011-2341", "CVE-2011-2351", "CVE-2011-2352", "CVE-2011-2354", "CVE-2011-2356", "CVE-2011-2359", "CVE-2011-2788", "CVE-2011-2790", "CVE-2011-2792", "CVE-2011-2797", "CVE-2011-2799", "CVE-2011-2809", "CVE-2011-2811", "CVE-2011-2813", "CVE-2011-2814", "CVE-2011-2815", "CVE-2011-2816", "CVE-2011-2817", "CVE-2011-2818", "CVE-2011-2820", "CVE-2011-2823", "CVE-2011-2827", "CVE-2011-2831", "CVE-2011-3219", "CVE-2011-3232", "CVE-2011-3233", "CVE-2011-3234", "CVE-2011-3235", "CVE-2011-3236", "CVE-2011-3237", "CVE-2011-3238", "CVE-2011-3239", "CVE-2011-3241", "CVE-2011-3244", "CVE-2011-3252"], "modified": "2011-10-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-21013", "id": "SSV:21013", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T18:07:10", "description": "BUGTRAQ ID: 48808\r\nCVE ID: CVE-2011-0218,CVE-2011-0221,CVE-2011-0222,CVE-2011-0225,CVE-2011-0232,CVE-2011-0233,CVE-2011-0234,CVE-2011-0235,CVE-2011-0237,CVE-2011-0238,CVE-2011-0240,CVE-2011-0253,CVE-2011-0254,CVE-2011-0255,CVE-2011-1288,CVE-2011-1453,CVE-2011-1457,CVE-2011-1462,CVE-2011-1797\r\n\r\nSafari\u662f\u82f9\u679c\u8ba1\u7b97\u673a\u7684\u6700\u65b0\u4f5c\u4e1a\u7cfb\u7edfMac OS X\u4e2d\u7684\u6d4f\u89c8\u5668\uff0c\u4f7f\u7528\u4e86KDE\u7684KHTML\u4f5c\u4e3a\u6d4f\u89c8\u5668\u7684\u8fd0\u7b97\u6838\u5fc3\u3002\r\n\r\n5.1\u548c5.0.6\u4e4b\u524d\u7248\u672c\u7684Safari\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u6d4f\u89c8\u6076\u610f\u7f51\u9875\uff0c\u9020\u6210\u4fe1\u606f\u6cc4\u9732\uff0c\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\uff0c\u62d2\u7edd\u670d\u52a1\u6216\u5176\u4ed6\u3002\n\nApple Safari 5.x\r\nApple Safari 4.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "cvss3": {}, "published": "2011-07-22T00:00:00", "type": "seebug", "title": "Apple Safari 5.1\u548c5.0.6\u4e4b\u524d\u7248\u672c\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-0218", "CVE-2011-0221", "CVE-2011-0222", "CVE-2011-0225", "CVE-2011-0232", "CVE-2011-0233", "CVE-2011-0234", "CVE-2011-0235", "CVE-2011-0237", "CVE-2011-0238", "CVE-2011-0240", "CVE-2011-0253", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-1288", "CVE-2011-1453", "CVE-2011-1457", "CVE-2011-1462", "CVE-2011-1797"], "modified": "2011-07-22T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20751", "id": "SSV:20751", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:58:12", "description": "BUGTRAQ ID: 50068\r\nCVE ID: CVE-2011-3219\r\n\r\nMac OS X\u662f\u82f9\u679c\u5bb6\u65cf\u673a\u5668\u6240\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple Mac OS X\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u6b64\u6f0f\u6d1e\u53ef\u5f71\u54cdCoreMedia\u7ec4\u4ef6\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u4ee5\u5f53\u524d\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n\u5f53\u89e3\u6790H.264\u6d41\u7684Sequence Parameter Set\u6570\u636e\u65f6\uff0c\u4f1a\u8bfb\u53d6\u5e27\u526a\u88c1\u504f\u79fb\u5b57\u6bb5\uff0c\u5f53\u8fd9\u4e9b\u5b57\u6bb5\u5305\u542b\u9519\u8bef\u6570\u636e\u65f6\uff0cQuicktime\u4f1a\u6700\u7ec8\u5728\u89c6\u9891\u6d41\u6240\u5206\u914d\u7684\u7f13\u51b2\u533a\u4e4b\u5916\u5199\u5165\uff0c\u9020\u6210\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\n\nApple Mac OS X 10.x\r\nApple MacOS X Server 10.6.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "cvss3": {}, "published": "2011-10-27T00:00:00", "title": "Apple Mac OS X CoreMedia H.264\u7f16\u7801\u89c6\u9891\u6587\u4ef6\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-3219"], "modified": "2011-10-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-23138", "id": "SSV:23138", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:58:11", "description": "BUGTRAQ ID: 50065\r\nCVE ID: CVE-2011-3252\r\n\r\niTunes\u662f\u4e00\u6b3e\u5a92\u4f53\u64ad\u653e\u5668\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c2001\u5e741\u670810\u65e5\u7531\u82f9\u679c\u7535\u8111\u5728\u65e7\u91d1\u5c71\u7684Macworld Expo\u63a8\u51fa\uff0c\u7528\u6765\u64ad\u653e\u4ee5\u53ca\u7ba1\u7406\u6570\u5b57\u97f3\u4e50\u548c\u4e0e\u89c6\u9891\u6587\u4ef6\uff0c\u662f\u7ba1\u7406\u82f9\u679ciPod\u7684\u6587\u4ef6\u7684\u4e3b\u8981\u5de5\u5177\u3002\r\n\r\nApple iTunes\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u53ef\u80fd\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\r\n\r\n\u6b64\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u89e3\u6790\u9ad8\u7ea7\u97f3\u9891\u89e3\u7801\u5668\u7f16\u7801\u7684\u97f3\u9891\u6d41\u7684\u65b9\u5f0f\uff0c\u4f1a\u8bfb\u53d6\u6587\u4ef6\u4e2d\u7684\u5b57\u6bb5\u4ee5\u8ba1\u7b97\u957f\u5ea6\uff0c\u7a0d\u540e\u4f1a\u7528\u5728\u5185\u5b58\u590d\u5236\u5230\u9759\u6001\u7f13\u51b2\u533a\u64cd\u4f5c\u4e2d\u3002\n\nApple iTunes 10.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "published": "2011-10-27T00:00:00", "title": "Apple iTunes CoreAudio\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-3252"], "modified": "2011-10-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-23137", "id": "SSV:23137", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "securityvulns": [{"lastseen": "2018-08-31T11:10:42", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-11-1 iTunes 10.5\r\n\r\niTunes 10.5 is now available and addresses the following:\r\n\r\nCoreFoundation\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A man-in-the-middle attack may lead to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nstring tokenization. This issue does not affect OS X Lion systems.\r\nFor Mac OS X v10.6 systems, this issue is addressed in Security\r\nUpdate 2011-006.\r\nCVE-ID\r\nCVE-2011-0259 : Apple\r\n\r\nColorSync\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution\r\nDescription: An integer overflow existed in the handling of images\r\nwith an embedded ColorSync profile, which may lead to a heap buffer\r\noverflow. Opening a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0200 : binaryproof working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreAudio\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing maliciously crafted audio content may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of audio\r\nstream encoded with the advanced audio code. This issue does not\r\naffect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreMedia\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of H.264\r\nencoded movie files. For OS X Lion systems, this issue is addressed\r\nin OS X Lion v10.7.2. For Mac OS X v10.6 systems, this issue is\r\naddressed in Security Update 2011-006.\r\nCVE-ID\r\nCVE-2011-3219 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nTIFF images. This issue does not affect OS X Lion systems. For Mac OS\r\nX v10.6 systems, this issue is addressed in Mac OS X v10.6.8.\r\nCVE-ID\r\nCVE-2011-0204 : Dominic Chell of NGS Secure\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A reentrancy issue existed in ImageIO's handling of\r\nTIFF images. This issue does not affect Mac OS X systems.\r\nCVE-ID\r\nCVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP\r\n\r\nWebKit\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may lead to an unexpected application termination or\r\narbitrary code execution.\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nCVE-ID\r\nCVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability\r\nResearch (MSVR), wushi of team509, and Yong Li of Research In Motion\r\nLtd\r\nCVE-2011-0164 : Apple\r\nCVE-2011-0218 : SkyLined of Google Chrome Security Team\r\nCVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS\r\nResearch Team, and Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with\r\niDefense VCP\r\nCVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative\r\nCVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-0234 : Rob King working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with iDefense VCP\r\nCVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0237 : wushi of team509 working with iDefense VCP\r\nCVE-2011-0238 : Adam Barth of Google Chrome Security Team\r\nCVE-2011-0240 : wushi of team509 working with iDefense VCP\r\nCVE-2011-0253 : Richard Keen\r\nCVE-2011-0254 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0255 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc\r\nCVE-2011-0983 : Martin Barbella\r\nCVE-2011-1109 : Sergey Glazunov\r\nCVE-2011-1114 : Martin Barbella\r\nCVE-2011-1115 : Martin Barbella\r\nCVE-2011-1117 : wushi of team509\r\nCVE-2011-1121 : miaubiz\r\nCVE-2011-1188 : Martin Barbella\r\nCVE-2011-1203 : Sergey Glazunov\r\nCVE-2011-1204 : Sergey Glazunov\r\nCVE-2011-1288 : Andreas Kling of Nokia\r\nCVE-2011-1293 : Sergey Glazunov\r\nCVE-2011-1296 : Sergey Glazunov\r\nCVE-2011-1440 : Jose A. Vazquez of spa-s3c.blogspot.com\r\nCVE-2011-1449 : Marek Majkowski\r\nCVE-2011-1451 : Sergey Glazunov\r\nCVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-1457 : John Knottenbelt of Google\r\nCVE-2011-1462 : wushi of team509\r\nCVE-2011-1797 : wushi of team509\r\nCVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2339 : Cris Neckar of the Google Chrome Security Team\r\nCVE-2011-2341 : Apple\r\nCVE-2011-2351 : miaubiz\r\nCVE-2011-2352 : Apple\r\nCVE-2011-2354 : Apple\r\nCVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome\r\nSecurity Team using AddressSanitizer\r\nCVE-2011-2359 : miaubiz\r\nCVE-2011-2788 : Mikolaj Malecki of Samsung\r\nCVE-2011-2790 : miaubiz\r\nCVE-2011-2792 : miaubiz\r\nCVE-2011-2797 : miaubiz\r\nCVE-2011-2799 : miaubiz\r\nCVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-2811 : Apple\r\nCVE-2011-2813 : Cris Neckar of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2815 : SkyLined of Google Chrome Security Team\r\nCVE-2011-2816 : Apple\r\nCVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2818 : Martin Barbella\r\nCVE-2011-2820 : Raman Tenneti and Philip Rogers of Google\r\nCVE-2011-2823 : SkyLined of Google Chrome Security Team\r\nCVE-2011-2827 : miaubiz\r\nCVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3232 : Aki Helin of OUSPG\r\nCVE-2011-3233 : Sadrul Habib Chowdhury of the Chromium development\r\ncommunity, Cris Neckar and Abhishek Arya (Inferno) of Google Chrome\r\nSecurity Team\r\nCVE-2011-3234 : miaubiz\r\nCVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3238 : Martin Barbella\r\nCVE-2011-3239 : Slawomir Blazek\r\nCVE-2011-3241 : Apple\r\nCVE-2011-3244 : vkouchna\r\n\r\nWebKit\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A man-in-the-middle attack may lead to arbitrary code\r\nexecution\r\nDescription: A configuration issue existed in WebKit's use of\r\nlibxslt. A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may lead to arbitrary files being created with the\r\nprivileges of the user, which may lead to arbitrary code execution.\r\nThis issue is addressed through improved libxslt security settings.\r\nCVE-ID\r\nCVE-2011-1774 : Nicolas Gregoire of Agarri\r\n\r\n\r\niTunes 10.5 may be obtained from:\r\nhttp://www.apple.com/itunes/download/\r\n\r\nFor Windows XP / Vista / Windows 7:\r\nThe download file is named: "iTunesSetup.exe"\r\nIts SHA-1 digest is: 1205cda4ce9a32db2fe02cf9f2cf2c0bf7d47bdb\r\n\r\nFor 64-bit Windows XP / Vista / Windows 7:\r\nThe download file is named: "iTunes64Setup.exe"\r\nIts SHA-1 digest is: ab400ad27a537613b3b5306ea026763a93d57fdf\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOlHiHAAoJEGnF2JsdZQee3qwH/0lwVfV3mYVgDxPYfnJlPVF/\r\n2LNjJjmafyNdzSoOOyL9bn5QZqdDlvHCkjgpsq+yX7//8bF/kN7qj3jNBh2qMFCa\r\ncTqIpRnJP5G1GwCdWCep6ZS9NNcv7pADcuoLrHJAHyFE+BlTSNJPkiD3noJiBBuQ\r\nj6CZl5If05rDY7fhspQ6zTlJ7NzzyTIrGM1aJXur2wawVhEALO56gb7+GzGeORax\r\nzU0Jafu9OL8naPfXOFRCvqGXyGBEW0VeWzGqaudDvui1LA5djp6B5AknuE4Xlotq\r\nfXPtwmylQ3B4OaBkoavqPI/UwKkQe0Bn/EsTHf4Pxeo+11CLwRg+JgLCanXRpqw=\r\n=12aV\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2011-10-16T00:00:00", "type": "securityvulns", "title": "APPLE-SA-2011-10-11-1 iTunes 10.5", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-2827", "CVE-2011-1293", "CVE-2011-0221", "CVE-2011-2790", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0259", "CVE-2011-2352", "CVE-2011-2792", "CVE-2010-1823", "CVE-2011-0215", "CVE-2011-2339", "CVE-2011-3234", "CVE-2011-1462", "CVE-2011-1451", "CVE-2011-0238", "CVE-2011-3233", "CVE-2011-0204", "CVE-2011-0223", "CVE-2011-1440", "CVE-2011-2359", "CVE-2011-1109", "CVE-2011-1457", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3241", "CVE-2011-0240", "CVE-2011-1204", "CVE-2011-2820", "CVE-2011-0218", "CVE-2011-0164", "CVE-2011-0254", "CVE-2011-2797", "CVE-2011-0255", "CVE-2011-1296", "CVE-2011-0981", "CVE-2011-2811", "CVE-2011-2788", "CVE-2011-3239", "CVE-2011-1115", "CVE-2011-3252", "CVE-2011-3244", "CVE-2011-1114", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-3238", "CVE-2011-1203", "CVE-2011-2356", "CVE-2011-0983", "CVE-2011-0222", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-2831", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-3232", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-2815", "CVE-2011-3237", "CVE-2011-3219", "CVE-2011-0253", "CVE-2011-1117", "CVE-2011-0200", "CVE-2011-0232", "CVE-2011-2814", "CVE-2011-1449", "CVE-2011-1121", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-1774", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-1188", "CVE-2011-0235", "CVE-2011-2809", "CVE-2011-2341"], "modified": "2011-10-16T00:00:00", "id": "SECURITYVULNS:DOC:27156", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27156", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:18:15", "description": "Multiple security vulnerabilities on different media formats parsing.", "cvss3": {}, "published": "2011-10-16T00:00:00", "type": "securityvulns", "title": "Apple iTunes multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-2827", "CVE-2011-1293", "CVE-2011-0221", "CVE-2011-2790", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0259", "CVE-2011-2352", "CVE-2011-2792", "CVE-2010-1823", "CVE-2011-0215", "CVE-2011-2339", "CVE-2011-3234", "CVE-2011-1462", "CVE-2011-1451", "CVE-2011-0238", "CVE-2011-3233", "CVE-2011-0204", "CVE-2011-0223", "CVE-2011-1440", "CVE-2011-2359", "CVE-2011-1109", "CVE-2011-1457", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3241", "CVE-2011-0240", "CVE-2011-1204", "CVE-2011-2820", "CVE-2011-0218", "CVE-2011-0164", "CVE-2011-0254", "CVE-2011-2797", "CVE-2011-0255", "CVE-2011-1296", "CVE-2011-0981", "CVE-2011-2811", "CVE-2011-2788", "CVE-2011-3239", "CVE-2011-1115", "CVE-2011-3252", "CVE-2011-3244", "CVE-2011-1114", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-3238", "CVE-2011-1203", "CVE-2011-2356", "CVE-2011-0983", "CVE-2011-0222", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-2831", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-3232", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-2815", "CVE-2011-3237", "CVE-2011-3219", "CVE-2011-0253", "CVE-2011-1117", "CVE-2011-0200", "CVE-2011-0232", "CVE-2011-2814", "CVE-2011-1449", "CVE-2011-1121", "CVE-2011-1294", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-1774", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-1188", "CVE-2011-0235", "CVE-2011-2809", "CVE-2011-2341"], "modified": "2011-10-16T00:00:00", "id": "SECURITYVULNS:VULN:11974", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11974", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:11:44", "description": "Crossite scripting, multiple memory corruption, code execution.", "cvss3": {}, "published": "2011-10-15T00:00:00", "type": "securityvulns", "title": "Apple Safari / WebKit multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-2827", "CVE-2011-3229", "CVE-2011-2790", "CVE-2011-3231", "CVE-2011-2352", "CVE-2011-3240", "CVE-2011-2792", "CVE-2011-2339", "CVE-2011-3234", "CVE-2011-3233", "CVE-2011-1440", "CVE-2011-2359", "CVE-2011-3230", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3241", "CVE-2011-2820", "CVE-2011-2797", "CVE-2011-2811", "CVE-2011-2788", "CVE-2011-3239", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-3238", "CVE-2011-2356", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-2831", "CVE-2011-3232", "CVE-2011-2815", "CVE-2011-3237", "CVE-2011-2814", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-2809", "CVE-2011-2341"], "modified": "2011-10-15T00:00:00", "id": "SECURITYVULNS:VULN:11970", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11970", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-12-4 Safari 5.1.1\r\n\r\nSafari 5.1.1 is now available and addresses the following:\r\n\r\nSafari\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,\r\nXP SP2 or later\r\nImpact: Visiting a malicious website may cause the execution of\r\narbitrary Javascript in the context of installed Safari Extensions\r\nDescription: A directory traversal issue existed in the handling of\r\nsafari-extension:// URLs. Visiting a malicious website may cause\r\nexecution of arbitrary Javascript in the context of installed Safari\r\nExtensions, which may have context-dependent ramifications including\r\nfiles from the user's system being sent to a remote server.\r\nCVE-ID\r\nCVE-2011-3229 : Aaron Sigel of vtty.com\r\n\r\nSafari\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7.2, OS X Lion Server v10.7.2\r\nImpact: Visiting a malicious website may lead to arbitrary code\r\nexecution\r\nDescription: A policy issue existed in the handling of file:// URLs.\r\nThis issue does not affect Windows systems.\r\nCVE-ID\r\nCVE-2011-3230 : Aaron Sigel of vtty.com\r\n\r\nSafari\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Visiting a malicious website may lead to arbitrary code\r\nexecution\r\nDescription: An uninitialized memory access issue existed in the\r\nhandling of SSL certificates. This issue does not affect OS X Lion\r\nsystems or Windows systems.\r\nCVE-ID\r\nCVE-2011-3231 : Jason Broccardo of Fermi National Accelerator\r\nLaboratory\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,\r\nXP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nCVE-ID\r\nCVE-2011-1440 : Jose A. Vazquez of spa-s3c.blogspot.com\r\nCVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2339 : Cris Neckar of the Google Chrome Security Team\r\nCVE-2011-2341 : Apple\r\nCVE-2011-2351 : miaubiz\r\nCVE-2011-2352 : Apple\r\nCVE-2011-2354 : Apple\r\nCVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome\r\nSecurity Team using AddressSanitizer\r\nCVE-2011-2359 : miaubiz\r\nCVE-2011-2788 : Mikolaj Malecki of Samsung\r\nCVE-2011-2790 : miaubiz\r\nCVE-2011-2792 : miaubiz\r\nCVE-2011-2797 : miaubiz\r\nCVE-2011-2799 : miaubiz\r\nCVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-2811 : Apple\r\nCVE-2011-2813 : Cris Neckar of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2815 : SkyLined of Google Chrome Security Team\r\nCVE-2011-2816 : Apple\r\nCVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2818 : Martin Barbella\r\nCVE-2011-2820 : Raman Tenneti and Philip Rogers of Google\r\nCVE-2011-2823 : SkyLined of Google Chrome Security Team\r\nCVE-2011-2827 : miaubiz\r\nCVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3232 : Aki Helin of OUSPG\r\nCVE-2011-3233 : Sadrul Habib Chowdhury of the Chromium development\r\ncommunity, Cris Neckar and Abhishek Arya (Inferno) of Google Chrome\r\nSecurity Team\r\nCVE-2011-3234 : miaubiz\r\nCVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3238 : Martin Barbella\r\nCVE-2011-3239 : Slawomir Blazek\r\nCVE-2011-3241 : Apple\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,\r\nXP SP2 or later\r\nImpact: A maliciously crafted website may be able to track the URLs\r\nthat a user visits within a frame\r\nDescription: A cross-origin issue existed in the handling of the\r\nbeforeload event.\r\nCVE-ID\r\nCVE-2011-2800 : Juho Nurminen\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,\r\nXP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of the\r\nwindow.open method.\r\nCVE-ID\r\nCVE-2011-2805 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,\r\nXP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of the\r\ndocument.documentURI property.\r\nCVE-ID\r\nCVE-2011-2819 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,\r\nXP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of\r\ninactive DOM windows.\r\nCVE-ID\r\nCVE-2011-3243 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7.2, OS X Lion Server v10.7.2\r\nImpact: In Private Browsing mode, cookies may be set even if "Block\r\ncookies" is set to "Always"\r\nDescription: A logic issue existed in the handling of cookies in\r\nPrivate Browsing mode. This issue does not affect Windows systems.\r\nCVE-ID\r\nCVE-2011-3242 : John Adamczyk\r\n\r\n\r\nSafari 5.1.1 is available via the Apple Software Update\r\napplication, or Apple's Safari download site at:\r\nhttp://www.apple.com/safari/download/\r\n\r\nSafari for OS X Lion v10.7.2\r\nThe download file is named: Safari5.1.1Lion.dmg\r\nIts SHA-1 digest is: 368113397d35475a0a4d0b0dbf3b31f543cfb4c5\r\n\r\nSafari for Mac OS X v10.6.8\r\nThe download file is named: Safari5.1.1SnowLeopard.dmg\r\nIts SHA-1 digest is: 4c588d86032ab24984b721354748f028b559fb37\r\n\r\nSafari for Windows 7, Vista or XP\r\nThe download file is named: SafariSetup.exe\r\nIts SHA-1 digest is: 5a2d3e0c0e601938f1d64d517e6a8199cd563d10\r\n\r\nSafari for Windows 7, Vista or XP from the Microsoft Choice Screen\r\nThe download file is named: Safari_Setup.exe\r\nIts SHA-1 digest is: f0094f19b7a6b0a96a4fe6407b0037223ae44b15\r\n\r\nSafari+QuickTime for Windows 7, Vista or XP\r\nThe file is named: SafariQuickTimeSetup.exe\r\nIts SHA-1 digest is: 3dbfe52e5be6409d0ad1fcb22e747963e10db218\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOlLv6AAoJEGnF2JsdZQeeqOUH/RWDBq5xXEegxI+N92+9lB42\r\nJ6ZBcO8rrigAhYz59ZJG0NF8VGZI0DSFI+dxC8XeoKfiamvkaZo1lYGLdqWiTkxz\r\n6ODprWbfGVcwFd9rNeCbIc9E5FV0SRbS1xCv+JnrwR2i2raqgAEWc4CpAcH5mgqT\r\n5G2cWhwS8EMUNXZz/C0IjkfNBAjQ2c9BHVHj0Wid5vyXutju3WOcBXwqcbTpNANI\r\nNiVHf5ucaRep6110riIYazuCdFLCcwZDaySw2n2ZhelliTz1tpCa7uVoJfZjyeyw\r\nxwY/QjLDBTSpUYDTPC//XG7ZswptKHFjrX4KtxD9XTltq5wNGJavJzKf2qa4jrM=\r\n=ZXdu\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2011-10-15T00:00:00", "type": "securityvulns", "title": "APPLE-SA-2011-10-12-4 Safari 5.1.1", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-2827", "CVE-2011-3229", "CVE-2011-2790", "CVE-2011-3231", "CVE-2011-2352", "CVE-2011-2792", "CVE-2011-2339", "CVE-2011-3234", "CVE-2011-3233", "CVE-2011-1440", "CVE-2011-2359", "CVE-2011-3230", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3241", "CVE-2011-2820", "CVE-2011-3243", "CVE-2011-2797", "CVE-2011-2805", "CVE-2011-2811", "CVE-2011-2788", "CVE-2011-3239", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-2819", "CVE-2011-3238", "CVE-2011-2356", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-2831", "CVE-2011-3232", "CVE-2011-2815", "CVE-2011-3237", "CVE-2011-3242", "CVE-2011-2814", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-2800", "CVE-2011-2809", "CVE-2011-2341"], "modified": "2011-10-15T00:00:00", "id": "SECURITYVULNS:DOC:27150", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27150", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6\r\n\r\nSafari 5.1 and Safari 5.0.6 are now available and address the\r\nfollowing:\r\n\r\nCFNetwork\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: In certain situations, Safari may treat a file as HTML,\r\neven if it is served with the 'text/plain' content type. This may\r\nlead to a cross-site scripting attack on sites that allow untrusted\r\nusers to post text files. This issue is addressed through improved\r\nhandling of 'text/plain' content.\r\nCVE-ID\r\nCVE-2010-1420 : Hidetake Jo working with Microsoft Vulnerability\r\nResearch (MSVR), Neal Poole of Matasano Security\r\n\r\nCFNetwork\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Authenticating to a maliciously crafted website may lead to\r\narbitrary code execution\r\nDescription: The NTLM authentication protocol is susceptible to a\r\nreplay attack referred to as credential reflection. Authenticating to\r\na maliciously crafted website may lead to arbitrary code execution.\r\nTo mitigate this issue, Safari has been updated to utilize protection\r\nmechanisms recently added to Windows. This issue does not affect Mac\r\nOS X systems.\r\nCVE-ID\r\nCVE-2010-1383 : Takehiro Takahashi of IBM X-Force Research\r\n\r\nCFNetwork\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A root certificate that is disabled may still be trusted\r\nDescription: CFNetwork did not properly validate that a certificate\r\nwas trusted for use by a SSL server. As a result, if the user had\r\nmarked a system root certificate as not trusted, Safari would still\r\naccept certificates signed by that root. This issue is addressed\r\nthrough improved certificate validation. This issue does not affect\r\nMac OS X systems.\r\nCVE-ID\r\nCVE-2011-0214 : An anonymous reporter\r\n\r\nColorSync\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution\r\nDescription: An integer overflow existed in the handling of images\r\nwith an embedded ColorSync profile, which may lead to a heap buffer\r\noverflow. Opening a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution. For Mac OS X v10.5 systems, this issue\r\nis addressed in Security Update 2011-004.\r\nCVE-ID\r\nCVE-2011-0200 : binaryproof working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreFoundation\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Applications that use the CoreFoundation framework may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An off-by-one buffer overflow issue existed in the\r\nhandling of CFStrings. Applications that use the CoreFoundation\r\nframework may be vulnerable to an unexpected application termination\r\nor arbitrary code execution. For Mac OS X v10.6 systems, this issue\r\nis addressed in Mac OS X v10.6.8.\r\nCVE-ID\r\nCVE-2011-0201 : Harry Sintonen\r\n\r\nCoreGraphics\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow issue existed in the handling of\r\nType 1 fonts. Viewing or downloading a document containing a\r\nmaliciously crafted embedded font may lead to arbitrary code\r\nexecution. For Mac OS X v10.6 systems, this issue is addressed in Mac\r\nOS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in\r\nSecurity Update 2011-004.\r\nCVE-ID\r\nCVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert\r\nof the Google Security Team\r\n\r\nInternational Components for Unicode\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Applications that use ICU may be vulnerable to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A buffer overflow issue existed in ICU's handling of\r\nuppercase strings. Applications that use ICU may be vulnerable to an\r\nunexpected application termination or arbitrary code execution. For\r\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.\r\nCVE-ID\r\nCVE-2011-0206 : David Bienvenu of Mozilla\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution. For\r\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.\r\nFor Mac OS X v10.5 systems, this issue is addressed in Security\r\nUpdate 2011-004.\r\nCVE-ID\r\nCVE-2011-0204 : Dominic Chell of NGS Secure\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nCCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF\r\nimage may lead to an unexpected application termination or arbitrary\r\ncode execution.\r\nCVE-ID\r\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A reentrancy issue existed in ImageIO's handling of\r\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution. This\r\nissue does not affect Mac OS X systems.\r\nCVE-ID\r\nCVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution. For\r\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.\r\nFor Mac OS X v10.5 systems, this issue is addressed in Security\r\nUpdate 2011-004.\r\nCVE-ID\r\nCVE-2011-0204 : Dominic Chell of NGS Secure\r\n\r\nlibxslt\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of addresses on the heap\r\nDescription: libxslt's implementation of the generate-id() XPath\r\nfunction disclosed the address of a heap buffer. Visiting a\r\nmaliciously crafted website may lead to the disclosure of addresses\r\non the heap. This issue is addressed by generating an ID based on the\r\ndifference between the addresses of two heap buffers. For Mac OS X\r\nv10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac\r\nOS X v10.5 systems, this issue is addressed in Security Update\r\n2011-004.\r\nCVE-ID\r\nCVE-2011-0195 : Chris Evans of the Google Chrome Security Team\r\n\r\nlibxml\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A one-byte heap buffer overflow existed in libxml's\r\nhandling of XML data. Visiting a maliciously crafted website may lead\r\nto an unexpected application termination or arbitrary code execution.\r\nCVE-ID\r\nCVE-2011-0216 : Billy Rios of the Google Security Team\r\n\r\nSafari\r\nAvailable for: Mac OS X v10.6.8 or later,\r\nMac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later\r\nImpact: If the "AutoFill web forms" feature is enabled, visiting a\r\nmaliciously crafted website and typing may lead to the disclosure of\r\ninformation from the user's Address Book\r\nDescription: Safari's "AutoFill web forms" feature filled in non-\r\nvisible form fields, and the information was accessible by scripts on\r\nthe site before the user submitted the form. This issue is addressed\r\nby displaying all fields that will be filled, and requiring the\r\nuser's consent before AutoFill information is available to the form.\r\nCVE-ID\r\nCVE-2011-0217 : Florian Rienhardt of BSI, Alex Lambert, [Jeremiah\r\nGrossman]\r\n\r\nSafari\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: With a certain Java configuration, visiting a malicious\r\nwebsite may lead to unexpected text being displayed on other sites\r\nDescription: A cross origin issue existed in the handling of Java\r\nApplets. This applies when Java is enabled in Safari, and Java is\r\nconfigured to run within the browser process. Fonts loaded by a Java\r\napplet could affect the display of text content from other sites.\r\nThis issue is addressed by running Java applets in a separate\r\nprocess.\r\nCVE-ID\r\nCVE-2011-0219 : Joshua Smith of Kaon Interactive\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nVisiting a maliciously crafted website may lead to an unexpected\r\napplication termination or arbitrary code execution.\r\nCVE-ID\r\nCVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability\r\nResearch (MSVR), wushi of team509, and Yong Li of Research In Motion\r\nLtd\r\nCVE-2011-0164 : Apple\r\nCVE-2011-0218 : SkyLined of Google Chrome Security Team\r\nCVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS\r\nResearch Team, and Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with\r\niDefense VCP\r\nCVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative\r\nCVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-0234 : Rob King working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with iDefense VCP\r\nCVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0237 : wushi of team509 working with iDefense VCP\r\nCVE-2011-0238 : Adam Barth of Google Chrome Security Team\r\nCVE-2011-0240 : wushi of team509 working with iDefense VCP\r\nCVE-2011-0253 : Richard Keen\r\nCVE-2011-0254 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0255 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc\r\nCVE-2011-0983 : Martin Barbella\r\nCVE-2011-1109 : Sergey Glazunov\r\nCVE-2011-1114 : Martin Barbella\r\nCVE-2011-1115 : Martin Barbella\r\nCVE-2011-1117 : wushi of team509\r\nCVE-2011-1121 : miaubiz\r\nCVE-2011-1188 : Martin Barbella\r\nCVE-2011-1203 : Sergey Glazunov\r\nCVE-2011-1204 : Sergey Glazunov\r\nCVE-2011-1288 : Andreas Kling of Nokia\r\nCVE-2011-1293 : Sergey Glazunov\r\nCVE-2011-1296 : Sergey Glazunov\r\nCVE-2011-1449 : Marek Majkowski, wushi of team 509 working with\r\niDefense VCP\r\nCVE-2011-1451 : Sergey Glazunov\r\nCVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-1457 : John Knottenbelt of Google\r\nCVE-2011-1462 : wushi of team509\r\nCVE-2011-1797 : wushi of team509\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A configuration issue existed in WebKit's use of\r\nlibxslt. Visiting a maliciously crafted website may lead to arbitrary\r\nfiles being created with the privileges of the user, which may lead\r\nto arbitrary code execution. This issue is addressed through improved\r\nlibxslt security settings.\r\nCVE-ID\r\nCVE-2011-1774 : Nicolas Gregoire of Agarri\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\ninformation disclosure\r\nDescription: A cross-origin issue existed in the handling of Web\r\nWorkers. Visiting a maliciously crafted website may lead to an\r\ninformation disclosure.\r\nCVE-ID\r\nCVE-2011-1190 : Daniel Divricean of divricean.ro\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of URLs\r\nwith an embedded username. Visiting a maliciously crafted website may\r\nlead to a cross-site scripting attack. This issue is addressed\r\nthrough improved handling of URLs with an embedded username.\r\nCVE-ID\r\nCVE-2011-0242 : Jobert Abma of Online24\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of DOM\r\nnodes. Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack.\r\nCVE-ID\r\nCVE-2011-1295 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: A maliciously crafted website may be able to cause a\r\ndifferent URL to be shown in the address bar\r\nDescription: A URL spoofing issue existed in the handling of the DOM\r\nhistory object. A maliciously crafted website may have been able to\r\ncause a different URL to be shown in the address bar.\r\nCVE-ID\r\nCVE-2011-1107 : Jordi Chancel\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Subscribing to a maliciously crafted RSS feed and clicking\r\non a link within it may lead to an information disclosure\r\nDescription: A canonicalization issue existed in the handling of\r\nURLs. Subscribing to a maliciously crafted RSS feed and clicking on a\r\nlink within it may lead to arbitrary files being sent from the user's\r\nsystem to a remote server. This update addresses the issue through\r\nimproved handling of URLs.\r\nCVE-ID\r\nCVE-2011-0244 : Jason Hullinger\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Applications that use WebKit, such as mail clients, may\r\nconnect to an arbitrary DNS server upon processing HTML content\r\nDescription: DNS prefetching was enabled by default in WebKit.\r\nApplications that use WebKit, such a s mail clients, may connect to\r\nan arbitrary DNS server upon processing HTML content. This update\r\naddresses the issue by requiring applications to opt in to DNS\r\nprefetching.\r\nCVE-ID\r\nCVE-2010-3829 : Mike Cardwell of Cardwell IT Ltd.\r\n\r\n\r\nNote: Safari 5.1 is included with OS X Lion.\r\n\r\n\r\nSafari 5.1 and Safari 5.0.6 address the same set of security\r\nissues. Safari 5.1 is provided for Mac OS X v10.6,\r\nand Windows systems. Safari 5.0.6 is provided for\r\nMac OS X v10.5 systems.\r\n\r\nSafari 5.1 is available via the Apple Software Update\r\napplication, or Apple's Safari download site at:\r\nhttp://www.apple.com/safari/download/\r\n\r\nSafari 5.0.6 is available via the Apple Software Update\r\napplication, or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nSafari for Mac OS X v10.6.8 and later\r\nThe download file is named: Safari5.1SnowLeopard.dmg\r\nIts SHA-1 digest is: 2c3cef8e06c5aa586379b1a5fd5cf7b54e8acc24\r\n\r\nSafari for Mac OS X v10.5.8\r\nThe download file is named: Safari5.0.6Leopard.dmg\r\nIts SHA-1 digest is: ea970375d2116a7b74094a2a7669bebc306b6e6f\r\n\r\nSafari for Windows 7, Vista or XP\r\nThe download file is named: SafariSetup.exe\r\nIts SHA-1 digest is: d00b791c694b1ecfc22d6a1ec9aa21cc14fd8e36\r\n\r\nSafari for Windows 7, Vista or XP from the Microsoft Choice Screen\r\nThe download file is named: Safari_Setup.exe\r\nIts SHA-1 digest is: ccb3bb6b06468a430171d9f62708a1a6d917f45b\r\n\r\nSafari+QuickTime for Windows 7, Vista or XP\r\nThe file is named: SafariQuickTimeSetup.exe\r\nIts SHA-1 digest is: 1273e0ee742a294d65e4f25a9b3e36f79fb517c9\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.9 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOJI45AAoJEGnF2JsdZQeezHQIALKZms5tzYgYxUSdxmo+DmYw\r\nup9gAmEVcltZvCeVS1lUxfjqnRiGRSWyuou8Ynt9PfGQCz9GfLvzlrCHc5rsnKaD\r\nMeYY1IH7lQc6aqmV0hwb4nUL5qJntP6G5Ai0E/0UiRQNC/ummS+qnmdsiFo78ODY\r\nnKaB5cAWhqGHgOAPnUG0JwmxpYgR2HEtGYJSqlYykMwt1vnlAr5hHVNaUJcJ3Hlb\r\nvesN6fB7zQMiJVo8+iJBixCvIYlbII5HnVAmD1ToyKgENg4Iguo46YBMVr8DPgF/\r\nKD2s0+VF/O4utYVX0GiRGReVyq1PMvz/HI23ym8U3LjbezXD/AALQET0Q2hUEYQ=\r\n=fOfF\r\n-----END PGP SIGNATURE-----\r\n\r\n\r\n", "cvss3": {}, "published": "2011-07-22T00:00:00", "type": "securityvulns", "title": "APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-1293", "CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0202", "CVE-2011-1107", "CVE-2010-1823", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-1451", "CVE-2011-0206", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0204", "CVE-2011-0223", "CVE-2011-1295", "CVE-2011-0201", "CVE-2011-0241", "CVE-2011-1109", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-1204", "CVE-2011-0219", "CVE-2011-0218", "CVE-2010-3829", "CVE-2011-0217", "CVE-2011-0164", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-1296", "CVE-2011-0981", "CVE-2011-0242", "CVE-2011-1115", "CVE-2011-1114", "CVE-2011-1203", "CVE-2011-1190", "CVE-2011-0983", "CVE-2011-0222", "CVE-2011-0195", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-1117", "CVE-2011-0200", "CVE-2011-0232", "CVE-2011-1449", "CVE-2011-1121", "CVE-2011-1774", "CVE-2011-1188", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "modified": "2011-07-22T00:00:00", "id": "SECURITYVULNS:DOC:26666", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26666", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:11:44", "description": "WebKit and Apple libraries multiple security vulnerabilities", "cvss3": {}, "published": "2011-08-01T00:00:00", "type": "securityvulns", "title": "WebKit / Apple Safari / Google Chrome multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-1293", "CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0202", "CVE-2011-1107", "CVE-2010-1823", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-1451", "CVE-2011-0206", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0204", "CVE-2011-0223", "CVE-2011-1295", "CVE-2011-0201", "CVE-2011-0241", "CVE-2011-1109", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-1204", "CVE-2011-0219", "CVE-2011-0218", "CVE-2010-3829", "CVE-2011-0217", "CVE-2011-0164", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-1296", "CVE-2011-0981", "CVE-2011-0242", "CVE-2011-1115", "CVE-2011-1114", "CVE-2011-1203", "CVE-2011-1190", "CVE-2011-0983", "CVE-2011-0222", "CVE-2011-0195", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-1117", "CVE-2011-0200", "CVE-2011-0232", "CVE-2011-1449", "CVE-2011-1121", "CVE-2011-1774", "CVE-2011-1188", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "modified": "2011-08-01T00:00:00", "id": "SECURITYVULNS:VULN:11798", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11798", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-12-1 iOS 5 Software Update\r\n\r\niOS 5 Software Update is now available and addresses the following:\r\n\r\nCalDAV\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information from a CalDAV\r\ncalendar server\r\nDescription: CalDAV did not check that the SSL certificate presented\r\nby the server was trusted.\r\nCVE-ID\r\nCVE-2011-3253 : Leszek Tasiemski of nSense\r\n\r\nCalendar\r\nAvailable for: iOS 4.2.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 4.2.0 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 4.2.0 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted calendar invitation may inject\r\nscript in the local domain\r\nDescription: A script injection issue existed in Calendar's handling\r\nof invitation notes. This issue is addressed through improved\r\nescaping of special characters in invitation notes. This issues does\r\nnot affect devices prior to iOS 4.2.0.\r\nCVE-ID\r\nCVE-2011-3254 : Rick Deacon\r\n\r\nCFNetwork\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: User's AppleID password may be logged to a local file\r\nDescription: A user's AppleID password and username were logged to a\r\nfile that was readable by applications on the system. This is\r\nresolved by no longer logging these credentials.\r\nCVE-ID\r\nCVE-2011-3255 : Peter Quade of qdevelop\r\n\r\nCFNetwork\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of HTTP\r\ncookies. When accessing a maliciously crafted HTTP or HTTPS URL,\r\nCFNetwork could incorrectly send the cookies for a domain to a server\r\noutside that domain.\r\nCVE-ID\r\nCVE-2011-3246 : Erling Ellingsen of Facebook\r\n\r\nCoreFoundation\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted website or e-mail message may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in CoreFoundation's\r\nhandling of string tokenization.\r\nCVE-ID\r\nCVE-2011-0259 : Apple\r\n\r\nCoreGraphics\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a document containing a maliciously crafted font may\r\nlead to arbitrary code execution\r\nDescription: Multiple memory corruption existed in freetype, the\r\nmost serious of which may lead to arbitrary code execution when\r\nprocessing a maliciously crafted font.\r\nCVE-ID\r\nCVE-2011-3256 : Apple\r\n\r\nCoreMedia\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of video data from another site\r\nDescription: A cross-origin issue existed in CoreMedia's handling of\r\ncross-site redirects. This issue is addressed through improved origin\r\ntracking.\r\nCVE-ID\r\nCVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability\r\nResearch (MSVR)\r\n\r\nData Access\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: An exchange mail cookie management issue could incorrectly\r\ncause data synchronization across different accounts\r\nDescription: When multiple mail exchange accounts are configured\r\nwhich connect to the same server, a session could potentially receive\r\na valid cookie corresponding to a different account. This issue is\r\naddressed by ensuring that cookies are separated across different\r\naccounts.\r\nCVE-ID\r\nCVE-2011-3257 : Bob Sielken of IBM\r\n\r\nData Security\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information\r\nDescription: Fraudulent certificates were issued by multiple\r\ncertificate authorities operated by DigiNotar. This issue is\r\naddressed by removing DigiNotar from the list of trusted root\r\ncertificates, from the list of Extended Validation (EV) certificate\r\nauthorities, and by configuring default system trust settings so that\r\nDigiNotar's certificates, including those issued by other\r\nauthorities, are not trusted.\r\n\r\nData Security\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Support for X.509 certificates with MD5 hashes may expose\r\nusers to spoofing and information disclosure as attacks improve\r\nDescription: Certificates signed using the MD5 hash algorithm were\r\naccepted by iOS. This algorithm has known cryptographic weaknesses.\r\nFurther research or a misconfigured certificate authority could have\r\nallowed the creation of X.509 certificates with attacker controlled\r\nvalues that would have been trusted by the system. This would have\r\nexposed X.509 based protocols to spoofing, man in the middle attacks,\r\nand information disclosure. This update disables support for an X.509\r\ncertificate with an MD5 hash for any use other than as a trusted root\r\ncertificate.\r\nCVE-ID\r\nCVE-2011-3427\r\n\r\nData Security\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: An attacker could decrypt part of a SSL connection\r\nDescription: Only the SSLv3 and TLS 1.0 versions of SSL were\r\nsupported. These versions are subject to a protocol weakness when\r\nusing block ciphers. A man-in-the-middle attacker could have injected\r\ninvalid data, causing the connection to close but revealing some\r\ninformation about the previous data. If the same connection was\r\nattempted repeatedly the attacker may eventually have been able to\r\ndecrypt the data being sent, such as a password. This issue is\r\naddressed by adding support for TLS 1.2.\r\nCVE-ID\r\nCVE-2011-3389\r\n\r\nHome screen\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Switching between applications may lead to the disclosure of\r\nsensitive application information\r\nDescription: When switching between applications with the four-\r\nfinger app switching gesture, the display could have revealed the\r\nprevious application state. This issue is addressed by ensuring that\r\nthe system properly calls the applicationWillResignActive: method\r\nwhen transitioning between applications.\r\nCVE-ID\r\nCVE-2011-3431 : Abe White of Hedonic Software Inc.\r\n\r\nImageIO\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted TIFF image may result in an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in libTIFF's handling of\r\nCCITT Group 4 encoded TIFF images.\r\nCVE-ID\r\nCVE-2011-0192 : Apple\r\n\r\nImageIO\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nCCITT Group 4 encoded TIFF images.\r\nCVE-ID\r\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\r\n\r\nInternational Components for Unicode\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Applications that use ICU may be vulnerable to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A buffer overflow issue existed in ICU's generation of\r\ncollation keys for long strings of mostly uppercase letters.\r\nCVE-ID\r\nCVE-2011-0206 : David Bienvenu of Mozilla\r\n\r\nKernel\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: A remote attacker may cause a device reset\r\nDescription: The kernel failed to promptly reclaim memory from\r\nincomplete TCP connections. An attacker with the ability to connect\r\nto a listening service on an iOS device could exhaust system\r\nresources.\r\nCVE-ID\r\nCVE-2011-3259 : Wouter van der Veer of Topicus I&I, and Josh Enders\r\n\r\nKernel\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: A local user may be able to cause a system reset\r\nDescription: A null dereference issue existed in the handling of\r\nIPV6 socket options.\r\nCVE-ID\r\nCVE-2011-1132 : Thomas Clement of Intego\r\n\r\nKeyboards\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: A user may be able to determine information about the last\r\ncharacter of a password\r\nDescription: The keyboard used to type the last character of a\r\npassword was briefly displayed the next time the keyboard was used.\r\nCVE-ID\r\nCVE-2011-3245 : Paul Mousdicas\r\n\r\nlibxml\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A one-byte heap buffer overflow existed in libxml's\r\nhandling of XML data.\r\nCVE-ID\r\nCVE-2011-0216 : Billy Rios of the Google Security Team\r\n\r\nOfficeImport\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted Word file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in OfficeImport's handling of\r\nMicrosoft Word documents.\r\nCVE-ID\r\nCVE-2011-3260 : Tobias Klein working with Verisign iDefense Labs\r\n\r\nOfficeImport\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted Excel file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A double free issue existed in OfficeImport's handling\r\nof Excel files.\r\nCVE-ID\r\nCVE-2011-3261 : Tobias Klein of www.trapkit.de\r\n\r\nOfficeImport\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Downloading a maliciously crafted Microsoft Office file may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in OfficeImport's\r\nhandling of Microsoft Office files.\r\nCVE-ID\r\nCVE-2011-0208 : Tobias Klein working with iDefense VCP\r\n\r\nOfficeImport\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Downloading a maliciously crafted Excel file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in OfficeImport's\r\nhandling of Excel files.\r\nCVE-ID\r\nCVE-2011-0184 : Tobias Klein working with iDefense VCP\r\n\r\nSafari\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Opening maliciously crafted files on certain websites may\r\nlead to a cross-site scripting attack\r\nDescription: iOS did not support the 'attachment' value for the HTTP\r\nContent-Disposition header. This header is used by many websites to\r\nserve files that were uploaded to the site by a third-party, such as\r\nattachments in web-based e-mail applications. Any script in files\r\nserved with this header value would run as if the file had been\r\nserved inline, with full access to other resources on the origin\r\nserver. This issue is addressed by loading attachments in an isolated\r\nsecurity origin with no access to resources on other sites.\r\nCVE-ID\r\nCVE-2011-3426 : Christian Matthies working with iDefense VCP,\r\nYoshinori Oota from Business Architects Inc working with JP/CERT\r\n\r\nSettings\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: An attacker with physical access to a device may be able to\r\nrecover the restrictions passcode\r\nDescription: The parental restrictions functionality enforces UI\r\nrestrictions. Configuring parental restrictions is protected by a\r\npasscode, which was previously stored in plaintext on disk. This\r\nissue is addressed by securely storing the parental restrictions\r\npasscode in the system keychain.\r\nCVE-ID\r\nCVE-2011-3429 : an anonymous reporter\r\n\r\nSettings\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Misleading UI\r\nDescription: Configurations and settings applied via configuration\r\nprofiles did not appear to function properly under any non-English\r\nlanguage. Settings could be improperly displayed as a result. This\r\nissue is addressed by fixing a localization error.\r\nCVE-ID\r\nCVE-2011-3430 : Florian Kreitmaier of Siemens CERT\r\n\r\nUIKit Alerts\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a malicious website may cause an unexpected device\r\nhang\r\nDescription: An excessive maximum text layout length permitted\r\nmalicious websites to cause iOS to hang when drawing acceptance\r\ndialogs for very long tel: URIs. This issue is addressed by using a\r\nmore reasonable maximum URI size.\r\nCVE-ID\r\nCVE-2011-3432 : Simon Young of Anglia Ruskin University\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nCVE-ID\r\nCVE-2011-0218 : SkyLined of Google Chrome Security Team\r\nCVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS\r\nResearch Team, and Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative\r\nCVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-0234 : Rob King working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0238 : Adam Barth of Google Chrome Security Team\r\nCVE-2011-0254 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0255 : An anonymous reporter working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc\r\nCVE-2011-0983 : Martin Barbella\r\nCVE-2011-1109 : Sergey Glazunov\r\nCVE-2011-1114 : Martin Barbella\r\nCVE-2011-1115 : Martin Barbella\r\nCVE-2011-1117 : wushi of team509\r\nCVE-2011-1121 : miaubiz\r\nCVE-2011-1188 : Martin Barbella\r\nCVE-2011-1203 : Sergey Glazunov\r\nCVE-2011-1204 : Sergey Glazunov\r\nCVE-2011-1288 : Andreas Kling of Nokia\r\nCVE-2011-1293 : Sergey Glazunov\r\nCVE-2011-1296 : Sergey Glazunov\r\nCVE-2011-1449 : Marek Majkowski\r\nCVE-2011-1451 : Sergey Glazunov\r\nCVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-1457 : John Knottenbelt of Google\r\nCVE-2011-1462 : wushi of team509\r\nCVE-2011-1797 : wushi of team509\r\nCVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2339 : Cris Neckar of the Google Chrome Security Team\r\nCVE-2011-2341 : Apple\r\nCVE-2011-2351 : miaubiz\r\nCVE-2011-2352 : Apple\r\nCVE-2011-2354 : Apple\r\nCVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome\r\nSecurity Team using AddressSanitizer\r\nCVE-2011-2359 : miaubiz\r\nCVE-2011-2788 : Mikolaj Malecki of Samsung\r\nCVE-2011-2790 : miaubiz\r\nCVE-2011-2792 : miaubiz\r\nCVE-2011-2797 : miaubiz\r\nCVE-2011-2799 : miaubiz\r\nCVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-2813 : Cris Neckar of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2816 : Apple\r\nCVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2818 : Martin Barbella\r\nCVE-2011-2820 : Raman Tenneti and Philip Rogers of Google\r\nCVE-2011-2823 : SkyLined of Google Chrome Security Team\r\nCVE-2011-2827 : miaubiz\r\nCVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3232 : Aki Helin of OUSPG\r\nCVE-2011-3234 : miaubiz\r\nCVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3244 : vkouchna\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of URLs\r\nwith an embedded username. This issue is addressed through improved\r\nhandling of URLs with an embedded username.\r\nCVE-ID\r\nCVE-2011-0242 : Jobert Abma of Online24\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of DOM\r\nnodes.\r\nCVE-ID\r\nCVE-2011-1295 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: A maliciously crafted website may be able to cause a\r\ndifferent URL to be shown in the address bar\r\nDescription: A URL spoofing issue existed in the handling of the DOM\r\nhistory object.\r\nCVE-ID\r\nCVE-2011-1107 : Jordi Chancel\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A configuration issue existed in WebKit's use of\r\nlibxslt. Visiting a maliciously crafted website may lead to arbitrary\r\nfiles being created with the privileges of the user, which may lead\r\nto arbitrary code execution. This issue is addressed through improved\r\nlibxslt security settings.\r\nCVE-ID\r\nCVE-2011-1774 : Nicolas Gregoire of Agarri\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a malicious website and dragging content in the\r\npage may lead to an information disclosure\r\nDescription: A cross-origin issue existed in WebKit's handling of\r\nHTML5 drag and drop. This issue is addressed by disallowing drag and\r\ndrop across different origins.\r\nCVE-ID\r\nCVE-2011-0166 : Michal Zalewski of Google Inc.\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to an\r\ninformation disclosure\r\nDescription: A cross-origin issue existed in the handling of Web\r\nWorkers.\r\nCVE-ID\r\nCVE-2011-1190 : Daniel Divricean of divricean.ro\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of the\r\nwindow.open method.\r\nCVE-ID\r\nCVE-2011-2805 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of\r\ninactive DOM windows.\r\nCVE-ID\r\nCVE-2011-3243 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of the\r\ndocument.documentURI property.\r\nCVE-ID\r\nCVE-2011-2819 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: A maliciously crafted website may be able to track the URLs\r\nthat a user visits within a frame\r\nDescription: A cross-origin issue existed in the handling of the\r\nbeforeload event.\r\nCVE-ID\r\nCVE-2011-2800 : Juho Nurminen\r\n\r\nWiFi\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: WiFi credentials may be logged to a local file\r\nDescription: WiFi credentials including the passphrase and\r\nencryption keys were logged to a file that was readable by\r\napplications on the system. This is resolved by no longer logging\r\nthese credentials.\r\nCVE-ID\r\nCVE-2011-3434 : Laurent OUDOT of TEHTRI Security\r\n\r\nInstallation note:\r\n\r\nThis update is only available through iTunes, and will not appear\r\nin your computer's Software Update application, or in the Apple\r\nDownloads site. Make sure you have an Internet connection and have\r\ninstalled the latest version of iTunes from www.apple.com/itunes/\r\n\r\niTunes will automatically check Apple's update server on its weekly\r\nschedule. When an update is detected, it will download it. When\r\nthe iPhone, iPod touch or iPad is docked, iTunes will present the\r\nuser with the option to install the update. We recommend applying\r\nthe update immediately if possible. Selecting Don't Install will\r\npresent the option the next time you connect your iPhone, iPod touch,\r\nor iPad.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes checks for updates. You may manually obtain the\r\nupdate via the Check for Updates button within iTunes. After doing\r\nthis, the update can be applied when your iPhone, iPod touch, or iPad\r\nis docked to your computer.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update will be\r\n"5 (9A334)".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOldmtAAoJEGnF2JsdZQee/qMIAIPxmIiOqj+FMLFHZtPeC/Dp\r\n3s4JliKOOgNnjXkxErfaNvYGmeVbDaUER5jdVrWccTauzlYmy8G4uK0An2GD2YiP\r\ngB5AiCQXpONdBCi38QNdRqrYoYjc8Sa0nUp4r5uWPoiHoj5KfxvBpgygEL+zjHXS\r\nfmnrONOCWhOYp0w4q6mdTg5BH2uJCbXscD/JjbmgHQI0Vs/iUZKSRyqFo2b0Mvze\r\nNiSyzcj/4l62Cxx7xM9VbdrYL7Al2yyHfNYJQsZmoeDUlJQcdgEgEMXvOuhY3sFK\r\nmaxYr2oCp6Mtf53fplAeJIV4ijLynEWAKxTuTznAyW1k7oiGrDTfORSFKPEB9MQ=\r\n=LCQZ\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2011-10-15T00:00:00", "type": "securityvulns", "title": "APPLE-SA-2011-10-12-1 iOS 5 Software Update", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-2827", "CVE-2011-0187", "CVE-2011-1293", "CVE-2011-0221", "CVE-2011-2790", "CVE-2011-0166", "CVE-2011-0234", "CVE-2011-3430", "CVE-2011-0225", "CVE-2011-1107", "CVE-2011-0259", "CVE-2011-2352", "CVE-2011-2792", "CVE-2011-2339", "CVE-2011-3234", "CVE-2011-1462", "CVE-2011-1451", "CVE-2011-0206", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-3246", "CVE-2011-1295", "CVE-2011-2359", "CVE-2011-0241", "CVE-2011-3257", "CVE-2011-1109", "CVE-2011-1457", "CVE-2011-3260", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3255", "CVE-2011-1132", "CVE-2011-3431", "CVE-2011-3426", "CVE-2011-0208", "CVE-2011-1204", "CVE-2011-2820", "CVE-2011-0218", "CVE-2011-3434", "CVE-2011-0254", "CVE-2011-3389", "CVE-2011-3243", "CVE-2011-2797", "CVE-2011-3256", "CVE-2011-0255", "CVE-2011-2805", "CVE-2011-3429", "CVE-2011-1296", "CVE-2011-0981", "CVE-2011-0242", "CVE-2011-2788", "CVE-2011-0184", "CVE-2011-1115", "CVE-2011-3254", "CVE-2011-3244", "CVE-2011-1114", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-2819", "CVE-2011-1203", "CVE-2011-2356", "CVE-2011-1190", "CVE-2011-0983", "CVE-2011-0222", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-2831", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-3232", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-3237", "CVE-2011-1117", "CVE-2011-3253", "CVE-2011-0232", "CVE-2011-2814", "CVE-2011-1449", "CVE-2011-1121", "CVE-2011-3259", "CVE-2011-3245", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-1774", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-1188", "CVE-2011-2800", "CVE-2011-3261", "CVE-2011-0235", "CVE-2011-2809", "CVE-2011-3427", "CVE-2011-3432", "CVE-2011-2341", "CVE-2011-0192"], "modified": "2011-10-15T00:00:00", "id": "SECURITYVULNS:DOC:27151", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27151", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:47:15", "description": "Multiple vulnerabilities in different system components and applications.", "cvss3": {}, "published": "2011-10-16T00:00:00", "type": "securityvulns", "title": "Apple iPhone multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-2827", "CVE-2011-0187", "CVE-2011-1293", "CVE-2011-0221", "CVE-2011-2790", "CVE-2010-3786", "CVE-2011-0166", "CVE-2011-0234", "CVE-2011-3430", "CVE-2011-0225", "CVE-2010-3785", "CVE-2011-1107", "CVE-2011-0259", "CVE-2011-2352", "CVE-2011-2792", "CVE-2011-2339", "CVE-2011-3234", "CVE-2011-1462", "CVE-2011-1451", "CVE-2011-0206", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-3246", "CVE-2011-1295", "CVE-2011-2359", "CVE-2011-0241", "CVE-2011-3257", "CVE-2011-1109", "CVE-2011-1457", "CVE-2011-3260", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3255", "CVE-2011-1132", "CVE-2011-3431", "CVE-2011-3426", "CVE-2011-0208", "CVE-2011-1204", "CVE-2011-2820", "CVE-2011-0218", "CVE-2011-2832", "CVE-2011-3434", "CVE-2011-0254", "CVE-2011-3389", "CVE-2011-3243", "CVE-2011-2797", "CVE-2011-3256", "CVE-2011-0255", "CVE-2011-2805", "CVE-2011-3429", "CVE-2011-1296", "CVE-2011-0981", "CVE-2011-0242", "CVE-2011-2788", "CVE-2011-0184", "CVE-2011-1115", "CVE-2011-3254", "CVE-2011-3244", "CVE-2011-1114", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-2819", "CVE-2011-1203", "CVE-2011-2356", "CVE-2011-1190", "CVE-2011-0983", "CVE-2011-0222", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-1417", "CVE-2011-2831", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-3237", "CVE-2011-1117", "CVE-2011-3253", "CVE-2011-0232", "CVE-2011-2814", "CVE-2011-1449", "CVE-2011-1121", "CVE-2011-3259", "CVE-2011-3245", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-1774", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-1188", "CVE-2011-2800", "CVE-2011-3261", "CVE-2011-0235", "CVE-2011-2809", "CVE-2011-3427", "CVE-2011-3432", "CVE-2011-2341", "CVE-2011-0192"], "modified": "2011-10-16T00:00:00", "id": "SECURITYVULNS:VULN:11971", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11971", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:42", "description": "Memory corruptions, privilege escalation race conditions, DoS.", "cvss3": {}, "published": "2011-05-30T00:00:00", "type": "securityvulns", "title": "Google Chrome multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-1293", "CVE-2011-1444", "CVE-2011-1799", "CVE-2011-1440", "CVE-2011-1797", "CVE-2011-1292"], "modified": "2011-05-30T00:00:00", "id": "SECURITYVULNS:VULN:11703", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11703", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:40", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2245-1 security@debian.org\r\nhttp://www.debian.org/security/ Giuseppe Iuculano\r\nMay 29, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nVulnerability : several vulnerabilities\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-1292 CVE-2011-1293 CVE-2011-1440 CVE-2011-1444 \r\n CVE-2011-1797 CVE-2011-1799 \r\n\r\n\r\nSeveral vulnerabilities were discovered in the Chromium browser.\r\nThe Common Vulnerabilities and Exposures project identifies the\r\nfollowing problems:\r\n\r\n\r\nCVE-2011-1292\r\n\r\n Use-after-free vulnerability in the frame-loader implementation in Google\r\n Chrome allows remote attackers to cause a denial of service or possibly\r\n have unspecified other impact via unknown vectors.\r\n\r\n\r\nCVE-2011-1293\r\n\r\n Use-after-free vulnerability in the HTMLCollection implementation in Google\r\n Chrome allows remote attackers to cause a denial of service or possibly have\r\n unspecified other impact via unknown vectors.\r\n\r\n\r\nCVE-2011-1440\r\n\r\n Use-after-free vulnerability in Google Chrome allows remote attackers to cause\r\n a denial of service or possibly have unspecified other impact via vectors\r\n related to the ruby element and Cascading Style Sheets (CSS) token sequences.\r\n\r\n\r\nCVE-2011-1444\r\n\r\n Race condition in the sandbox launcher implementation in Google Chrome on\r\n Linux allows remote attackers to cause a denial of service or possibly have\r\n unspecified other impact via unknown vectors.\r\n\r\n\r\nCVE-2011-1797\r\n\r\n Google Chrome does not properly render tables, which allows remote attackers\r\n to cause a denial of service or possibly have unspecified other impact via\r\n unknown vectors that lead to a "stale pointer."\r\n\r\n\r\nCVE-2011-1799\r\n\r\n Google Chrome does not properly perform casts of variables during interaction\r\n with the WebKit engine, which allows remote attackers to cause a denial of\r\n service or possibly have unspecified other impact via unknown vectors.\r\n\r\n\r\n\r\nFor the stable distribution (squeeze), these problems have been fixed in\r\nversion 6.0.472.63~r59945-5+squeeze5.\r\n\r\nFor the testing distribution (wheezy), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 11.0.696.68~r84545-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk3iJO4ACgkQNxpp46476apuDACfQjllLVOT84OjL86pa8+JhD5j\r\nGWgAmwc7Ei0TYhYaWQZbDmzalYq81pn4\r\n=0RTf\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2011-05-30T00:00:00", "type": "securityvulns", "title": "2245", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-1293", "CVE-2011-1444", "CVE-2011-1799", "CVE-2011-1440", "CVE-2011-1797", "CVE-2011-1292"], "modified": "2011-05-30T00:00:00", "id": "SECURITYVULNS:DOC:26433", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26433", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:51:19", "description": "DoS, information leakage, memory corruption.", "cvss3": {}, "published": "2011-09-13T00:00:00", "type": "securityvulns", "title": "Google \u0421hrome multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-2359", "CVE-2011-2818", "CVE-2011-2800"], "modified": "2011-09-13T00:00:00", "id": "SECURITYVULNS:VULN:11904", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11904", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:41", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2307-1 security@debian.org\r\nhttp://www.debian.org/security/ Giuseppe Iuculano\r\nSeptember 11, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-2359 CVE-2011-2800 CVE-2011-2818 \r\n\r\n\r\nSeveral vulnerabilities were discovered in the Chromium browser.\r\nThe Common Vulnerabilities and Exposures project identifies\r\nthe following problems:\r\n\r\nCVE-2011-2818\r\n\r\n Use-after-free vulnerability in Google Chrome allows remote attackers to\r\n cause a denial of service or possibly have unspecified other impact via\r\n vectors related to display box rendering.\r\n\r\n\r\nCVE-2011-2800\r\n\r\n Google Chrome before allows remote attackers to obtain potentially sensitive\r\n information about client-side redirect targets via a crafted web site.\r\n\r\n\r\nCVE-2011-2359\r\n\r\n Google Chrome does not properly track line boxes during rendering, which\r\n allows remote attackers to cause a denial of service or possibly have\r\n unspecified other impact via unknown vectors that lead to a "stale pointer."\r\n\r\n\r\nSeveral unauthorised SSL certificates have been found in the wild issued\r\nfor the DigiNotar Certificate Authority, obtained through a security\r\ncompromise with said company.\r\nThis update blacklists SSL certificates issued by DigiNotar-controlled\r\nintermediate CAs used by the Dutch PKIoverheid program.\r\n\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 6.0.472.63~r59945-5+squeeze6.\r\n\r\nFor the testing distribution (wheezy), this problem has been fixed in\r\nversion 13.0.782.220~r99552-1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 13.0.782.220~r99552-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk5s8YQACgkQNxpp46476ap/pQCfYj8I6fU6tsysf3xg/jw3s5s3\r\nL9wAmgKPaN+O2PSeHts4U6Dog1+ka+Py\r\n=RzCD\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2011-09-13T00:00:00", "type": "securityvulns", "title": "[SECURITY] [DSA 2307-1] chromium-browser security update", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-2359", "CVE-2011-2818", "CVE-2011-2800"], "modified": "2011-09-13T00:00:00", "id": "SECURITYVULNS:DOC:27005", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27005", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:41", "description": "iDefense Security Advisory 07.20.11\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nJul 20, 2011\r\n\r\nI. BACKGROUND\r\n\r\nMathML is an XML-based markup language used to describe mathematical\r\noperations. It can be embedded inside of HTML and is supported by the\r\nWebKit engine.\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a use-after-free vulnerability in WebKit, as\r\nincluded with multiple vendors' browsers, could allow an attacker to\r\nexecute arbitrary code with the privileges of the current user. <BR><BR>\r\nThe vulnerability occurs during the processing of MathML markup tags.\r\nSpecifically, it is possible to trigger a use-after-free vulnerability\r\nwhen Safari fails to properly release an object. The object's memory is\r\nfreed; however, a reference to the object remains. When the reference is\r\nlater used to access the object, this now invalid memory is treated as a\r\nvalid object and the object's vtable is used to make an indirect\r\nfunction call. This may result in the execution of arbitrary code.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability results in the execution of arbitrary\r\ncode with the privileges of the user viewing the Web page. To exploit\r\nthis vulnerability, a targeted user must load a malicious Web page\r\ncreated by an attacker. An attacker typically accomplishes this via\r\nsocial engineering or injecting content into compromised, trusted sites.\r\nAfter the user visits the malicious Web page, no further user\r\ninteraction is needed.\r\n\r\nIV. DETECTION\r\n\r\nSafari versions prior to 5.1 and 5.0.6 are vulnerable.\r\n\r\nV. WORKAROUND\r\n\r\nDisabling JavaScript is an effective workaround for this vulnerability.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nApple Inc. has released patches which addresses this issue. For more\r\ninformation, consult their advisory at the following URL:\r\n\r\nhttp://support.apple.com/kb/HT4808\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2011-1449 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n12/15/2010 Initial Vendor Notification\r\n12/15/2010 Initial Vendor Reply\r\n07/20/2011 Coordinated Public Disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by wushi of team509.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright A\u00a9 2011 Verisign\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\ne-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n\r\n\r\n", "cvss3": {}, "published": "2011-07-22T00:00:00", "type": "securityvulns", "title": "iDefense Security Advisory 07.20.11: Multiple Vendor WebKit MathML Use-After-Free Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-1449"], "modified": "2011-07-22T00:00:00", "id": "SECURITYVULNS:DOC:26671", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26671", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code\r\nExecution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-303\r\nOctober 26, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-3219\r\n\r\n-- CVSS:\r\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\r\n\r\n-- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n-- Affected Products:\r\n\r\nApple Quicktime\r\n\r\n\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Quicktime. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the way Quicktime handles H.264 streams.\r\nWhen parsing the Sequence Parameter Set data for a H.264 stream it reads\r\nthe frame cropping offset fields. When those fields contain incorrect\r\ndata Quicktime will eventually write outside the buffer allocated for\r\nthe movie stream. This can result in remote code execution under the\r\ncontext of the current user.\r\n\r\n-- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT4981\r\n\r\n\r\n\r\n-- Disclosure Timeline:\r\n2011-07-20 - Vulnerability reported to vendor\r\n2011-10-26 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Damian Put\r\n\r\n\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "securityvulns", "title": "ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3219"], "modified": "2011-10-31T00:00:00", "id": "SECURITYVULNS:DOC:27220", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27220", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "description": "iDefense Security Advisory 07.20.11\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nJul 20, 2011\r\n\r\nI. BACKGROUND\r\n\r\nSafari is Apple's web browser, and is based on the open source WebKit\r\nbrowser engine. MobileSafari is Safari for Apple's mobile devices\r\nincluding the iPad and iPhone. For more information, see the vendor's\r\nsite found at the following link.\r\n\r\nhttp://www.apple.com/safari/\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a memory corruption vulnerability in Apple Inc.'s\r\nSafari browser could allow an attacker to execute arbitrary code with\r\nthe privileges of the current user.\r\n\r\nSafari is Apple's Web browser and is based on the open source WebKit\r\nbrowser engine.\r\n\r\nThis vulnerability occurs when Safari incorrectly handles an error state\r\nwhen encountering a broken XHTML tag. Specifically, the tag enclosing\r\nthe tag being processed is freed and is then referenced after it has\r\nalready been freed. This can lead to the execution of arbitrary code.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability results in the execution of arbitrary\r\ncode with the privileges of the user viewing the Web page. To exploit\r\nthis vulnerability, a targeted user must load a malicious Web page\r\ncreated by an attacker. An attacker typically accomplishes this via\r\nsocial engineering or injecting content into compromised, trusted sites.\r\nAfter the user visits the malicious Web page, no further user\r\ninteraction is needed.\r\n\r\nIV. DETECTION\r\n\r\nSafari versions prior to 5.1 and 5.0.6 are vulnerable.\r\n\r\nV. WORKAROUND\r\n\r\nDisabling JavaScript is an effective workaround for this vulnerability.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nApple Inc. has released patches which addresses this issue. For more\r\ninformation, consult their advisory at the following URL:\r\n\r\nhttp://support.apple.com/kb/HT4808\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2011-0234 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n06/01/2011 Initial Vendor Notification\r\n06/01/2011 Initial Vendor Reply\r\n07/20/2011 Coordinated Public Disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by wushi of team509.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright A\u00a9 2011 Verisign\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\ne-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n\r\n\r\n", "cvss3": {}, "published": "2011-07-22T00:00:00", "type": "securityvulns", "title": "iDefense Security Advisory 07.20.11: Apple Safari innerText Use-After-Free Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-0234"], "modified": "2011-07-22T00:00:00", "id": "SECURITYVULNS:DOC:26668", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26668", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "description": "ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-240\r\n\r\nJuly 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-1453\r\n\r\n-- CVSS:\r\n7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)\r\n\r\n-- Affected Vendors:\r\nApple\r\n\r\n-- Affected Products:\r\nApple WebKit\r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11273. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Safari's Webkit. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the library's support of SVG markers.\r\nWhen updating a marker, the application will duplicate the reference of\r\nan object without updating its reference count. When freeing this\r\nobject, a use-after-free vulnerability can be made to occur. This can be\r\nleveraged by a remote attacker to execute code under the context of the\r\nuser running the application.\r\n\r\n-- Vendor Response:\r\nApple has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\nhttp://support.apple.com/kb/HT4808\r\n\r\n-- Disclosure Timeline:\r\n2011-01-21 - Vulnerability reported to vendor\r\n2011-07-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * wushi of team509\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi", "cvss3": {}, "published": "2011-08-01T00:00:00", "type": "securityvulns", "title": "ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-1453"], "modified": "2011-08-01T00:00:00", "id": "SECURITYVULNS:DOC:26756", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26756", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "description": "ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-239\r\n\r\nJuly 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-0233\r\n\r\n-- CVSS:\r\n7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)\r\n\r\n-- Affected Vendors:\r\nApple\r\n\r\n-- Affected Products:\r\nApple WebKit\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Safari Webkit. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the library's implementation of a\r\nFrameOwner element. When building this tree, the application will create\r\na duplicate reference of an element. By freeing the referenced element,\r\na use-after-free condition can be made to occur which can lead to code\r\nexecution under the context of the application.\r\n\r\n-- Vendor Response:\r\nApple has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://support.apple.com/kb/HT4808\r\n\r\n-- Disclosure Timeline:\r\n2011-01-21 - Vulnerability reported to vendor\r\n2011-07-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * wushi of team509\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi", "cvss3": {}, "published": "2011-08-01T00:00:00", "type": "securityvulns", "title": "ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-0233"], "modified": "2011-08-01T00:00:00", "id": "SECURITYVULNS:DOC:26755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26755", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "description": "ZDI-11-228: Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-228\r\n\r\nJune 29, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-0200\r\n\r\n-- CVSS:\r\n7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)\r\n\r\n-- Affected Vendors:\r\nApple\r\n\r\n-- Affected Products:\r\nApple Mail\r\nApple OS X\r\nApple Safari\r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11426. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Safari on Windows and multiple\r\napplications on OSX. User interaction is required to exploit this\r\nvulnerability in that the target must visit a malicious page or open a\r\nmalicious file.\r\n\r\nThe flaw exists within the ColorSync component which is used when\r\nhandling image files containing embedded ICC data. When handling the\r\nncl2 tag the process miscalculates an integer value used in a memory\r\nallocation. This buffer is later used as a destination when copying user\r\ncontrolled data. A remote attacker can exploit this vulnerability to\r\nexecute arbitrary code under the context of the user running the\r\napplication.\r\n\r\n-- Vendor Response:\r\nApple has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://support.apple.com/kb/HT4723\r\n\r\n-- Disclosure Timeline:\r\n2011-04-04 - Vulnerability reported to vendor\r\n2011-06-29 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * binaryproof\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi", "cvss3": {}, "published": "2011-07-04T00:00:00", "type": "securityvulns", "title": "ZDI-11-228: Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-0200"], "modified": "2011-07-04T00:00:00", "id": "SECURITYVULNS:DOC:26597", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26597", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "Mozilla Foundation Security Advisory 2011-42\r\n\r\nTitle: Potentially exploitable crash in the YARR regular expression library\r\nImpact: Critical\r\nAnnounced: September 27, 2011\r\nReporter: Aki Helin\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 7.0\r\n Thunderbird 7.0\r\n SeaMonkey 2.4\r\nDescription\r\n\r\nSecurity researcher Aki Helin reported a potentially exploitable crash in the YARR regular expression library used by JavaScript.\r\n\r\nReferences\r\n\r\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=653672\r\nhttps://bugs.webkit.org/show_bug.cgi?id=61585\r\nCVE-2011-3232\r\n", "cvss3": {}, "published": "2011-10-01T00:00:00", "type": "securityvulns", "title": "Mozilla Foundation Security Advisory 2011-42", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3232"], "modified": "2011-10-01T00:00:00", "id": "SECURITYVULNS:DOC:27078", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27078", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote\r\nCode Execution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-304\r\nOctober 26, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-3252\r\n\r\n-- CVSS:\r\n8.3, AV:N/AC:M/Au:N/C:P/I:P/A:C\r\n\r\n-- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n-- Affected Products:\r\n\r\nApple Quicktime\r\n\r\n\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple QuickTime Player. Authentication is\r\nnot required to exploit this vulnerability. User interaction is required\r\nto exploit this vulnerability in that the target must visit a malicious\r\npage or open a malicious file.\r\n\r\nThe specific flaw exists within how the application parses an audio\r\nstream encoded with the advanced audio codec. A field will be read from\r\nthe file in order to calculate a length that is later used in a memory\r\ncopy operation into a statically sized buffer. Successful exploitation\r\ncan lead to code execution under the context of the application.\r\n\r\n-- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT4981\r\n\r\n\r\n\r\n-- Disclosure Timeline:\r\n2011-04-11 - Vulnerability reported to vendor\r\n2011-10-26 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Luigi Auriemma\r\n\r\n\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "securityvulns", "title": "ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3252"], "modified": "2011-10-31T00:00:00", "id": "SECURITYVULNS:DOC:27219", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27219", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "description": "iDefense Security Advisory 07.20.11\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nJul 20, 2011\r\n\r\nI. BACKGROUND\r\n\r\nWebKit is an open source web browser engine. It is currently used by\r\nApple Inc.'s Safari browser, as well as by Google's Chrome browser. For\r\nmore information, see the vendor's site at the following link.\r\n\r\nhttp://webkit.org/\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a heap based buffer overflow vulnerability in\r\nWebKit, as included with Apple Inc.'s Safari Web browser, could allow an\r\nattacker to execute arbitrary code with the privileges of the current\r\nuser.\r\n\r\nThe vulnerability occurs when parsing a frameset element with a\r\nmalicious style attribute. Specifically, by setting the padding property\r\nto certain values it is possible to trigger a heap based memory\r\ncorruption vulnerability. This can lead to the execution of arbitrary\r\ncode.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability results in the execution of arbitrary\r\ncode with the privileges of the user viewing the web page. To exploit\r\nthis vulnerability, a targeted user must load a malicious webpage\r\ncreated by an attacker. An attacker typically accomplishes this via\r\nsocial engineering or injecting content into compromised, trusted sites.\r\nAfter the user visits the malicious web page, no further user\r\ninteraction is needed.\r\n\r\nIV. DETECTION\r\n\r\nSafari versions prior to 5.1 and 5.0.6 are vulnerable.\r\n\r\nV. WORKAROUND\r\n\r\niDefense is currently unaware of an effective workaround for this\r\nvulnerability as it occurs in the core parsing code. However, disabling\r\nscripting will make the vulnerability more difficult to exploit using\r\nknown techniques.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nApple Inc. has released patches which addresses this issue. For more\r\ninformation, consult their advisory at the following URL:\r\n\r\nhttp://support.apple.com/kb/HT4808\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2011-0223 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n02/25/2011 Initial Vendor Notification\r\n02/25/2011 Initial Vendor Reply\r\n07/20/2011 Coordinated Public Disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by Jose A. Vazquez of\r\n{http://spa-s3c.blogspot.com}.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright A\u00a9 2011 Verisign\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\ne-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n\r\n\r\n", "cvss3": {}, "published": "2011-07-22T00:00:00", "type": "securityvulns", "title": "iDefense Security Advisory 07.20.11: Multiple Vendor WebKit frameset style Heap Corruption Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-0223"], "modified": "2011-07-22T00:00:00", "id": "SECURITYVULNS:DOC:26669", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26669", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-05-20T14:15:50", "description": "The version of Apple iTunes on the remote host is prior to version 10.5. It is, therefore, affected by multiple vulnerabilities in the CoreAudio, CoreFoundation, CoreMedia, ColorSync, ImageIO, and WebKit components. Note that these only affect iTunes for Windows.", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "nessus", "title": "Apple iTunes < 10.5 Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1823", "CVE-2011-0164", "CVE-2011-0200", "CVE-2011-0204", "CVE-2011-0215", "CVE-2011-0218", "CVE-2011-0221", "CVE-2011-0222", "CVE-2011-0223", "CVE-2011-0225", "CVE-2011-0232", "CVE-2011-0233", "CVE-2011-0234", "CVE-2011-0235", "CVE-2011-0237", "CVE-2011-0238", "CVE-2011-0240", "CVE-2011-0253", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0259", "CVE-2011-0981", "CVE-2011-0983", "CVE-2011-1109", "CVE-2011-1114", "CVE-2011-1115", "CVE-2011-1117", "CVE-2011-1121", "CVE-2011-1188", "CVE-2011-1203", "CVE-2011-1204", "CVE-2011-1288", "CVE-2011-1293", "CVE-2011-1296", "CVE-2011-1440", "CVE-2011-1449", "CVE-2011-1451", "CVE-2011-1453", "CVE-2011-1457", "CVE-2011-1462", "CVE-2011-1774", "CVE-2011-1797", "CVE-2011-2338", "CVE-2011-2339", "CVE-2011-2341", "CVE-2011-2351", "CVE-2011-2352", "CVE-2011-2354", "CVE-2011-2356", "CVE-2011-2359", "CVE-2011-2788", "CVE-2011-2790", "CVE-2011-2792", "CVE-2011-2797", "CVE-2011-2799", "CVE-2011-2809", "CVE-2011-2811", "CVE-2011-2813", "CVE-2011-2814", "CVE-2011-2815", "CVE-2011-2816", "CVE-2011-2817", "CVE-2011-2818", "CVE-2011-2820", "CVE-2011-2823", "CVE-2011-2827", "CVE-2011-2831", "CVE-2011-3219", "CVE-2011-3232", "CVE-2011-3233", "CVE-2011-3234", "CVE-2011-3235", "CVE-2011-3236", "CVE-2011-3237", "CVE-2011-3238", "CVE-2011-3239", "CVE-2011-3241", "CVE-2011-3244", "CVE-2011-3252"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_10_5_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/56470", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56470);\n script_version(\"1.48\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\n \"CVE-2010-1823\",\n \"CVE-2011-0164\",\n \"CVE-2011-0200\",\n \"CVE-2011-0204\",\n \"CVE-2011-0215\",\n \"CVE-2011-0218\",\n \"CVE-2011-0221\",\n \"CVE-2011-0222\",\n \"CVE-2011-0223\",\n \"CVE-2011-0225\",\n \"CVE-2011-0232\",\n \"CVE-2011-0233\",\n \"CVE-2011-0234\",\n \"CVE-2011-0235\",\n \"CVE-2011-0237\",\n \"CVE-2011-0238\",\n \"CVE-2011-0240\",\n \"CVE-2011-0253\",\n \"CVE-2011-0254\",\n \"CVE-2011-0255\",\n \"CVE-2011-0259\",\n \"CVE-2011-0981\",\n \"CVE-2011-0983\",\n \"CVE-2011-1109\",\n \"CVE-2011-1114\",\n \"CVE-2011-1115\",\n \"CVE-2011-1117\",\n \"CVE-2011-1121\",\n \"CVE-2011-1188\",\n \"CVE-2011-1203\",\n \"CVE-2011-1204\",\n \"CVE-2011-1288\",\n \"CVE-2011-1293\",\n \"CVE-2011-1296\",\n \"CVE-2011-1440\",\n \"CVE-2011-1449\",\n \"CVE-2011-1451\",\n \"CVE-2011-1453\",\n \"CVE-2011-1457\",\n \"CVE-2011-1462\",\n \"CVE-2011-1774\",\n \"CVE-2011-1797\",\n \"CVE-2011-2338\",\n \"CVE-2011-2339\",\n \"CVE-2011-2341\",\n \"CVE-2011-2351\",\n \"CVE-2011-2352\",\n \"CVE-2011-2354\",\n \"CVE-2011-2356\",\n \"CVE-2011-2359\",\n \"CVE-2011-2788\",\n \"CVE-2011-2790\",\n \"CVE-2011-2792\",\n \"CVE-2011-2797\",\n \"CVE-2011-2799\",\n \"CVE-2011-2809\",\n \"CVE-2011-2811\",\n \"CVE-2011-2813\",\n \"CVE-2011-2814\",\n \"CVE-2011-2815\",\n \"CVE-2011-2816\",\n \"CVE-2011-2817\",\n \"CVE-2011-2818\",\n \"CVE-2011-2820\",\n \"CVE-2011-2823\",\n \"CVE-2011-2827\",\n \"CVE-2011-2831\",\n \"CVE-2011-3219\",\n \"CVE-2011-3232\",\n \"CVE-2011-3233\",\n \"CVE-2011-3234\",\n \"CVE-2011-3235\",\n \"CVE-2011-3236\",\n \"CVE-2011-3237\",\n \"CVE-2011-3238\",\n \"CVE-2011-3239\",\n \"CVE-2011-3241\",\n \"CVE-2011-3244\",\n \"CVE-2011-3252\"\n );\n script_bugtraq_id(\n 46262,\n 46614,\n 46785,\n 47029,\n 47604,\n 48437,\n 48479,\n 48840,\n 48856,\n 48960,\n 49279,\n 49658,\n 49850,\n 50065,\n 50066,\n 50067,\n 50068\n );\n script_xref(name:\"MSVR\", value:\"MSVR11-001\");\n\n script_name(english:\"Apple iTunes < 10.5 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a multimedia application that has multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes on the remote host is prior to version\n10.5. It is, therefore, affected by multiple vulnerabilities in the\nCoreAudio, CoreFoundation, CoreMedia, ColorSync, ImageIO, and WebKit\ncomponents. Note that these only affect iTunes for Windows.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-304/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT4981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.apple.com/archives/security-announce/2011/Oct/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 10.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-678\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"10.5\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:30", "description": "The version of Safari installed on the remote Windows host is earlier than 5.1.1. Thus, it is potentially affected by numerous issues in the following components :\n\n - Safari\n - WebKit", "cvss3": {}, "published": "2011-10-13T00:00:00", "type": "nessus", "title": "Safari < 5.1.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1440", "CVE-2011-2338", "CVE-2011-2339", "CVE-2011-2341", "CVE-2011-2351", "CVE-2011-2352", "CVE-2011-2354", "CVE-2011-2356", "CVE-2011-2359", "CVE-2011-2788", "CVE-2011-2790", "CVE-2011-2792", "CVE-2011-2797", "CVE-2011-2799", "CVE-2011-2800", "CVE-2011-2805", "CVE-2011-2809", "CVE-2011-2811", "CVE-2011-2813", "CVE-2011-2814", "CVE-2011-2815", "CVE-2011-2816", "CVE-2011-2817", "CVE-2011-2818", "CVE-2011-2819", "CVE-2011-2820", "CVE-2011-2823", "CVE-2011-2827", "CVE-2011-2831", "CVE-2011-3229", "CVE-2011-3232", "CVE-2011-3233", "CVE-2011-3234", "CVE-2011-3235", "CVE-2011-3236", "CVE-2011-3237", "CVE-2011-3238", "CVE-2011-3239", "CVE-2011-3241", "CVE-2011-3243"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "SAFARI_5_1_1.NASL", "href": "https://www.tenable.com/plugins/nessus/56483", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56483);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\n \"CVE-2011-1440\",\n \"CVE-2011-2338\",\n \"CVE-2011-2339\",\n \"CVE-2011-2341\",\n \"CVE-2011-2351\",\n \"CVE-2011-2352\",\n \"CVE-2011-2354\",\n \"CVE-2011-2356\",\n \"CVE-2011-2359\",\n \"CVE-2011-2788\",\n \"CVE-2011-2790\",\n \"CVE-2011-2792\",\n \"CVE-2011-2797\",\n \"CVE-2011-2799\",\n \"CVE-2011-2800\",\n \"CVE-2011-2805\",\n \"CVE-2011-2809\",\n \"CVE-2011-2811\",\n \"CVE-2011-2813\",\n \"CVE-2011-2814\",\n \"CVE-2011-2815\",\n \"CVE-2011-2816\",\n \"CVE-2011-2817\",\n \"CVE-2011-2818\",\n \"CVE-2011-2819\",\n \"CVE-2011-2820\",\n \"CVE-2011-2823\",\n \"CVE-2011-2827\",\n \"CVE-2011-2831\",\n \"CVE-2011-3229\",\n \"CVE-2011-3232\",\n \"CVE-2011-3233\",\n \"CVE-2011-3234\",\n \"CVE-2011-3235\",\n \"CVE-2011-3236\",\n \"CVE-2011-3237\",\n \"CVE-2011-3238\",\n \"CVE-2011-3239\",\n \"CVE-2011-3241\",\n \"CVE-2011-3243\"\n );\n script_bugtraq_id(\n 47604,\n 48479,\n 48960,\n 49279,\n 49658,\n 49850,\n 50089,\n 50163,\n 51032\n );\n\n script_name(english:\"Safari < 5.1.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks Safari's version number\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a web browser that is affected by several\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version of Safari installed on the remote Windows host is earlier\nthan 5.1.1. Thus, it is potentially affected by numerous issues in \nthe following components :\n\n - Safari\n - WebKit\"\n );\n # http://vttynotes.blogspot.com/2011/10/cve-2011-3229-steal-files-and-inject-js.html\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.nessus.org/u?95007eac\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT5000\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2011/Oct/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Safari 5.1.1 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"safari_installed.nasl\");\n script_require_keys(\"SMB/Safari/FileVersion\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nversion = get_kb_item_or_exit(\"SMB/Safari/FileVersion\");\n\nversion_ui = get_kb_item(\"SMB/Safari/ProductVersion\");\nif (isnull(version_ui)) version_ui = version;\n\nfixed_version = '5.34.51.22';\nfixed_version_ui = '5.1.1 (7534.51.22)';\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n if (report_verbosity > 0)\n {\n path = get_kb_item(\"SMB/Safari/Path\");\n if (isnull(path)) path = \"n/a\";\n\n report = \n '\\n Path : ' + path + \n '\\n Installed version : ' + version_ui + \n '\\n Fixed version : ' + fixed_version_ui + '\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\nelse exit(0, \"The remote host is not affected since Safari \" + version_ui + \" is installed.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:35", "description": "The version of Apple Safari installed on the remote Mac OS X host is earlier than 5.1.1. Thus, it is potentially affected by numerous issues in the following components :\n\n - Safari\n - WebKit", "cvss3": {}, "published": "2011-10-13T00:00:00", "type": "nessus", "title": "Mac OS X : Apple Safari < 5.1.1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1440", "CVE-2011-2338", "CVE-2011-2339", "CVE-2011-2341", "CVE-2011-2351", "CVE-2011-2352", "CVE-2011-2354", "CVE-2011-2356", "CVE-2011-2359", "CVE-2011-2788", "CVE-2011-2790", "CVE-2011-2792", "CVE-2011-2797", "CVE-2011-2799", "CVE-2011-2800", "CVE-2011-2805", "CVE-2011-2809", "CVE-2011-2811", "CVE-2011-2813", "CVE-2011-2814", "CVE-2011-2815", "CVE-2011-2816", "CVE-2011-2817", "CVE-2011-2818", "CVE-2011-2819", "CVE-2011-2820", "CVE-2011-2823", "CVE-2011-2827", "CVE-2011-2831", "CVE-2011-3229", "CVE-2011-3230", "CVE-2011-3231", "CVE-2011-3232", "CVE-2011-3233", "CVE-2011-3234", "CVE-2011-3235", "CVE-2011-3236", "CVE-2011-3237", "CVE-2011-3238", "CVE-2011-3239", "CVE-2011-3241", "CVE-2011-3242", "CVE-2011-3243"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI5_1_1.NASL", "href": "https://www.tenable.com/plugins/nessus/56482", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56482);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2011-1440\",\n \"CVE-2011-2338\",\n \"CVE-2011-2339\",\n \"CVE-2011-2341\",\n \"CVE-2011-2351\",\n \"CVE-2011-2352\",\n \"CVE-2011-2354\",\n \"CVE-2011-2356\",\n \"CVE-2011-2359\",\n \"CVE-2011-2788\",\n \"CVE-2011-2790\",\n \"CVE-2011-2792\",\n \"CVE-2011-2797\",\n \"CVE-2011-2799\",\n \"CVE-2011-2800\",\n \"CVE-2011-2805\",\n \"CVE-2011-2809\",\n \"CVE-2011-2811\",\n \"CVE-2011-2813\",\n \"CVE-2011-2814\",\n \"CVE-2011-2815\",\n \"CVE-2011-2816\",\n \"CVE-2011-2817\",\n \"CVE-2011-2818\",\n \"CVE-2011-2819\",\n \"CVE-2011-2820\",\n \"CVE-2011-2823\",\n \"CVE-2011-2827\",\n \"CVE-2011-2831\",\n \"CVE-2011-3229\",\n \"CVE-2011-3230\",\n \"CVE-2011-3231\",\n \"CVE-2011-3232\",\n \"CVE-2011-3233\",\n \"CVE-2011-3234\",\n \"CVE-2011-3235\",\n \"CVE-2011-3236\",\n \"CVE-2011-3237\",\n \"CVE-2011-3238\",\n \"CVE-2011-3239\",\n \"CVE-2011-3241\",\n \"CVE-2011-3242\",\n \"CVE-2011-3243\"\n );\n script_bugtraq_id(\n 46614,\n 47029,\n 47604,\n 48479,\n 48840,\n 48856,\n 48960,\n 49279,\n 49658,\n 49850,\n 50089,\n 50162,\n 50163,\n 50169,\n 50180,\n 51032\n );\n script_xref(name:\"EDB-ID\", value:\"17986\");\n\n script_name(english:\"Mac OS X : Apple Safari < 5.1.1\");\n script_summary(english:\"Check the Safari SourceVersion\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a web browser that is affected by several\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version of Apple Safari installed on the remote Mac OS X host is\nearlier than 5.1.1. Thus, it is potentially affected by numerous\nissues in the following components :\n\n - Safari\n - WebKit\"\n );\n # http://vttynotes.blogspot.com/2011/10/cve-2011-3229-steal-files-and-inject-js.html\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.nessus.org/u?95007eac\"\n );\n # http://vttynotes.blogspot.com/2011/10/cve-2011-3230-launch-any-file-path-from.html\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.nessus.org/u?de8e3a67\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT5000\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2011/Oct/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Apple Safari 5.1.1 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari file:// Arbitrary Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n \n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.[67]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.6 / 10.7\");\n\n\nget_kb_item_or_exit(\"MacOSX/Safari/Installed\");\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"5.1.1\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n Installed version : ' + version + \n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Safari\", version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:32", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.1. It is, therefore, affected by multiple vulnerabilities as described in the HT4808 security advisory.", "cvss3": {}, "published": "2011-07-21T00:00:00", "type": "nessus", "title": "Mac OS X : Apple Safari < 5.1 / 5.0.6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1383", "CVE-2010-1420", "CVE-2010-1823", "CVE-2010-3829", "CVE-2011-0164", "CVE-2011-0195", "CVE-2011-0200", "CVE-2011-0201", "CVE-2011-0202", "CVE-2011-0204", "CVE-2011-0206", "CVE-2011-0214", "CVE-2011-0215", "CVE-2011-0216", "CVE-2011-0217", "CVE-2011-0218", "CVE-2011-0219", "CVE-2011-0221", "CVE-2011-0222", "CVE-2011-0223", "CVE-2011-0225", "CVE-2011-0232", "CVE-2011-0233", "CVE-2011-0234", "CVE-2011-0235", "CVE-2011-0237", "CVE-2011-0238", "CVE-2011-0240", "CVE-2011-0241", "CVE-2011-0242", "CVE-2011-0244", "CVE-2011-0253", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0981", "CVE-2011-0983", "CVE-2011-1107", "CVE-2011-1109", "CVE-2011-1114", "CVE-2011-1115", "CVE-2011-1117", "CVE-2011-1121", "CVE-2011-1188", "CVE-2011-1190", "CVE-2011-1203", "CVE-2011-1204", "CVE-2011-1288", "CVE-2011-1293", "CVE-2011-1295", "CVE-2011-1296", "CVE-2011-1449", "CVE-2011-1451", "CVE-2011-1453", "CVE-2011-1457", "CVE-2011-1462", "CVE-2011-1774", "CVE-2011-1797", "CVE-2011-3438", "CVE-2011-3443"], "modified": "2019-07-03T00:00:00", "cpe": ["cpe:/a:apple:safari", "cpe:/o:apple:mac_os_x"], "id": "MACOSX_SAFARI5_1.NASL", "href": "https://www.tenable.com/plugins/nessus/55638", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55638);\n script_version(\"1.47\");\n script_cvs_date(\"Date: 2019/07/03 12:01:40\");\n\n script_cve_id(\n \"CVE-2010-1383\",\n \"CVE-2010-1420\",\n \"CVE-2010-1823\",\n \"CVE-2010-3829\",\n \"CVE-2011-0164\",\n \"CVE-2011-0195\",\n \"CVE-2011-0200\",\n \"CVE-2011-0201\",\n \"CVE-2011-0202\",\n \"CVE-2011-0204\",\n \"CVE-2011-0206\",\n \"CVE-2011-0214\",\n \"CVE-2011-0215\",\n \"CVE-2011-0216\",\n \"CVE-2011-0217\",\n \"CVE-2011-0218\",\n \"CVE-2011-0219\",\n \"CVE-2011-0221\",\n \"CVE-2011-0222\",\n \"CVE-2011-0223\",\n \"CVE-2011-0225\",\n \"CVE-2011-0232\",\n \"CVE-2011-0233\",\n \"CVE-2011-0234\",\n \"CVE-2011-0235\",\n \"CVE-2011-0237\",\n \"CVE-2011-0238\",\n \"CVE-2011-0240\",\n \"CVE-2011-0241\",\n \"CVE-2011-0242\",\n \"CVE-2011-0244\",\n \"CVE-2011-0253\",\n \"CVE-2011-0254\",\n \"CVE-2011-0255\",\n \"CVE-2011-0981\",\n \"CVE-2011-0983\",\n \"CVE-2011-1107\",\n \"CVE-2011-1109\",\n \"CVE-2011-1114\",\n \"CVE-2011-1115\",\n \"CVE-2011-1117\",\n \"CVE-2011-1121\",\n \"CVE-2011-1188\",\n \"CVE-2011-1190\",\n \"CVE-2011-1203\",\n \"CVE-2011-1204\",\n \"CVE-2011-1288\",\n \"CVE-2011-1293\",\n \"CVE-2011-1295\",\n \"CVE-2011-1296\",\n \"CVE-2011-1449\",\n \"CVE-2011-1451\",\n \"CVE-2011-1453\",\n \"CVE-2011-1457\",\n \"CVE-2011-1462\",\n \"CVE-2011-1774\",\n \"CVE-2011-1797\",\n \"CVE-2011-3438\",\n \"CVE-2011-3443\"\n );\n script_bugtraq_id(\n 43228,\n 45008,\n 46262,\n 46614,\n 46703,\n 46785,\n 47020,\n 47029,\n 47604,\n 47668,\n 48416,\n 48426,\n 48427,\n 48429,\n 48437,\n 48820,\n 48823,\n 48825,\n 48827,\n 48828,\n 48831,\n 48832,\n 48833,\n 48837,\n 48839,\n 48840,\n 48842,\n 48843,\n 48844,\n 48845,\n 48846,\n 48847,\n 48848,\n 48849,\n 48850,\n 48851,\n 48852,\n 48853,\n 48854,\n 48855,\n 48856,\n 48857,\n 48858,\n 48859,\n 48860,\n 51035,\n 78606\n );\n script_xref(name:\"EDB-ID\", value:\"17575\");\n script_xref(name:\"EDB-ID\", value:\"17993\");\n\n script_name(english:\"Mac OS X : Apple Safari < 5.1 / 5.0.6\");\n script_summary(english:\"Checks the Safari Version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 11.1. It is, therefore, affected by multiple\nvulnerabilities as described in the HT4808 security advisory.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4808\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Jul/msg00002.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple Safari 5.1 / 5.0.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-1383\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-678\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_apple_safari_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item('Host/MacOSX/Version');\nif (!os) audit(AUDIT_OS_NOT, 'Mac OS X or macOS');\n\nif (!preg(pattern:\"Mac OS X 10\\.[56]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, 'Mac OS X 10.5 / 10.6');\n\nget_kb_item_or_exit('MacOSX/Safari/Installed', exit_code:0);\npath = get_kb_item_or_exit('MacOSX/Safari/Path', exit_code:1);\nversion = get_kb_item_or_exit('MacOSX/Safari/Version', exit_code:1);\n\nfixed_version = '5.1';\nif ('10.5' >< os) fixed_version = '5.0.5';\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n 'Path', path,\n 'Installed version', version,\n 'Fixed version', fixed_version\n ),\n ordered_fields:make_list('Path', 'Installed version', 'Fixed version')\n );\n security_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, 'Safari', version, path);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:29", "description": "The version of Safari installed on the remote Windows host is earlier than 5.1. As such, it is potentially affected by numerous issues in the following components :\n\n - CFNetwork\n - ColorSync\n - CoreFoundation\n - CoreGraphics\n - International Components for Unicode\n - ImageIO\n - libxslt\n - libxml\n - Safari\n - WebKit", "cvss3": {}, "published": "2011-07-21T00:00:00", "type": "nessus", "title": "Safari < 5.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1383", "CVE-2010-1420", "CVE-2010-1823", "CVE-2010-3829", "CVE-2011-0164", "CVE-2011-0195", "CVE-2011-0200", "CVE-2011-0201", "CVE-2011-0202", "CVE-2011-0204", "CVE-2011-0206", "CVE-2011-0214", "CVE-2011-0215", "CVE-2011-0216", "CVE-2011-0217", "CVE-2011-0218", "CVE-2011-0219", "CVE-2011-0221", "CVE-2011-0222", "CVE-2011-0223", "CVE-2011-0225", "CVE-2011-0232", "CVE-2011-0233", "CVE-2011-0234", "CVE-2011-0235", "CVE-2011-0237", "CVE-2011-0238", "CVE-2011-0240", "CVE-2011-0241", "CVE-2011-0242", "CVE-2011-0244", "CVE-2011-0253", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0981", "CVE-2011-0983", "CVE-2011-1107", "CVE-2011-1109", "CVE-2011-1114", "CVE-2011-1115", "CVE-2011-1117", "CVE-2011-1121", "CVE-2011-1188", "CVE-2011-1190", "CVE-2011-1203", "CVE-2011-1204", "CVE-2011-1288", "CVE-2011-1293", "CVE-2011-1295", "CVE-2011-1296", "CVE-2011-1449", "CVE-2011-1451", "CVE-2011-1453", "CVE-2011-1457", "CVE-2011-1462", "CVE-2011-1774", "CVE-2011-1797", "CVE-2011-3443"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "SAFARI_5_1.NASL", "href": "https://www.tenable.com/plugins/nessus/55639", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55639);\n script_version(\"1.47\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\n \"CVE-2010-1383\",\n \"CVE-2010-1420\",\n \"CVE-2010-1823\",\n \"CVE-2010-3829\",\n \"CVE-2011-0164\",\n \"CVE-2011-0195\",\n \"CVE-2011-0200\",\n \"CVE-2011-0201\",\n \"CVE-2011-0202\",\n \"CVE-2011-0204\",\n \"CVE-2011-0206\",\n \"CVE-2011-0214\",\n \"CVE-2011-0215\",\n \"CVE-2011-0216\",\n \"CVE-2011-0217\",\n \"CVE-2011-0218\",\n \"CVE-2011-0219\",\n \"CVE-2011-0221\",\n \"CVE-2011-0222\",\n \"CVE-2011-0223\",\n \"CVE-2011-0225\",\n \"CVE-2011-0232\",\n \"CVE-2011-0233\",\n \"CVE-2011-0234\",\n \"CVE-2011-0235\",\n \"CVE-2011-0237\",\n \"CVE-2011-0238\",\n \"CVE-2011-0240\",\n \"CVE-2011-0241\",\n \"CVE-2011-0242\",\n \"CVE-2011-0244\",\n \"CVE-2011-0253\",\n \"CVE-2011-0254\",\n \"CVE-2011-0255\",\n \"CVE-2011-0981\",\n \"CVE-2011-0983\",\n \"CVE-2011-1107\",\n \"CVE-2011-1109\",\n \"CVE-2011-1114\",\n \"CVE-2011-1115\",\n \"CVE-2011-1117\",\n \"CVE-2011-1121\",\n \"CVE-2011-1188\",\n \"CVE-2011-1190\",\n \"CVE-2011-1203\",\n \"CVE-2011-1204\",\n \"CVE-2011-1288\",\n \"CVE-2011-1293\",\n \"CVE-2011-1295\",\n \"CVE-2011-1296\",\n \"CVE-2011-1449\",\n \"CVE-2011-1451\",\n \"CVE-2011-1453\",\n \"CVE-2011-1457\",\n \"CVE-2011-1462\",\n \"CVE-2011-1774\",\n \"CVE-2011-1797\",\n \"CVE-2011-3443\"\n );\n script_bugtraq_id(\n 43228,\n 46262,\n 46614,\n 46703,\n 46785,\n 47029,\n 47604,\n 47668,\n 48416,\n 48426,\n 48427,\n 48429,\n 48437,\n 48820,\n 48823,\n 48824,\n 48825,\n 48827,\n 48828,\n 48831,\n 48832,\n 48833,\n 48837,\n 48839,\n 48840,\n 48841,\n 48842,\n 48843,\n 48844,\n 48845,\n 48846,\n 48847,\n 48848,\n 48849,\n 48850,\n 48851,\n 48852,\n 48853,\n 48854,\n 48855,\n 48856,\n 48857,\n 48858,\n 48859,\n 48860\n );\n script_xref(name:\"EDB-ID\", value:\"17575\");\n script_xref(name:\"EDB-ID\", value:\"17993\");\n script_xref(name:\"MSVR\", value:\"MSVR11-009\");\n\n script_name(english:\"Safari < 5.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks Safari's version number\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a web browser that is affected by several\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Safari installed on the remote Windows host is earlier\nthan 5.1. As such, it is potentially affected by numerous issues in\nthe following components :\n\n - CFNetwork\n - ColorSync\n - CoreFoundation\n - CoreGraphics\n - International Components for Unicode\n - ImageIO\n - libxslt\n - libxml\n - Safari\n - WebKit\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4808\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Jul/msg00002.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Safari 5.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-678\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"safari_installed.nasl\");\n script_require_keys(\"SMB/Safari/FileVersion\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nversion = get_kb_item_or_exit(\"SMB/Safari/FileVersion\");\n\nversion_ui = get_kb_item(\"SMB/Safari/ProductVersion\");\nif (isnull(version_ui)) version_ui = version;\n\nif (ver_compare(ver:version, fix:\"5.34.50.0\") == -1)\n{\n if (report_verbosity > 0)\n {\n path = get_kb_item(\"SMB/Safari/Path\");\n if (isnull(path)) path = \"n/a\";\n\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_ui +\n '\\n Fixed version : 5.1 (7534.50)\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\nelse exit(0, \"The remote host is not affected since Safari \" + version_ui + \" is installed.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:58", "description": "The mobile device is running a version of iOS that is prior to version 5.0. Version 5.0 contains numerous security-related fixes for the following vulnerabilities :\n\n - Apple iOS Calendar Synchronization SSL Certificate Validation Information Disclosure Vulnerability (CVE-2011-3253)\n\n - Apple iOS Calendar Cross-Site Scripting Vulnerability (CVE-2011-3254)\n\n - Apple iOS CFNetwork Information Disclosure Vulnerability (CVE-2011-3255)\n\n - Apple iOS and Mac OS X CFNetwork Cross Domain Information Disclosure Vulnerability (CVE-2011-3246)\n\n - Apple Mac OS X CoreFoundation Memory Corruption Vulnerability (CVE-2011-0259)\n\n - FreeType Font Document Multiple Memory Corruption Vulnerabilities (CVE-2011-3256)\n\n - Apple Mac OS X QuickTime Cross-Domain Information Disclosure Vulnerability (CVE-2011-0187)\n\n - Apple iOS Mail Cookie Synchronization Validation Information Disclosure Vulnerability (CVE-2011-3257)\n\n - An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API. (CVE-2011-3389)\n\n - Opera Web Browser Information Disclosure Vulnerability\n\n - Apple iOS Home Screen Information Disclosure Vulnerability (CVE-2011-3431)\n\n - libTIFF CCITT Group 4 Encoded TIFF Image Buffer Overflow Vulnerability (CVE-2011-0192)\n\n - Apple Safari ImageIO TIFF Image Handling Heap Buffer Overflow Vulnerability (CVE-2011-0241)\n\n - Apple Mac OS X ICU Buffer Overflow Vulnerability (CVE-2011-0206)\n\n - Apple Kernel TCP Exhaustion Denial of Service Vulnerability (CVE-2011-3259)\n\n - Apple Mac OS X IPV6 Socket Options Denial of Service Vulnerability (CVE-2011-1132)\n\n - Apple iOS Keyboard Information Disclosure Vulnerability (CVE-2011-3245)\n\n - Apple Safari 'libxml' Remote Code Execution Vulnerability (CVE-2011-0216)\n\n - Apple iPhone/iPad/iPod Touch prior to iOS 5 Buffer Overflow Vulnerability (CVE-2011-3260)\n\n - Apple iPhone/iPad/iPod Touch prior to iOS 5 Remote Code Execution Vulnerability (CVE-2011-3261)\n\n - Apple Mac OS X QuickLook Office File Memory Corruption Vulnerability (CVE-2011-0208)\n\n - Apple Mac OS X QuickLook Remote Code Execution Vulnerability (CVE-2011-0184)\n\n - Apple iPhone/iPad/iPod Touch 'Content-Disposition' Header Cross-Site Scripting Vulnerability (CVE-2011-3246)\n\n - Apple iOS Parental Restrictions Passcode Information Disclosure Vulnerability (CVE-2011-3249)\n\n - Apple iOS Insecure Misleading UI Insecure Configuration Weakness (CVE-2011-3430)\n\n - Apple iOS Remote Denial of Service Vulnerability (CVE-2011-3432)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0218)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0221)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0222)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0225)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0232)\n\n - WebKit FrameOwner Element Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0233)\n\n - WebKit Malformed XHTML Tags Use-After-Free Memory Corruption Vulnerability (CVE-2011-0234)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0235)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0238)\n\n - WebKit 'NamedNodeMap.cpp' Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0254)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0255)\n\n - Google Chrome prior to 9.0.597.94 Multiple Security Vulnerabilities (CVE-2011-0981)\n\n - Google Chrome prior to 9.0.597.107 Multiple Security Vulnerabilities (CVE-2011-1109)\n\n - Google Chrome prior to 10.0.648.127 Multiple Security Vulnerabilities (CVE-2011-1188)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1288)\n\n - Google Chrome prior to 10.0.648.204 Multiple Security Vulnerabilities (CVE-2011-1293)\n\n - Google Chrome prior to 11.0.696.57 Multiple Security Vulnerabilities (CVE-2011-1449)\n\n - WebKit MathML Tags Use-After-Free Remote Code Execution Vulnerability\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1453)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1457)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1462)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1797)\n\n - WebKit Multiple Unspecified Remote Code Execution Vulnerabilities (CVE-2011-2338)\n\n - WebKit Style Sheet Elements Remote Code Execution Vulnerability (CVE-2011-2341)\n\n - Google Chrome Prior to 12.0.742.112 Multiple Security Vulnerabilities (CVE-2011-2351)\n\n - Google Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities (CVE-2011-2359)\n\n - Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities (CVE-2011-2823)\n\n - Mozilla Firefox/Thunderbird/SeaMonkey YARR Remote Code Execution Vulnerability (CVE-2011-3232)\n\n - Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities (CVE-2011-3234)\n\n - WebKit Embedded URL Cross Domain Scripting Vulnerability (CVE-2011-0242)\n\n - WebKit Address Bar URI Spoofing Vulnerability (CVE-2011-1107)\n\n - WebKit 'libxslt' Remote Code Execution Vulnerability (CVE-2011-1774)\n\n - WebKit 'HTML5' Drag and Drop Cross-Origin Information Disclosure Vulnerability (CVE-2011-0166)\n\n - WebKit Inactive DOM Windows Cross Domain Scripting Vulnerability (CVE-2011-3243)\n\n - Apple iOS WiFi Credentials Information Disclosure Vulnerability (CVE-2011-3234)", "cvss3": {}, "published": "2012-06-19T00:00:00", "type": "nessus", "title": "Apple iOS < 5.0 Multiple Vulnerabilities (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0166", "CVE-2011-0184", "CVE-2011-0187", "CVE-2011-0192", "CVE-2011-0206", "CVE-2011-0208", "CVE-2011-0216", "CVE-2011-0218", "CVE-2011-0221", "CVE-2011-0222", "CVE-2011-0225", "CVE-2011-0232", "CVE-2011-0233", "CVE-2011-0234", "CVE-2011-0235", "CVE-2011-0238", "CVE-2011-0241", "CVE-2011-0242", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0259", "CVE-2011-0981", "CVE-2011-1107", "CVE-2011-1109", "CVE-2011-1132", "CVE-2011-1188", "CVE-2011-1288", "CVE-2011-1293", "CVE-2011-1449", "CVE-2011-1453", "CVE-2011-1457", "CVE-2011-1462", "CVE-2011-1774", "CVE-2011-1797", "CVE-2011-2338", "CVE-2011-2341", "CVE-2011-2351", "CVE-2011-2359", "CVE-2011-2823", "CVE-2011-3232", "CVE-2011-3234", "CVE-2011-3243", "CVE-2011-3245", "CVE-2011-3246", "CVE-2011-3249", "CVE-2011-3253", "CVE-2011-3254", "CVE-2011-3255", "CVE-2011-3256", "CVE-2011-3257", "CVE-2011-3259", "CVE-2011-3260", "CVE-2011-3261", "CVE-2011-3389", "CVE-2011-3430", "CVE-2011-3431", "CVE-2011-3432"], "modified": "2023-05-03T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_50_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/60026", "sourceData": "Binary data apple_ios_50_check.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:18", "description": "Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2011-1108 Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.\n\n - CVE-2011-1109 Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a 'stale pointer'.\n\n - CVE-2011-1113 Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly perform pickle deserialization, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.\n\n - CVE-2011-1114 Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a 'stale node'.\n\n - CVE-2011-1115 Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a 'stale pointer'.\n\n - CVE-2011-1121 Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element.\n\n - CVE-2011-1122 The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71960.\n\n - In addition, this upload fixes the following issues (they don't have a CVE id yet) :\n\n - Out-of-bounds read in text searching. [69640]\n - Memory corruption in SVG fonts. [72134]\n\n - Memory corruption with counter nodes. [69628]\n\n - Stale node in box layout. [70027]\n\n - Cross-origin error message leak with workers. [70336]\n\n - Stale pointer in table painting. [72028]\n\n - Stale pointer with SVG cursors. [73746]", "cvss3": {}, "published": "2011-03-11T00:00:00", "type": "nessus", "title": "Debian DSA-2189-1 : chromium-browser - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1108", "CVE-2011-1109", "CVE-2011-1113", "CVE-2011-1114", "CVE-2011-1115", "CVE-2011-1121", "CVE-2011-1122"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2189.NASL", "href": "https://www.tenable.com/plugins/nessus/52621", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2189. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52621);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-1108\", \"CVE-2011-1109\", \"CVE-2011-1113\", \"CVE-2011-1114\", \"CVE-2011-1115\", \"CVE-2011-1121\", \"CVE-2011-1122\");\n script_bugtraq_id(46614);\n script_xref(name:\"DSA\", value:\"2189\");\n\n script_name(english:\"Debian DSA-2189-1 : chromium-browser - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the Chromium browser. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2011-1108\n Google Chrome before 9.0.597.107 does not properly\n implement JavaScript dialogs, which allows remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n crafted HTML document.\n\n - CVE-2011-1109\n Google Chrome before 9.0.597.107 does not properly\n process nodes in Cascading Style Sheets (CSS)\n stylesheets, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via unknown vectors that lead to a 'stale\n pointer'.\n\n - CVE-2011-1113\n Google Chrome before 9.0.597.107 on 64-bit Linux\n platforms does not properly perform pickle\n deserialization, which allows remote attackers to cause\n a denial of service (out-of-bounds read) via unspecified\n vectors.\n\n - CVE-2011-1114\n Google Chrome before 9.0.597.107 does not properly\n handle tables, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via unknown vectors that lead to a 'stale node'.\n\n - CVE-2011-1115\n Google Chrome before 9.0.597.107 does not properly\n render tables, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via unknown vectors that lead to a 'stale\n pointer'.\n\n - CVE-2011-1121\n Integer overflow in Google Chrome before 9.0.597.107\n allows remote attackers to cause a denial of service or\n possibly have unspecified other impact via vectors\n involving a TEXTAREA element.\n\n - CVE-2011-1122\n The WebGL implementation in Google Chrome before\n 9.0.597.107 allows remote attackers to cause a denial of\n service (out-of-bounds read) via unspecified vectors,\n aka Issue 71960.\n\n - In addition, this upload fixes the following issues\n (they don't have a CVE id yet) :\n\n - Out-of-bounds read in text searching. [69640]\n - Memory corruption in SVG fonts. [72134]\n\n - Memory corruption with counter nodes. [69628]\n\n - Stale node in box layout. [70027]\n\n - Cross-origin error message leak with workers. [70336]\n\n - Stale pointer in table painting. [72028]\n\n - Stale pointer with SVG cursors. [73746]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2189\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 6.0.472.63~r59945-5+squeeze3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"chromium-browser\", reference:\"6.0.472.63~r59945-5+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"chromium-browser-dbg\", reference:\"6.0.472.63~r59945-5+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"chromium-browser-inspector\", reference:\"6.0.472.63~r59945-5+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"chromium-browser-l10n\", reference:\"6.0.472.63~r59945-5+squeeze3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:14:52", "description": "Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2011-1292 Use-after-free vulnerability in the frame-loader implementation in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.\n\n - CVE-2011-1293 Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.\n\n - CVE-2011-1440 Use-after-free vulnerability in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Ruby element and Cascading Style Sheets (CSS) token sequences.\n\n - CVE-2011-1444 Race condition in the sandbox launcher implementation in Google Chrome on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.\n\n - CVE-2011-1797 Google Chrome does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a 'stale pointer'.\n\n - CVE-2011-1799 Google Chrome does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "cvss3": {}, "published": "2011-06-10T00:00:00", "type": "nessus", "title": "Debian DSA-2245-1 : chromium-browser - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1292", "CVE-2011-1293", "CVE-2011-1440", "CVE-2011-1444", "CVE-2011-1797", "CVE-2011-1799"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2245.NASL", "href": "https://www.tenable.com/plugins/nessus/55033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2245. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55033);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-1292\", \"CVE-2011-1293\", \"CVE-2011-1440\", \"CVE-2011-1444\", \"CVE-2011-1797\", \"CVE-2011-1799\");\n script_bugtraq_id(47029, 47604, 47830);\n script_xref(name:\"DSA\", value:\"2245\");\n\n script_name(english:\"Debian DSA-2245-1 : chromium-browser - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the Chromium browser. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2011-1292\n Use-after-free vulnerability in the frame-loader\n implementation in Google Chrome allows remote attackers\n to cause a denial of service or possibly have\n unspecified other impact via unknown vectors.\n\n - CVE-2011-1293\n Use-after-free vulnerability in the HTMLCollection\n implementation in Google Chrome allows remote attackers\n to cause a denial of service or possibly have\n unspecified other impact via unknown vectors.\n\n - CVE-2011-1440\n Use-after-free vulnerability in Google Chrome allows\n remote attackers to cause a denial of service or\n possibly have unspecified other impact via vectors\n related to the Ruby element and Cascading Style Sheets\n (CSS) token sequences.\n\n - CVE-2011-1444\n Race condition in the sandbox launcher implementation in\n Google Chrome on Linux allows remote attackers to cause\n a denial of service or possibly have unspecified other\n impact via unknown vectors.\n\n - CVE-2011-1797\n Google Chrome does not properly render tables, which\n allows remote attackers to cause a denial of service or\n possibly have unspecified other impact via unknown\n vectors that lead to a 'stale pointer'.\n\n - CVE-2011-1799\n Google Chrome does not properly perform casts of\n variables during interaction with the WebKit engine,\n which allows remote attackers to cause a denial of\n service or possibly have unspecified other impact via\n unknown vectors.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2245\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 6.0.472.63~r59945-5+squeeze5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"chromium-browser\", reference:\"6.0.472.63~r59945-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"chromium-browser-dbg\", reference:\"6.0.472.63~r59945-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"chromium-browser-inspector\", reference:\"6.0.472.63~r59945-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"chromium-browser-l10n\", reference:\"6.0.472.63~r59945-5+squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:09", "description": "Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2011-2818 Use-after-free vulnerability in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.\n\n - CVE-2011-2800 Google Chrome allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted website.\n\n - CVE-2011-2359 Google Chrome does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a 'stale pointer'.\n\nSeveral unauthorised SSL certificates have been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. This update blacklists SSL certificates issued by DigiNotar-controlled intermediate CAs used by the Dutch PKIoverheid program.", "cvss3": {}, "published": "2011-09-12T00:00:00", "type": "nessus", "title": "Debian DSA-2307-1 : chromium-browser - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2359", "CVE-2011-2800", "CVE-2011-2818"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2307.NASL", "href": "https://www.tenable.com/plugins/nessus/56145", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2307. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56145);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2359\", \"CVE-2011-2800\", \"CVE-2011-2818\");\n script_bugtraq_id(48960);\n script_xref(name:\"DSA\", value:\"2307\");\n\n script_name(english:\"Debian DSA-2307-1 : chromium-browser - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the Chromium browser. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2011-2818\n Use-after-free vulnerability in Google Chrome allows\n remote attackers to cause a denial of service or\n possibly have unspecified other impact via vectors\n related to display box rendering.\n\n - CVE-2011-2800\n Google Chrome allows remote attackers to obtain\n potentially sensitive information about client-side\n redirect targets via a crafted website.\n\n - CVE-2011-2359\n Google Chrome does not properly track line boxes during\n rendering, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via unknown vectors that lead to a 'stale\n pointer'.\n\nSeveral unauthorised SSL certificates have been found in the wild\nissued for the DigiNotar Certificate Authority, obtained through a\nsecurity compromise with said company. This update blacklists SSL\ncertificates issued by DigiNotar-controlled intermediate CAs used by\nthe Dutch PKIoverheid program.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2307\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.472.63~r59945-5+squeeze6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"chromium-browser\", reference:\"6.0.472.63~r59945-5+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"chromium-browser-dbg\", reference:\"6.0.472.63~r59945-5+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"chromium-browser-inspector\", reference:\"6.0.472.63~r59945-5+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"chromium-browser-l10n\", reference:\"6.0.472.63~r59945-5+squeeze6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:14", "description": "The version of Google Chrome installed on the remote host is earlier than 9.0.597.107. Such versions are reportedly affected by multiple vulnerabilities :\n\n - An unspecified error exists in the URL bar operations which can allow spoofing attacks. (Issue #54262)\n\n - An unspecified error exists in the processing of JavaScript dialogs. (Issue #63732)\n\n - An unspecified error exists in the processing of CSS nodes which can leave stale pointers in memory.\n (Issue #68263)\n\n - An unspecified error exists in the processing of key frame rules which can leave stale pointers in memory.\n (Issue #68741)\n\n - An unspecified error exists in the processing of form controls which can lead to application crashes.\n (Issue #70078)\n\n - An unspecified error exists in the rendering of SVG animations and other SVG content which can leave stale pointers in memory. (Issue #70244, #71296)\n\n - An unspecified error exists in the processing of tables which can leave stale nodes behind. (Issue #71114)\n\n - An unspecified error exists in the processing of tables which can leave stale pointers in memory. (Issue #71115)\n\n - An unspecified error exists in the processing of XHTML which can leave stale nodes behind. (Issue #71386)\n\n - An unspecified error exists in the processing of textarea elements which can lead to application crashes. (Issue #71388)\n\n - An unspecified error exists in the processing of device orientation which can leave stale pointers in memory.\n (Issue #71595)\n\n - An unspecified error exists in WebGL which allows out-of-bounds memory accesses. (Issue #71717, #71960)\n\n - An integer overflow exists in the processing of textarea elements which can lead to application crashes. (Issue #71855)\n\n - An unspecified error exists which exposes internal extension functions. (Issue #72214)\n\n - A use-after-free error exists in the processing of blocked plugins. (Issue #72437)\n\n - An unspecified error exists in the processing of layouts which can leave stale pointers in memory.\n (Issue #73235)", "cvss3": {}, "published": "2011-03-02T00:00:00", "type": "nessus", "title": "Google Chrome < 9.0.597.107 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1107", "CVE-2011-1108", "CVE-2011-1109", "CVE-2011-1110", "CVE-2011-1111", "CVE-2011-1112", "CVE-2011-1114", "CVE-2011-1115", "CVE-2011-1116", "CVE-2011-1117", "CVE-2011-1118", "CVE-2011-1119", "CVE-2011-1120", "CVE-2011-1121", "CVE-2011-1122", "CVE-2011-1123", "CVE-2011-1124", "CVE-2011-1125"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_9_0_597_107.NASL", "href": "https://www.tenable.com/plugins/nessus/52501", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52501);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2011-1107\",\n \"CVE-2011-1108\",\n \"CVE-2011-1109\",\n \"CVE-2011-1110\",\n \"CVE-2011-1111\",\n \"CVE-2011-1112\",\n \"CVE-2011-1114\",\n \"CVE-2011-1115\",\n \"CVE-2011-1116\",\n \"CVE-2011-1117\",\n \"CVE-2011-1118\",\n \"CVE-2011-1119\",\n \"CVE-2011-1120\",\n \"CVE-2011-1121\",\n \"CVE-2011-1122\",\n \"CVE-2011-1123\",\n \"CVE-2011-1124\",\n \"CVE-2011-1125\"\n );\n script_bugtraq_id(46614, 47020);\n script_xref(name:\"SECUNIA\", value:\"43519\");\n\n script_name(english:\"Google Chrome < 9.0.597.107 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is earlier\nthan 9.0.597.107. Such versions are reportedly affected by multiple\nvulnerabilities :\n\n - An unspecified error exists in the URL bar operations\n which can allow spoofing attacks. (Issue #54262)\n\n - An unspecified error exists in the processing of\n JavaScript dialogs. (Issue #63732)\n\n - An unspecified error exists in the processing of CSS\n nodes which can leave stale pointers in memory.\n (Issue #68263)\n\n - An unspecified error exists in the processing of key\n frame rules which can leave stale pointers in memory.\n (Issue #68741)\n\n - An unspecified error exists in the processing of form\n controls which can lead to application crashes.\n (Issue #70078)\n\n - An unspecified error exists in the rendering of SVG\n animations and other SVG content which can leave stale\n pointers in memory. (Issue #70244, #71296)\n\n - An unspecified error exists in the processing of tables\n which can leave stale nodes behind. (Issue #71114)\n\n - An unspecified error exists in the processing of tables\n which can leave stale pointers in memory. (Issue #71115)\n\n - An unspecified error exists in the processing of XHTML\n which can leave stale nodes behind. (Issue #71386)\n\n - An unspecified error exists in the processing of\n textarea elements which can lead to application\n crashes. (Issue #71388)\n\n - An unspecified error exists in the processing of device\n orientation which can leave stale pointers in memory.\n (Issue #71595)\n\n - An unspecified error exists in WebGL which allows\n out-of-bounds memory accesses. (Issue #71717, #71960)\n\n - An integer overflow exists in the processing of\n textarea elements which can lead to application\n crashes. (Issue #71855)\n\n - An unspecified error exists which exposes internal\n extension functions. (Issue #72214)\n\n - A use-after-free error exists in the processing of\n blocked plugins. (Issue #72437)\n\n - An unspecified error exists in the processing of\n layouts which can leave stale pointers in memory.\n (Issue #73235)\");\n # https://chromereleases.googleblog.com/2011/02/stable-channel-update_28.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3c074e5d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 9.0.597.107 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\n\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\ngoogle_chrome_check_version(installs:installs, fix:'9.0.597.107', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:50", "description": "The version of Google Chrome installed on the remote host is earlier than 9.0.597.94. Such versions are reportedly affected by multiple vulnerabilities :\n\n - An error exists in the processing of animations events related to stale pointers. (Issue #67234)\n\n - An error exists in the processing of SVG font faces which allows attempts to use already freed resources.\n (Issue #68120)\n\n - An error exists in the processing of anonymous blocks related to stale pointers. (Issue #69556)\n\n - Errors exist in the processing of plugins which allow out-of-bounds reads to occur. (Issue #69970)\n\n - An error exists in the handling of out-of-memory conditions and does not always allow processes to be properly terminated. (Issue #70456)", "cvss3": {}, "published": "2011-02-09T00:00:00", "type": "nessus", "title": "Google Chrome < 9.0.597.94 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0981", "CVE-2011-0982", "CVE-2011-0983", "CVE-2011-0984", "CVE-2011-0985"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_9_0_597_94.NASL", "href": "https://www.tenable.com/plugins/nessus/51921", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51921);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2011-0981\",\n \"CVE-2011-0982\",\n \"CVE-2011-0983\",\n \"CVE-2011-0984\",\n \"CVE-2011-0985\"\n );\n script_bugtraq_id(46262);\n script_xref(name:\"SECUNIA\", value:\"43021\");\n\n script_name(english:\"Google Chrome < 9.0.597.94 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is earlier\nthan 9.0.597.94. Such versions are reportedly affected by multiple\nvulnerabilities :\n\n - An error exists in the processing of animations events\n related to stale pointers. (Issue #67234)\n\n - An error exists in the processing of SVG font faces\n which allows attempts to use already freed resources.\n (Issue #68120)\n\n - An error exists in the processing of anonymous blocks\n related to stale pointers. (Issue #69556)\n\n - Errors exist in the processing of plugins which allow\n out-of-bounds reads to occur. (Issue #69970)\n\n - An error exists in the handling of out-of-memory\n conditions and does not always allow processes to be\n properly terminated. (Issue #70456)\");\n # https://chromereleases.googleblog.com/2011/02/stable-channel-update_08.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4a1f59e2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 9.0.597.94 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\n\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\ngoogle_chrome_check_version(installs:installs, fix:'9.0.597.94', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:22", "description": "This update of libwebkit fixes :\n\n - XSLT file creation allowed webpages evaluating XSLT code to create files. (CVE-2011-1774)\n\n - ZDI-11-139 Webkit Anonymous Frame remote code exec", "cvss3": {}, "published": "2011-07-29T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : libwebkit (SAT Patch Number 4917)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1774"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libwebkit-1_0-2", "p-cpe:/a:novell:suse_linux:11:libwebkit-lang", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBWEBKIT-110725.NASL", "href": "https://www.tenable.com/plugins/nessus/55728", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55728);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1774\");\n\n script_name(english:\"SuSE 11.1 Security Update : libwebkit (SAT Patch Number 4917)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libwebkit fixes :\n\n - XSLT file creation allowed webpages evaluating XSLT code\n to create files. (CVE-2011-1774)\n\n - ZDI-11-139 Webkit Anonymous Frame remote code exec\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1774.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4917.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libwebkit-1_0-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libwebkit-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libwebkit-1_0-2-1.2.7-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libwebkit-lang-1.2.7-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libwebkit-1_0-2-1.2.7-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libwebkit-lang-1.2.7-0.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2022-08-10T07:05:55", "description": "\nSeveral vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n\n* [CVE-2011-1108](https://security-tracker.debian.org/tracker/CVE-2011-1108)\nGoogle Chrome before 9.0.597.107 does not properly implement JavaScript\n dialogs, which allows remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other impact via a crafted\n HTML document.\n* [CVE-2011-1109](https://security-tracker.debian.org/tracker/CVE-2011-1109)\nGoogle Chrome before 9.0.597.107 does not properly process nodes in Cascading\n Style Sheets (CSS) stylesheets, which allows remote attackers to cause a\n denial of service or possibly have unspecified other impact via unknown\n vectors that lead to a stale pointer.\n* [CVE-2011-1113](https://security-tracker.debian.org/tracker/CVE-2011-1113)\nGoogle Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly\n perform pickle deserialization, which allows remote attackers to cause a\n denial of service (out-of-bounds read) via unspecified vectors.\n* [CVE-2011-1114](https://security-tracker.debian.org/tracker/CVE-2011-1114)\nGoogle Chrome before 9.0.597.107 does not properly handle tables, which allows\n remote attackers to cause a denial of service or possibly have unspecified\n other impact via unknown vectors that lead to a stale node.\n* [CVE-2011-1115](https://security-tracker.debian.org/tracker/CVE-2011-1115)\nGoogle Chrome before 9.0.597.107 does not properly render tables, which allows\n remote attackers to cause a denial of service or possibly have unspecified\n other impact via unknown vectors that lead to a stale pointer.\n* [CVE-2011-1121](https://security-tracker.debian.org/tracker/CVE-2011-1121)\nInteger overflow in Google Chrome before 9.0.597.107 allows remote attackers\n to cause a denial of service or possibly have unspecified other impact via\n vectors involving a TEXTAREA element.\n* [CVE-2011-1122](https://security-tracker.debian.org/tracker/CVE-2011-1122)\nThe WebGL implementation in Google Chrome before 9.0.597.107 allows remote\n attackers to cause a denial of service (out-of-bounds read) via unspecified\n vectors, aka Issue 71960.\n* In addition, this upload fixes the following issues (they don't have a CVE \n id yet):\n\n\n\t+ Out-of-bounds read in text searching. [69640]\n\t+ Memory corruption in SVG fonts. [72134]\n\t+ Memory corruption with counter nodes. [69628]\n\t+ Stale node in box layout. [70027]\n\t+ Cross-origin error message leak with workers. [70336]\n\t+ Stale pointer in table painting. [72028]\n\t+ Stale pointer with SVG cursors. [73746]\n\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 6.0.472.63~r59945-5+squeeze3.\n\n\nFor the testing distribution (wheezy), these problems will be fixed soon.\n\n\nFor the unstable distribution (sid), these problems have been fixed\nversion 10.0.648.127~r76697-1.\n\n\nWe recommend that you upgrade your chromium-browser packages.\n\n\n", "cvss3": {}, "published": "2011-03-10T00:00:00", "type": "osv", "title": "chromium-browser - several", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1113", "CVE-2011-1197", "CVE-2011-1109", "CVE-2011-1122", "CVE-2011-1115", "CVE-2011-1114", "CVE-2011-1203", "CVE-2011-1190", "CVE-2011-1189", "CVE-2011-1121", "CVE-2011-1188", "CVE-2011-1108"], "modified": "2022-08-10T07:05:53", "id": "OSV:DSA-2189-1", "href": "https://osv.dev/vulnerability/DSA-2189-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:08:52", "description": "\nSeveral vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n\n* [CVE-2011-1292](https://security-tracker.debian.org/tracker/CVE-2011-1292)\nUse-after-free vulnerability in the frame-loader implementation in Google\n Chrome allows remote attackers to cause a denial of service or possibly\n have unspecified other impact via unknown vectors.\n* [CVE-2011-1293](https://security-tracker.debian.org/tracker/CVE-2011-1293)\nUse-after-free vulnerability in the HTMLCollection implementation in Google\n Chrome allows remote attackers to cause a denial of service or possibly have\n unspecified other impact via unknown vectors.\n* [CVE-2011-1440](https://security-tracker.debian.org/tracker/CVE-2011-1440)\nUse-after-free vulnerability in Google Chrome allows remote attackers to cause\n a denial of service or possibly have unspecified other impact via vectors\n related to the Ruby element and Cascading Style Sheets (CSS) token sequences.\n* [CVE-2011-1444](https://security-tracker.debian.org/tracker/CVE-2011-1444)\nRace condition in the sandbox launcher implementation in Google Chrome on\n Linux allows remote attackers to cause a denial of service or possibly have\n unspecified other impact via unknown vectors.\n* [CVE-2011-1797](https://security-tracker.debian.org/tracker/CVE-2011-1797)\nGoogle Chrome does not properly render tables, which allows remote attackers\n to cause a denial of service or possibly have unspecified other impact via\n unknown vectors that lead to a stale pointer.\n* [CVE-2011-1799](https://security-tracker.debian.org/tracker/CVE-2011-1799)\nGoogle Chrome does not properly perform casts of variables during interaction\n with the WebKit engine, which allows remote attackers to cause a denial of\n service or possibly have unspecified other impact via unknown vectors.\n\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 6.0.472.63~r59945-5+squeeze5.\n\n\nFor the testing distribution (wheezy), these problems will be fixed soon.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 11.0.696.68~r84545-1.\n\n\nWe recommend that you upgrade your chromium-browser packages.\n\n\n", "cvss3": {}, "published": "2011-05-29T00:00:00", "type": "osv", "title": "chromium-browser - several vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1293", "CVE-2011-1444", "CVE-2011-1799", "CVE-2011-1440", "CVE-2011-1797", "CVE-2011-1292"], "modified": "2022-08-10T07:08:44", "id": "OSV:DSA-2245-1", "href": "https://osv.dev/vulnerability/DSA-2245-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T07:08:52", "description": "\nSeveral vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\n\n* [CVE-2011-2818](https://security-tracker.debian.org/tracker/CVE-2011-2818)\nUse-after-free vulnerability in Google Chrome allows remote attackers to\n cause a denial of service or possibly have unspecified other impact via\n vectors related to display box rendering.\n\n* [CVE-2011-2800](https://security-tracker.debian.org/tracker/CVE-2011-2800)\nGoogle Chrome allows remote attackers to obtain potentially sensitive\n information about client-side redirect targets via a crafted web site.\n* [CVE-2011-2359](https://security-tracker.debian.org/tracker/CVE-2011-2359)\nGoogle Chrome does not properly track line boxes during rendering, which\n allows remote attackers to cause a denial of service or possibly have\n unspecified other impact via unknown vectors that lead to a stale pointer.\n\n\nSeveral unauthorised SSL certificates have been found in the wild issued\nfor the DigiNotar Certificate Authority, obtained through a security\ncompromise with said company.\nThis update blacklists SSL certificates issued by DigiNotar-controlled\nintermediate CAs used by the Dutch PKIoverheid program.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.472.63~r59945-5+squeeze6.\n\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 13.0.782.220~r99552-1.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 13.0.782.220~r99552-1.\n\n\nWe recommend that you upgrade your chromium-browser packages.\n\n\n", "cvss3": {}, "published": "2011-09-11T00:00:00", "type": "osv", "title": "chromium-browser - several", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2359", "CVE-2011-2818", "CVE-2011-2800"], "modified": "2022-08-10T07:08:46", "id": "OSV:DSA-2307-1", "href": "https://osv.dev/vulnerability/DSA-2307-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T00:27:14", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2189-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nMarch 10, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-1108 CVE-2011-1109 CVE-2011-1113 CVE-2011-1114 CVE-2011-1115 CVE-2011-1121 CVE-2011-1122\n\n\nSeveral vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n \nCVE-2011-1108\n\n Google Chrome before 9.0.597.107 does not properly implement JavaScript\n dialogs, which allows remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other impact via a crafted\n HTML document.\n\n\nCVE-2011-1109\n\n Google Chrome before 9.0.597.107 does not properly process nodes in Cascading\n Style Sheets (CSS) stylesheets, which allows remote attackers to cause a\n denial of service or possibly have unspecified other impact via unknown\n vectors that lead to a "stale pointer."\n\n\nCVE-2011-1113\n\n Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly\n perform pickle deserialization, which allows remote attackers to cause a\n denial of service (out-of-bounds read) via unspecified vectors.\n\n\nCVE-2011-1114\n\n Google Chrome before 9.0.597.107 does not properly handle tables, which allows\n remote attackers to cause a denial of service or possibly have unspecified\n other impact via unknown vectors that lead to a "stale node."\n\n\nCVE-2011-1115\n\n Google Chrome before 9.0.597.107 does not properly render tables, which allows\n remote attackers to cause a denial of service or possibly have unspecified\n other impact via unknown vectors that lead to a "stale pointer."\n\n\nCVE-2011-1121\n\n Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers\n to cause a denial of service or possibly have unspecified other impact via\n vectors involving a TEXTAREA element.\n\n\nCVE-2011-1122\n\n The WebGL implementation in Google Chrome before 9.0.597.107 allows remote\n attackers to cause a denial of service (out-of-bounds read) via unspecified\n vectors, aka Issue 71960.\n\n\nIn addition, this upload fixes the following issues (they don't have a CVE id yet):\n\n Out-of-bounds read in text searching [69640]\n Memory corruption in SVG fonts. [72134]\n Memory corruption with counter nodes. [69628]\n Stale node in box layout. [70027]\n Cross-origin error message leak with workers. [70336]\n Stale pointer in table painting. [72028]\n Stale pointer with SVG cursors. [73746]\n\n\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 6.0.472.63~r59945-5+squeeze3\n\nFor the testing distribution (wheezy), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed\nversion 10.0.648.127~r76697-1\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-03-10T17:22:58", "type": "debian", "title": "[SECURITY] [DSA 2189-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1108", "CVE-2011-1109", "CVE-2011-1113", "CVE-2011-1114", "CVE-2011-1115", "CVE-2011-1121", "CVE-2011-1122"], "modified": "2011-03-10T17:22:58", "id": "DEBIAN:DSA-2189-1:828F1", "href": "https://lists.debian.org/debian-security-announce/2011/msg00056.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-02T16:56:40", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2189-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nMarch 10, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-1108 CVE-2011-1109 CVE-2011-1113 CVE-2011-1114 CVE-2011-1115 CVE-2011-1121 CVE-2011-1122\n\n\nSeveral vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n \nCVE-2011-1108\n\n Google Chrome before 9.0.597.107 does not properly implement JavaScript\n dialogs, which allows remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other impact via a crafted\n HTML document.\n\n\nCVE-2011-1109\n\n Google Chrome before 9.0.597.107 does not properly process nodes in Cascading\n Style Sheets (CSS) stylesheets, which allows remote attackers to cause a\n denial of service or possibly have unspecified other impact via unknown\n vectors that lead to a "stale pointer."\n\n\nCVE-2011-1113\n\n Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly\n perform pickle deserialization, which allows remote attackers to cause a\n denial of service (out-of-bounds read) via unspecified vectors.\n\n\nCVE-2011-1114\n\n Google Chrome before 9.0.597.107 does not properly handle tables, which allows\n remote attackers to cause a denial of service or possibly have unspecified\n other impact via unknown vectors that lead to a "stale node."\n\n\nCVE-2011-1115\n\n Google Chrome before 9.0.597.107 does not properly render tables, which allows\n remote attackers to cause a denial of service or possibly have unspecified\n other impact via unknown vectors that lead to a "stale pointer."\n\n\nCVE-2011-1121\n\n Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers\n to cause a denial of service or possibly have unspecified other impact via\n vectors involving a TEXTAREA element.\n\n\nCVE-2011-1122\n\n The WebGL implementation in Google Chrome before 9.0.597.107 allows remote\n attackers to cause a denial of service (out-of-bounds read) via unspecified\n vectors, aka Issue 71960.\n\n\nIn addition, this upload fixes the following issues (they don't have a CVE id yet):\n\n Out-of-bounds read in text searching [69640]\n Memory corruption in SVG fonts. [72134]\n Memory corruption with counter nodes. [69628]\n Stale node in box layout. [70027]\n Cross-origin error message leak with workers. [70336]\n Stale pointer in table painting. [72028]\n Stale pointer with SVG cursors. [73746]\n\n\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 6.0.472.63~r59945-5+squeeze3\n\nFor the testing distribution (wheezy), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed\nversion 10.0.648.127~r76697-1\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-03-10T17:22:58", "type": "debian", "title": "[SECURITY] [DSA 2189-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1108", "CVE-2011-1109", "CVE-2011-1113", "CVE-2011-1114", "CVE-2011-1115", "CVE-2011-1121", "CVE-2011-1122"], "modified": "2011-03-10T17:22:58", "id": "DEBIAN:DSA-2189-1:A4F66", "href": "https://lists.debian.org/debian-security-announce/2011/msg00056.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-02T16:53:59", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2245-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nMay 29, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nVulnerability : several vulnerabilities\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-1292 CVE-2011-1293 CVE-2011-1440 CVE-2011-1444 \n CVE-2011-1797 CVE-2011-1799 \n\n\nSeveral vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n\nCVE-2011-1292\n\n Use-after-free vulnerability in the frame-loader implementation in Google\n Chrome allows remote attackers to cause a denial of service or possibly\n have unspecified other impact via unknown vectors.\n\n\nCVE-2011-1293\n\n Use-after-free vulnerability in the HTMLCollection implementation in Google\n Chrome allows remote attackers to cause a denial of service or possibly have\n unspecified other impact via unknown vectors.\n\n\nCVE-2011-1440\n\n Use-after-free vulnerability in Google Chrome allows remote attackers to cause\n a denial of service or possibly have unspecified other impact via vectors\n related to the ruby element and Cascading Style Sheets (CSS) token sequences.\n\n\nCVE-2011-1444\n\n Race condition in the sandbox launcher implementation in Google Chrome on\n Linux allows remote attackers to cause a denial of service or possibly have\n unspecified other impact via unknown vectors.\n\n\nCVE-2011-1797\n\n Google Chrome does not properly render tables, which allows remote attackers\n to cause a denial of service or possibly have unspecified other impact via\n unknown vectors that lead to a "stale pointer."\n\n\nCVE-2011-1799\n\n Google Chrome does not properly perform casts of variables during interaction\n with the WebKit engine, which allows remote attackers to cause a denial of\n service or possibly have unspecified other impact via unknown vectors.\n\n\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 6.0.472.63~r59945-5+squeeze5.\n\nFor the testing distribution (wheezy), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 11.0.696.68~r84545-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-05-29T10:50:22", "type": "debian", "title": "[SECURITY] [DSA 2245-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1292", "CVE-2011-1293", "CVE-2011-1440", "CVE-2011-1444", "CVE-2011-1797", "CVE-2011-1799"], "modified": "2011-05-29T10:50:22", "id": "DEBIAN:DSA-2245-1:7C767", "href": "https://lists.debian.org/debian-security-announce/2011/msg00115.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T00:22:35", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2245-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nMay 29, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nVulnerability : several vulnerabilities\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-1292 CVE-2011-1293 CVE-2011-1440 CVE-2011-1444 \n CVE-2011-1797 CVE-2011-1799 \n\n\nSeveral vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n\nCVE-2011-1292\n\n Use-after-free vulnerability in the frame-loader implementation in Google\n Chrome allows remote attackers to cause a denial of service or possibly\n have unspecified other impact via unknown vectors.\n\n\nCVE-2011-1293\n\n Use-after-free vulnerability in the HTMLCollection implementation in Google\n Chrome allows remote attackers to cause a denial of service or possibly have\n unspecified other impact via unknown vectors.\n\n\nCVE-2011-1440\n\n Use-after-free vulnerability in Google Chrome allows remote attackers to cause\n a denial of service or possibly have unspecified other impact via vectors\n related to the ruby element and Cascading Style Sheets (CSS) token sequences.\n\n\nCVE-2011-1444\n\n Race condition in the sandbox launcher implementation in Google Chrome on\n Linux allows remote attackers to cause a denial of service or possibly have\n unspecified other impact via unknown vectors.\n\n\nCVE-2011-1797\n\n Google Chrome does not properly render tables, which allows remote attackers\n to cause a denial of service or possibly have unspecified other impact via\n unknown vectors that lead to a "stale pointer."\n\n\nCVE-2011-1799\n\n Google Chrome does not properly perform casts of variables during interaction\n with the WebKit engine, which allows remote attackers to cause a denial of\n service or possibly have unspecified other impact via unknown vectors.\n\n\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 6.0.472.63~r59945-5+squeeze5.\n\nFor the testing distribution (wheezy), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 11.0.696.68~r84545-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-05-29T10:50:22", "type": "debian", "title": "[SECURITY] [DSA 2245-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1292", "CVE-2011-1293", "CVE-2011-1440", "CVE-2011-1444", "CVE-2011-1797", "CVE-2011-1799"], "modified": "2011-05-29T10:50:22", "id": "DEBIAN:DSA-2245-1:872E3", "href": "https://lists.debian.org/debian-security-announce/2011/msg00115.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-02T16:51:46", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2307-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nSeptember 11, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-2359 CVE-2011-2800 CVE-2011-2818 \n\n\nSeveral vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2011-2818\n\n Use-after-free vulnerability in Google Chrome allows remote attackers to\n cause a denial of service or possibly have unspecified other impact via\n vectors related to display box rendering.\n\n\nCVE-2011-2800\n\n Google Chrome before allows remote attackers to obtain potentially sensitive\n information about client-side redirect targets via a crafted web site.\n\n\nCVE-2011-2359\n\n Google Chrome does not properly track line boxes during rendering, which\n allows remote attackers to cause a denial of service or possibly have\n unspecified other impact via unknown vectors that lead to a "stale pointer."\n\n\nSeveral unauthorised SSL certificates have been found in the wild issued\nfor the DigiNotar Certificate Authority, obtained through a security\ncompromise with said company.\nThis update blacklists SSL certificates issued by DigiNotar-controlled\nintermediate CAs used by the Dutch PKIoverheid program.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.472.63~r59945-5+squeeze6.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 13.0.782.220~r99552-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 13.0.782.220~r99552-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-09-11T17:36:04", "type": "debian", "title": "[SECURITY] [DSA 2307-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2359", "CVE-2011-2800", "CVE-2011-2818"], "modified": "2011-09-11T17:36:04", "id": "DEBIAN:DSA-2307-1:8215D", "href": "https://lists.debian.org/debian-security-announce/2011/msg00182.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T00:16:40", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2307-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nSeptember 11, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-2359 CVE-2011-2800 CVE-2011-2818 \n\n\nSeveral vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2011-2818\n\n Use-after-free vulnerability in Google Chrome allows remote attackers to\n cause a denial of service or possibly have unspecified other impact via\n vectors related to display box rendering.\n\n\nCVE-2011-2800\n\n Google Chrome before allows remote attackers to obtain potentially sensitive\n information about client-side redirect targets via a crafted web site.\n\n\nCVE-2011-2359\n\n Google Chrome does not properly track line boxes during rendering, which\n allows remote attackers to cause a denial of service or possibly have\n unspecified other impact via unknown vectors that lead to a "stale pointer."\n\n\nSeveral unauthorised SSL certificates have been found in the wild issued\nfor the DigiNotar Certificate Authority, obtained through a security\ncompromise with said company.\nThis update blacklists SSL certificates issued by DigiNotar-controlled\nintermediate CAs used by the Dutch PKIoverheid program.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.472.63~r59945-5+squeeze6.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 13.0.782.220~r99552-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 13.0.782.220~r99552-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-09-11T17:36:04", "type": "debian", "title": "[SECURITY] [DSA 2307-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2359", "CVE-2011-2800", "CVE-2011-2818"], "modified": "2011-09-11T17:36:04", "id": "DEBIAN:DSA-2307-1:A1DC9", "href": "https://lists.debian.org/debian-security-announce/2011/msg00182.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2021-12-14T17:47:11", "description": "Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"", "cvss3": {}, "published": "2011-08-03T00:55:00", "type": "debiancve", "title": "CVE-2011-2359", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2359"], "modified": "2011-08-03T00:55:00", "id": "DEBIANCVE:CVE-2011-2359", "href": "https://security-tracker.debian.org/tracker/CVE-2011-2359", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "cvss3": {}, "published": "2011-05-03T22:55:00", "type": "debiancve", "title": "CVE-2011-1449", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1449"], "modified": "2011-05-03T22:55:00", "id": "DEBIANCVE:CVE-2011-1449", "href": "https://security-tracker.debian.org/tracker/CVE-2011-1449", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to \"dangling pointers.\"", "cvss3": {}, "published": "2011-05-03T22:55:00", "type": "debiancve", "title": "CVE-2011-1451", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1451"], "modified": "2011-05-03T22:55:00", "id": "DEBIANCVE:CVE-2011-1451", "href": "https://security-tracker.debian.org/tracker/CVE-2011-1451", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.", "cvss3": {}, "published": "2011-08-29T15:55:00", "type": "debiancve", "title": "CVE-2011-2823", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2823"], "modified": "2011-08-29T15:55:00", "id": "DEBIANCVE:CVE-2011-2823", "href": "https://security-tracker.debian.org/tracker/CVE-2011-2823", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale node.\"", "cvss3": {}, "published": "2011-03-01T23:00:00", "type": "debiancve", "title": "CVE-2011-1114", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1114"], "modified": "2011-03-01T23:00:00", "id": "DEBIANCVE:CVE-2011-1114", "href": "https://security-tracker.debian.org/tracker/CVE-2011-1114", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.", "cvss3": {}, "published": "2011-06-29T17:55:00", "type": "debiancve", "title": "CVE-2011-2351", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2351"], "modified": "2011-06-29T17:55:00", "id": "DEBIANCVE:CVE-2011-2351", "href": "https://security-tracker.debian.org/tracker/CVE-2011-2351", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.", "cvss3": {}, "published": "2011-08-29T15:55:00", "type": "debiancve", "title": "CVE-2011-2827", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2827"], "modified": "2011-08-29T15:55:00", "id": "DEBIANCVE:CVE-2011-2827", "href": "https://security-tracker.debian.org/tracker/CVE-2011-2827", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to \"stale nodes.\"", "cvss3": {}, "published": "2011-03-01T23:00:00", "type": "debiancve", "title": "CVE-2011-1117", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1117"], "modified": "2011-03-01T23:00:00", "id": "DEBIANCVE:CVE-2011-1117", "href": "https://security-tracker.debian.org/tracker/CVE-2011-1117", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.", "cvss3": {}, "published": "2011-05-03T22:55:00", "type": "debiancve", "title": "CVE-2011-1440", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1440"], "modified": "2011-05-03T22:55:00", "id": "DEBIANCVE:CVE-2011-1440", "href": "https://security-tracker.debian.org/tracker/CVE-2011-1440", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.", "cvss3": {}, "published": "2011-03-11T02:01:00", "type": "debiancve", "title": "CVE-2011-1204", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1204"], "modified": "2011-03-11T02:01:00", "id": "DEBIANCVE:CVE-2011-1204", "href": "https://security-tracker.debian.org/tracker/CVE-2011-1204", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"", "cvss3": {}, "published": "2011-03-01T23:00:00", "type": "debiancve", "title": "CVE-2011-1115", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1115"], "modified": "2011-03-01T23:00:00", "id": "DEBIANCVE:CVE-2011-1115", "href": "https://security-tracker.debian.org/tracker/CVE-2011-1115", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "cvss3": {}, "published": "2011-03-25T19:55:00", "type": "debiancve", "title": "CVE-2011-1293", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1293"], "modified": "2011-03-25T19:55:00", "id": "DEBIANCVE:CVE-2011-1293", "href": "https://security-tracker.debian.org/tracker/CVE-2011-1293", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"", "cvss3": {}, "published": "2011-03-01T23:00:00", "type": "debiancve", "title": "CVE-2011-1109", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1109"], "modified": "2011-03-01T23:00:00", "id": "DEBIANCVE:CVE-2011-1109", "href": "https://security-tracker.debian.org/tracker/CVE-2011-1109", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"", "cvss3": {}, "published": "2011-03-25T19:55:00", "type": "debiancve", "title": "CVE-2011-1296", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1296"], "modified": "2011-03-25T19:55:00", "id": "DEBIANCVE:CVE-2011-1296", "href": "https://security-tracker.debian.org/tracker/CVE-2011-1296", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.", "cvss3": {}, "published": "2011-08-03T00:55:00", "type": "debiancve", "title": "CVE-2011-2788", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2788"], "modified": "2011-08-03T00:55:00", "id": "DEBIANCVE:CVE-2011-2788", "href": "https://security-tracker.debian.org/tracker/CVE-2011-2788", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"", "cvss3": {}, "published": "2011-03-11T02:01:00", "type": "debiancve", "title": "CVE-2011-1203", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1203"], "modified": "2011-03-11T02:01:00", "id": "DEBIANCVE:CVE-2011-1203", "href": "https://security-tracker.debian.org/tracker/CVE-2011-1203", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:11", "description": "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.", "cvss3": {}, "published": "2011-08-03T00:55:00", "type": "debiancve", "title": "CVE-2011-2792", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2792"], "modified": "2011-08-03T00:55:00", "id": "DEBIANCVE:CVE-2011-2792", "href": "https://security-tracker.debian.org/tracker/CVE-2011-2792", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-05-29T14:20:46", "description": "Google Chrome before 13.0.782.107 does not properly track line boxes during\nrendering, which allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via unknown vectors that lead to a\n\"stale pointer.\"\n\n#### Bugs\n\n * <http://code.google.com/p/chromium/issues/detail?id=78841>\n", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2359", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2359"], "modified": "2011-08-03T00:00:00", "id": "UB:CVE-2011-2359", "href": "https://ubuntu.com/security/CVE-2011-2359", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:21:25", "description": "Use-after-free vulnerability in the WebSockets implementation in Google\nChrome before 11.0.696.57 allows remote attackers to cause a denial of\nservice or possibly have unspecified other impact via unknown vectors.\n\n#### Bugs\n\n * <http://code.google.com/p/chromium/issues/detail?id=77346>\n", "cvss3": {}, "published": "2011-05-03T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1449", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1449"], "modified": "2011-05-03T00:00:00", "id": "UB:CVE-2011-1449", "href": "https://ubuntu.com/security/CVE-2011-1449", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:21:25", "description": "Google Chrome before 11.0.696.57 does not properly handle DOM id maps,\nwhich allows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors that lead to \"dangling\npointers.\"\n\n#### Bugs\n\n * <http://code.google.com/p/chromium/issues/detail?id=77463>\n", "cvss3": {}, "published": "2011-05-03T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1451", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1451"], "modified": "2011-05-03T00:00:00", "id": "UB:CVE-2011-1451", "href": "https://ubuntu.com/security/CVE-2011-1451", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:20:06", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via vectors related to iTunes Store\nbrowsing, a different vulnerability than other CVEs listed in\nAPPLE-SA-2011-10-11-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details) \n[sbeattie](<https://launchpad.net/~sbeattie>) | iTunes Store specific?\n", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2352", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2352"], "modified": "2011-10-12T00:00:00", "id": "UB:CVE-2011-2352", "href": "https://ubuntu.com/security/CVE-2011-2352", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:20:51", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site, a different vulnerability than\nother WebKit CVEs listed in APPLE-SA-2011-07-20-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1288", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1288"], "modified": "2011-07-21T00:00:00", "id": "UB:CVE-2011-1288", "href": "https://ubuntu.com/security/CVE-2011-1288", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:20:07", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via vectors related to iTunes Store\nbrowsing, a different vulnerability than other CVEs listed in\nAPPLE-SA-2011-10-11-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2338", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2338"], "modified": "2011-10-12T00:00:00", "id": "UB:CVE-2011-2338", "href": "https://ubuntu.com/security/CVE-2011-2338", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:20:04", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via vectors related to iTunes Store\nbrowsing, a different vulnerability than other CVEs listed in\nAPPLE-SA-2011-10-11-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details) \n[sbeattie](<https://launchpad.net/~sbeattie>) | iTunes Store specific? \n[jdstrand](<https://launchpad.net/~jdstrand>) | marking chromium-browser as fixed since it has 22+ on all releases and they sync with upstream webkit every few weeks\n", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "ubuntucve", "title": "CVE-2011-3237", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3237"], "modified": "2011-10-12T00:00:00", "id": "UB:CVE-2011-3237", "href": "https://ubuntu.com/security/CVE-2011-3237", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:20:32", "description": "Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows\nremote attackers to cause a denial of service or possibly have unspecified\nother impact via vectors involving a line box.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-08-29T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2823", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2823"], "modified": "2011-08-29T00:00:00", "id": "UB:CVE-2011-2823", "href": "https://ubuntu.com/security/CVE-2011-2823", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:20:07", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via vectors related to iTunes Store\nbrowsing, a different vulnerability than other CVEs listed in\nAPPLE-SA-2011-10-11-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details) \n[sbeattie](<https://launchpad.net/~sbeattie>) | something iTunes Store specific?\n", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2339", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2339"], "modified": "2011-10-12T00:00:00", "id": "UB:CVE-2011-2339", "href": "https://ubuntu.com/security/CVE-2011-2339", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:20:06", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via vectors related to iTunes Store\nbrowsing, a different vulnerability than other CVEs listed in\nAPPLE-SA-2011-10-11-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details) \n[sbeattie](<https://launchpad.net/~sbeattie>) | iTunes Store specific?\n", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2354", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2354"], "modified": "2011-10-12T00:00:00", "id": "UB:CVE-2011-2354", "href": "https://ubuntu.com/security/CVE-2011-2354", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:20:04", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via vectors related to iTunes Store\nbrowsing, a different vulnerability than other CVEs listed in\nAPPLE-SA-2011-10-11-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details) \n[sbeattie](<https://launchpad.net/~sbeattie>) | iTunes Store specific? \n[jdstrand](<https://launchpad.net/~jdstrand>) | marking chromium-browser as fixed since it has 22+ on all releases and they sync with upstream webkit every few weeks\n", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "ubuntucve", "title": "CVE-2011-3236", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3236"], "modified": "2011-10-12T00:00:00", "id": "UB:CVE-2011-3236", "href": "https://ubuntu.com/security/CVE-2011-3236", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-30T14:33:07", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site, a different vulnerability than\nother WebKit CVEs listed in APPLE-SA-2011-07-20-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2011-0253", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0253"], "modified": "2011-07-21T00:00:00", "id": "UB:CVE-2011-0253", "href": "https://ubuntu.com/security/CVE-2011-0253", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:22:07", "description": "Google Chrome before 9.0.597.107 does not properly handle tables, which\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors that lead to a \"stale node.\"", "cvss3": {}, "published": "2011-03-01T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1114", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1114"], "modified": "2011-03-01T00:00:00", "id": "UB:CVE-2011-1114", "href": "https://ubuntu.com/security/CVE-2011-1114", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:20:59", "description": "Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows\nremote attackers to cause a denial of service or possibly have unspecified\nother impact via vectors involving SVG use elements.\n\n#### Bugs\n\n * <http://code.google.com/p/chromium/issues/detail?id=85211>\n", "cvss3": {}, "published": "2011-06-29T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2351", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2351"], "modified": "2011-06-29T00:00:00", "id": "UB:CVE-2011-2351", "href": "https://ubuntu.com/security/CVE-2011-2351", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:20:03", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via vectors related to iTunes Store\nbrowsing, a different vulnerability than other CVEs listed in\nAPPLE-SA-2011-10-11-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details) \n[sbeattie](<https://launchpad.net/~sbeattie>) | iTunes Store specific? \n[jdstrand](<https://launchpad.net/~jdstrand>) | marking chromium-browser as fixed since it has 22+ on all releases and they sync with upstream webkit every few weeks\n", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "ubuntucve", "title": "CVE-2011-3244", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3244"], "modified": "2011-10-12T00:00:00", "id": "UB:CVE-2011-3244", "href": "https://ubuntu.com/security/CVE-2011-3244", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:20:51", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site, a different vulnerability than\nother WebKit CVEs listed in APPLE-SA-2011-07-20-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1457", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1457"], "modified": "2011-07-21T00:00:00", "id": "UB:CVE-2011-1457", "href": "https://ubuntu.com/security/CVE-2011-1457", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:20:30", "description": "Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows\nremote attackers to cause a denial of service or possibly have unspecified\nother impact via vectors related to text searching.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-08-29T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2827", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2827"], "modified": "2011-08-29T00:00:00", "id": "UB:CVE-2011-2827", "href": "https://ubuntu.com/security/CVE-2011-2827", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:22:07", "description": "Google Chrome before 9.0.597.107 does not properly handle XHTML documents,\nwhich allows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors that lead to \"stale nodes.\"", "cvss3": {}, "published": "2011-03-01T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1117", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1117"], "modified": "2011-03-01T00:00:00", "id": "UB:CVE-2011-1117", "href": "https://ubuntu.com/security/CVE-2011-1117", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:20:05", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via vectors related to iTunes Store\nbrowsing, a different vulnerability than other CVEs listed in\nAPPLE-SA-2011-10-11-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details) \n[sbeattie](<https://launchpad.net/~sbeattie>) | iTunes Store specific? \n[jdstrand](<https://launchpad.net/~jdstrand>) | marking chromium-browser as fixed since it has 22+ on all releases and they sync with upstream webkit every few weeks\n", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "ubuntucve", "title": "CVE-2011-3233", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3233"], "modified": "2011-10-12T00:00:00", "id": "UB:CVE-2011-3233", "href": "https://ubuntu.com/security/CVE-2011-3233", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-30T14:33:09", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site, a different vulnerability than\nother WebKit CVEs listed in APPLE-SA-2011-07-20-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2011-0234", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0234"], "modified": "2011-07-21T00:00:00", "id": "UB:CVE-2011-0234", "href": "https://ubuntu.com/security/CVE-2011-0234", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-30T14:34:12", "description": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows\nman-in-the-middle attackers to execute arbitrary code or cause a denial of\nservice (memory corruption and application crash) via vectors related to\niTunes Store browsing, a different vulnerability than other CVEs listed in\nAPPLE-SA-2011-03-02-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-03-03T00:00:00", "type": "ubuntucve", "title": "CVE-2011-0164", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0164"], "modified": "2011-03-03T00:00:00", "id": "UB:CVE-2011-0164", "href": "https://ubuntu.com/security/CVE-2011-0164", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:20:51", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site, a different vulnerability than\nother WebKit CVEs listed in APPLE-SA-2011-07-20-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1453", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1453"], "modified": "2011-07-21T00:00:00", "id": "UB:CVE-2011-1453", "href": "https://ubuntu.com/security/CVE-2011-1453", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:21:26", "description": "Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows\nremote attackers to cause a denial of service or possibly have unspecified\nother impact via vectors related to the ruby element and Cascading Style\nSheets (CSS) token sequences.\n\n#### Bugs\n\n * <http://code.google.com/p/chromium/issues/detail?id=75186>\n", "cvss3": {}, "published": "2011-05-03T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1440", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1440"], "modified": "2011-05-03T00:00:00", "id": "UB:CVE-2011-1440", "href": "https://ubuntu.com/security/CVE-2011-1440", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:21:51", "description": "Google Chrome before 10.0.648.127 does not properly handle attributes,\nwhich allows remote attackers to cause a denial of service (DOM tree\ncorruption) or possibly have unspecified other impact via a crafted\ndocument.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-03-11T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1204", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1204"], "modified": "2011-03-11T00:00:00", "id": "UB:CVE-2011-1204", "href": "https://ubuntu.com/security/CVE-2011-1204", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:22:08", "description": "Google Chrome before 9.0.597.107 does not properly render tables, which\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors that lead to a \"stale\npointer.\"", "cvss3": {}, "published": "2011-03-01T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1115", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1115"], "modified": "2011-03-01T00:00:00", "id": "UB:CVE-2011-1115", "href": "https://ubuntu.com/security/CVE-2011-1115", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:21:42", "description": "Use-after-free vulnerability in the HTMLCollection implementation in Google\nChrome before 10.0.648.204 allows remote attackers to cause a denial of\nservice or possibly have unspecified other impact via unknown vectors.\n\n#### Bugs\n\n * <http://code.google.com/p/chromium/issues/detail?id=73595>\n", "cvss3": {}, "published": "2011-03-25T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1293", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1293"], "modified": "2011-03-25T00:00:00", "id": "UB:CVE-2011-1293", "href": "https://ubuntu.com/security/CVE-2011-1293", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:20:06", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via vectors related to iTunes Store\nbrowsing, a different vulnerability than other CVEs listed in\nAPPLE-SA-2011-10-11-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details) \n[sbeattie](<https://launchpad.net/~sbeattie>) | iTunes Store specific?\n", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2356", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2356"], "modified": "2011-10-12T00:00:00", "id": "UB:CVE-2011-2356", "href": "https://ubuntu.com/security/CVE-2011-2356", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:20:04", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via vectors related to iTunes Store\nbrowsing, a different vulnerability than other CVEs listed in\nAPPLE-SA-2011-10-11-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details) \n[sbeattie](<https://launchpad.net/~sbeattie>) | iTunes Store specific?\n", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2831", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2831"], "modified": "2011-10-12T00:00:00", "id": "UB:CVE-2011-2831", "href": "https://ubuntu.com/security/CVE-2011-2831", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:22:08", "description": "Google Chrome before 9.0.597.107 does not properly process nodes in\nCascading Style Sheets (CSS) stylesheets, which allows remote attackers to\ncause a denial of service or possibly have unspecified other impact via\nunknown vectors that lead to a \"stale pointer.\"", "cvss3": {}, "published": "2011-03-01T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1109", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1109"], "modified": "2011-03-01T00:00:00", "id": "UB:CVE-2011-1109", "href": "https://ubuntu.com/security/CVE-2011-1109", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:20:05", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via vectors related to iTunes Store\nbrowsing, a different vulnerability than other CVEs listed in\nAPPLE-SA-2011-10-11-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details) \n[sbeattie](<https://launchpad.net/~sbeattie>) | iTunes Store specific?\n", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2820", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2820"], "modified": "2011-10-12T00:00:00", "id": "UB:CVE-2011-2820", "href": "https://ubuntu.com/security/CVE-2011-2820", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:21:41", "description": "Google Chrome before 10.0.648.204 does not properly handle SVG text, which\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors that lead to a \"stale\npointer.\"\n\n#### Bugs\n\n * <http://code.google.com/p/chromium/issues/detail?id=75170>\n", "cvss3": {}, "published": "2011-03-25T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1296", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1296"], "modified": "2011-03-25T00:00:00", "id": "UB:CVE-2011-1296", "href": "https://ubuntu.com/security/CVE-2011-1296", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:20:45", "description": "Buffer overflow in the inspector serialization functionality in Google\nChrome before 13.0.782.107 allows user-assisted remote attackers to have an\nunspecified impact via unknown vectors.\n\n#### Bugs\n\n * <http://code.google.com/p/chromium/issues/detail?id=85559>\n", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2788", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2788"], "modified": "2011-08-03T00:00:00", "id": "UB:CVE-2011-2788", "href": "https://ubuntu.com/security/CVE-2011-2788", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-30T14:33:09", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site, a different vulnerability than\nother WebKit CVEs listed in APPLE-SA-2011-07-20-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2011-0233", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0233"], "modified": "2011-07-21T00:00:00", "id": "UB:CVE-2011-0233", "href": "https://ubuntu.com/security/CVE-2011-0233", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:21:52", "description": "Google Chrome before 10.0.648.127 does not properly handle SVG cursors,\nwhich allows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors that lead to a \"stale\npointer.\"\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-03-11T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1203", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1203"], "modified": "2011-03-11T00:00:00", "id": "UB:CVE-2011-1203", "href": "https://ubuntu.com/security/CVE-2011-1203", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:20:15", "description": "YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and\nSeaMonkey before 2.4, allows remote attackers to cause a denial of service\n(application crash) or possibly execute arbitrary code via crafted\nJavaScript.", "cvss3": {}, "published": "2011-09-30T00:00:00", "type": "ubuntucve", "title": "CVE-2011-3232", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3232"], "modified": "2011-09-30T00:00:00", "id": "UB:CVE-2011-3232", "href": "https://ubuntu.com/security/CVE-2011-3232", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-30T14:33:12", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site, a different vulnerability than\nother WebKit CVEs listed in APPLE-SA-2011-07-20-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2011-0225", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0225"], "modified": "2011-07-21T00:00:00", "id": "UB:CVE-2011-0225", "href": "https://ubuntu.com/security/CVE-2011-0225", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:20:45", "description": "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows\nremote attackers to cause a denial of service or possibly have unspecified\nother impact via vectors related to float removal.\n\n#### Bugs\n\n * <http://code.google.com/p/chromium/issues/detail?id=87148>\n", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2792", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2792"], "modified": "2011-08-03T00:00:00", "id": "UB:CVE-2011-2792", "href": "https://ubuntu.com/security/CVE-2011-2792", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T14:20:04", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via vectors related to iTunes Store\nbrowsing, a different vulnerability than other CVEs listed in\nAPPLE-SA-2011-10-11-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details) \n[sbeattie](<https://launchpad.net/~sbeattie>) | iTunes Store only? \n[jdstrand](<https://launchpad.net/~jdstrand>) | marking chromium-browser as fixed since it has 22+ on all releases and they sync with upstream webkit every few weeks\n", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "ubuntucve", "title": "CVE-2011-3239", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3239"], "modified": "2011-10-12T00:00:00", "id": "UB:CVE-2011-3239", "href": "https://ubuntu.com/security/CVE-2011-3239", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-30T14:33:10", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site, a different vulnerability than\nother WebKit CVEs listed in APPLE-SA-2011-07-20-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2011-0218", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0218"], "modified": "2011-07-21T00:00:00", "id": "UB:CVE-2011-0218", "href": "https://ubuntu.com/security/CVE-2011-0218", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:20:51", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site, a different vulnerability than\nother WebKit CVEs listed in APPLE-SA-2011-07-20-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1462", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1462"], "modified": "2011-07-21T00:00:00", "id": "UB:CVE-2011-1462", "href": "https://ubuntu.com/security/CVE-2011-1462", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-30T14:33:10", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site, a different vulnerability than\nother WebKit CVEs listed in APPLE-SA-2011-07-20-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details)\n", "cvss3": {}, "published": "2011-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2011-0223", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0223"], "modified": "2011-07-21T00:00:00", "id": "UB:CVE-2011-0223", "href": "https://ubuntu.com/security/CVE-2011-0223", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:20:04", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via vectors related to iTunes Store\nbrowsing, a different vulnerability than other CVEs listed in\nAPPLE-SA-2011-10-11-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details) \n[sbeattie](<https://launchpad.net/~sbeattie>) | iTunes Store specific? \n[jdstrand](<https://launchpad.net/~jdstrand>) | marking chromium-browser as fixed since it has 22+ on all releases and they sync with upstream webkit every few weeks\n", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "ubuntucve", "title": "CVE-2011-3241", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3241"], "modified": "2011-10-12T00:00:00", "id": "UB:CVE-2011-3241", "href": "https://ubuntu.com/security/CVE-2011-3241", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-29T14:20:06", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via vectors related to iTunes Store\nbrowsing, a different vulnerability than other CVEs listed in\nAPPLE-SA-2011-10-11-1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | qt4-x11 unmaintained upstream (see README.webkit for details) \n[sbeattie](<https://launchpad.net/~sbeattie>) | iTunes store specific?\n", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2809", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2809"], "modified": "2011-10-12T00:00:00", "id": "UB:CVE-2011-2809", "href": "https://ubuntu.com/security/CVE-2011-2809", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-05-29T14:16:37", "description": "Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"", "cvss3": {}, "published": "2011-08-03T00:55:00", "type": "cve", "title": "CVE-2011-2359", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2359"], "modified": "2020-05-21T00:59:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:6.0"], "id": "CVE-2011-2359", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2359", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:13:59", "description": "Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "cvss3": {}, "published": "2011-05-03T22:55:00", "type": "cve", "title": "CVE-2011-1449", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1449"], "modified": "2020-05-22T18:28:00", "cpe": [], "id": "CVE-2011-1449", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1449", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-29T14:14:00", "description": "Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to \"dangling pointers.\"", "cvss3": {}, "published": "2011-05-03T22:55:00", "type": "cve", "title": "CVE-2011-1451", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1451"], "modified": "2020-05-22T18:28:00", "cpe": [], "id": "CVE-2011-1451", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1451", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-29T14:16:36", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-2352", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2352"], "modified": "2017-09-19T01:32:00", "cpe": ["cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:webkit:*", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:9.1", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:8.0.0", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:9.1.1", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:10.3.1"], "id": "CVE-2011-2352", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2352", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:13:31", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "cvss3": {}, "published": "2011-07-21T23:55:00", "type": "cve", "title": "CVE-2011-1288", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1288"], "modified": "2011-10-21T02:53:00", "cpe": ["cpe:/a:apple:safari:2.0.1", "cpe:/a:apple:safari:3.1.0b", "cpe:/a:apple:safari:5.0.2", "cpe:/a:apple:safari:3.0.0", "cpe:/a:apple:safari:1.1", "cpe:/a:apple:safari:3.0.3", "cpe:/a:apple:webkit:*", "cpe:/a:apple:safari:3.1.0", "cpe:/a:apple:safari:1.3.1", "cpe:/a:apple:safari:1.0.3", "cpe:/a:apple:safari:1.2.0", "cpe:/a:apple:safari:3.0.2b", "cpe:/a:apple:safari:4.1.2", "cpe:/a:apple:safari:1.2.1", "cpe:/a:apple:safari:1.2.3", "cpe:/a:apple:safari:2.0.3", "cpe:/a:apple:safari:3.2.2", "cpe:/a:apple:safari:1.3.2", "cpe:/a:apple:safari:3.0.4", "cpe:/a:apple:safari:4.1", "cpe:/a:apple:safari:5.0.5", "cpe:/a:apple:safari:5.0", "cpe:/a:apple:safari:3.0", "cpe:/a:apple:safari:5.0.3", "cpe:/a:apple:safari:3.0.0b", "cpe:/a:apple:safari:3.0.4b", "cpe:/a:apple:safari:1.0.0", "cpe:/a:apple:safari:4.1.1", "cpe:/a:apple:safari:1.3", "cpe:/a:apple:safari:3.0.2", "cpe:/a:apple:safari:3.0.1", "cpe:/a:apple:safari:1.0.2", "cpe:/a:apple:safari:1.1.0", "cpe:/a:apple:safari:1.0.0b1", "cpe:/a:apple:safari:1.3.0", "cpe:/a:apple:safari:2.0.0", "cpe:/a:apple:safari:1.2.4", "cpe:/a:apple:safari:3.0.3b", "cpe:/a:apple:safari:1.0", "cpe:/a:apple:safari:3.1.2", "cpe:/a:apple:safari:5.0.4", "cpe:/a:apple:safari:1.2", "cpe:/a:apple:safari:1.0.0b2", "cpe:/a:apple:safari:5.0.1", "cpe:/a:apple:safari:2.0", "cpe:/a:apple:safari:2.0.2", "cpe:/a:apple:safari:3", "cpe:/a:apple:safari:3.1.1", "cpe:/a:apple:safari:1.0.1", "cpe:/a:apple:safari:1.2.2", "cpe:/a:apple:safari:2", "cpe:/a:apple:safari:3.2.0", "cpe:/a:apple:safari:3.0.1b", "cpe:/a:apple:safari:1.2.5", "cpe:/a:apple:safari:3.2.1", "cpe:/a:apple:safari:1.1.1", "cpe:/a:apple:safari:2.0.4"], "id": "CVE-2011-1288", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1288", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:16:33", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-2338", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2338"], "modified": "2017-09-19T01:32:00", "cpe": ["cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:7.4", "cpe:/a:apple:itunes:7.5", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:7.6", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:4.6", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:webkit:*", "cpe:/a:apple:itunes:4.7", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:8.2", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:4.5", "cpe:/a:apple:itunes:8.1", "cpe:/a:apple:itunes:7.7", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:10.3.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:8.1.1", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:8.0.2", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:8.2.1", "cpe:/a:apple:itunes:5.0", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:6.0.4.2", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:8.0.0"], "id": "CVE-2011-2338", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2338", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:19:55", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-3237", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3237"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:webkit:*", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:9.1", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:8.0.0", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:9.1.1", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:10.3.1"], "id": "CVE-2011-3237", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3237", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:19:49", "description": "Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-3219", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3219"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:7.4", "cpe:/a:apple:itunes:7.5", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:7.6", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:4.6", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:itunes:4.7", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:8.2", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:4.5", "cpe:/a:apple:itunes:8.1", "cpe:/a:apple:itunes:7.7", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:10.3.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:8.1.1", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:8.0.2", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:8.2.1", "cpe:/a:apple:itunes:5.0", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:6.0.4.2", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:8.0.0"], "id": "CVE-2011-3219", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3219", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:18:17", "description": "Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.", "cvss3": {}, "published": "2011-08-29T15:55:00", "type": "cve", "title": "CVE-2011-2823", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2823"], "modified": "2020-05-19T13:21:00", "cpe": [], "id": "CVE-2011-2823", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2823", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-29T14:16:33", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-2339", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2339"], "modified": "2017-09-19T01:32:00", "cpe": ["cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:7.4", "cpe:/a:apple:itunes:7.5", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:7.6", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:4.6", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:webkit:*", "cpe:/a:apple:itunes:4.7", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:8.2", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:4.5", "cpe:/a:apple:itunes:8.1", "cpe:/a:apple:itunes:7.7", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:10.3.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:8.1.1", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:8.0.2", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:8.2.1", "cpe:/a:apple:itunes:5.0", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:6.0.4.2", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:8.0.0"], "id": "CVE-2011-2339", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2339", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:16:36", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-2354", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2354"], "modified": "2017-09-19T01:32:00", "cpe": ["cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:webkit:*", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:9.1", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:8.0.0", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:9.1.1", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:10.3.1"], "id": "CVE-2011-2354", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2354", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:19:54", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-3236", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3236"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:webkit:*", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:9.1", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:8.0.0", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:9.1.1", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:10.3.1"], "id": "CVE-2011-3236", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3236", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-30T13:59:01", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "cvss3": {}, "published": "2011-07-21T23:55:00", "type": "cve", "title": "CVE-2011-0253", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0253"], "modified": "2011-10-14T02:50:00", "cpe": ["cpe:/a:apple:safari:2.0.3", "cpe:/a:apple:safari:3.0.2b", "cpe:/a:apple:safari:3.1.0b", "cpe:/a:apple:safari:3.0", "cpe:/a:apple:safari:2.0", "cpe:/a:apple:safari:1.2.1", "cpe:/a:apple:safari:1.2.4", "cpe:/a:apple:safari:1.3.0", "cpe:/a:apple:safari:5.0.2", "cpe:/a:apple:safari:2.0.1", "cpe:/a:apple:safari:4.1", "cpe:/a:apple:safari:1.0.0", "cpe:/a:apple:safari:2.0.4", "cpe:/a:apple:safari:3.0.3", "cpe:/a:apple:safari:1.2.5", "cpe:/a:apple:safari:3.0.2", "cpe:/a:apple:safari:1.2.0", "cpe:/a:apple:safari:3.0.1b", "cpe:/a:apple:safari:4.1.2", "cpe:/a:apple:safari:5.0", "cpe:/a:apple:safari:5.0.3", "cpe:/a:apple:safari:1.1.1", "cpe:/a:apple:safari:3.1.1", "cpe:/a:apple:safari:4.1.1", "cpe:/a:apple:safari:3", "cpe:/a:apple:safari:3.0.0", "cpe:/a:apple:safari:1.2", "cpe:/a:apple:safari:1.0.2", "cpe:/a:apple:safari:1.3.1", "cpe:/a:apple:safari:3.0.1", "cpe:/a:apple:safari:2", "cpe:/a:apple:safari:1.1.0", "cpe:/a:apple:safari:1.2.3", "cpe:/a:apple:safari:5.0.4", "cpe:/a:apple:safari:3.2.2", "cpe:/a:apple:safari:5.0.1", "cpe:/a:apple:safari:1.1", "cpe:/a:apple:safari:3.1.2", "cpe:/a:apple:safari:2.0.2", "cpe:/a:apple:safari:1.0.3", "cpe:/a:apple:safari:1.2.2", "cpe:/a:apple:safari:3.2.1", "cpe:/a:apple:webkit:*", "cpe:/a:apple:safari:1.0.0b2", "cpe:/a:apple:safari:5.0.5", "cpe:/a:apple:safari:1.3.2", "cpe:/a:apple:safari:1.0", "cpe:/a:apple:safari:3.0.4", "cpe:/a:apple:safari:3.0.3b", "cpe:/a:apple:safari:1.0.0b1", "cpe:/a:apple:safari:3.0.0b", "cpe:/a:apple:safari:3.1.0", "cpe:/a:apple:safari:3.0.4b", "cpe:/a:apple:safari:3.2.0", "cpe:/a:apple:safari:1.3", "cpe:/a:apple:safari:2.0.0", "cpe:/a:apple:safari:1.0.1"], "id": "CVE-2011-0253", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0253", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:12:56", "description": "Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale node.\"", "cvss3": {}, "published": "2011-03-01T23:00:00", "type": "cve", "title": "CVE-2011-1114", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1114"], "modified": "2020-06-04T18:05:00", "cpe": [], "id": "CVE-2011-1114", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1114", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-29T14:16:35", "description": "Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.", "cvss3": {}, "published": "2011-06-29T17:55:00", "type": "cve", "title": "CVE-2011-2351", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2351"], "modified": "2020-05-21T20:33:00", "cpe": [], "id": "CVE-2011-2351", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2351", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-29T14:19:56", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-3244", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3244"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:webkit:*", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:9.1", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:8.0.0", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:9.1.1", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:10.3.1"], "id": "CVE-2011-3244", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3244", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:14:00", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "cvss3": {}, "published": "2011-07-21T23:55:00", "type": "cve", "title": "CVE-2011-1457", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1457"], "modified": "2011-10-21T02:53:00", "cpe": ["cpe:/a:apple:safari:2.0.1", "cpe:/a:apple:safari:3.1.0b", "cpe:/a:apple:safari:5.0.2", "cpe:/a:apple:safari:3.0.0", "cpe:/a:apple:safari:1.1", "cpe:/a:apple:safari:3.0.3", "cpe:/a:apple:webkit:*", "cpe:/a:apple:safari:3.1.0", "cpe:/a:apple:safari:1.3.1", "cpe:/a:apple:safari:1.0.3", "cpe:/a:apple:safari:1.2.0", "cpe:/a:apple:safari:3.0.2b", "cpe:/a:apple:safari:4.1.2", "cpe:/a:apple:safari:1.2.1", "cpe:/a:apple:safari:1.2.3", "cpe:/a:apple:safari:2.0.3", "cpe:/a:apple:safari:3.2.2", "cpe:/a:apple:safari:1.3.2", "cpe:/a:apple:safari:3.0.4", "cpe:/a:apple:safari:4.1", "cpe:/a:apple:safari:5.0.5", "cpe:/a:apple:safari:5.0", "cpe:/a:apple:safari:3.0", "cpe:/a:apple:safari:5.0.3", "cpe:/a:apple:safari:3.0.0b", "cpe:/a:apple:safari:3.0.4b", "cpe:/a:apple:safari:1.0.0", "cpe:/a:apple:safari:4.1.1", "cpe:/a:apple:safari:1.3", "cpe:/a:apple:safari:3.0.2", "cpe:/a:apple:safari:3.0.1", "cpe:/a:apple:safari:1.0.2", "cpe:/a:apple:safari:1.1.0", "cpe:/a:apple:safari:1.0.0b1", "cpe:/a:apple:safari:1.3.0", "cpe:/a:apple:safari:2.0.0", "cpe:/a:apple:safari:1.2.4", "cpe:/a:apple:safari:3.0.3b", "cpe:/a:apple:safari:1.0", "cpe:/a:apple:safari:3.1.2", "cpe:/a:apple:safari:5.0.4", "cpe:/a:apple:safari:1.2", "cpe:/a:apple:safari:1.0.0b2", "cpe:/a:apple:safari:5.0.1", "cpe:/a:apple:safari:2.0", "cpe:/a:apple:safari:2.0.2", "cpe:/a:apple:safari:3", "cpe:/a:apple:safari:3.1.1", "cpe:/a:apple:safari:1.0.1", "cpe:/a:apple:safari:1.2.2", "cpe:/a:apple:safari:2", "cpe:/a:apple:safari:3.2.0", "cpe:/a:apple:safari:3.0.1b", "cpe:/a:apple:safari:1.2.5", "cpe:/a:apple:safari:3.2.1", "cpe:/a:apple:safari:1.1.1", "cpe:/a:apple:safari:2.0.4"], "id": "CVE-2011-1457", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1457", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:18:19", "description": "Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.", "cvss3": {}, "published": "2011-08-29T15:55:00", "type": "cve", "title": "CVE-2011-2827", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2827"], "modified": "2020-05-19T13:27:00", "cpe": [], "id": "CVE-2011-2827", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2827", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-29T14:12:58", "description": "Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to \"stale nodes.\"", "cvss3": {}, "published": "2011-03-01T23:00:00", "type": "cve", "title": "CVE-2011-1117", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1117"], "modified": "2020-06-04T18:48:00", "cpe": [], "id": "CVE-2011-1117", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1117", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-29T14:19:55", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-3233", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3233"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:webkit:*", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:9.1", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:8.0.0", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:9.1.1", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:10.3.1"], "id": "CVE-2011-3233", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3233", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-30T13:58:57", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "cvss3": {}, "published": "2011-07-21T23:55:00", "type": "cve", "title": "CVE-2011-0234", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0234"], "modified": "2011-10-21T02:51:00", "cpe": ["cpe:/a:apple:safari:2.0.3", "cpe:/a:apple:safari:3.0.2b", "cpe:/a:apple:safari:3.1.0b", "cpe:/a:apple:safari:3.0", "cpe:/a:apple:safari:2.0", "cpe:/a:apple:safari:1.2.1", "cpe:/a:apple:safari:1.2.4", "cpe:/a:apple:safari:1.3.0", "cpe:/a:apple:safari:5.0.2", "cpe:/a:apple:safari:2.0.1", "cpe:/a:apple:safari:4.1", "cpe:/a:apple:safari:1.0.0", "cpe:/a:apple:safari:2.0.4", "cpe:/a:apple:safari:3.0.3", "cpe:/a:apple:safari:1.2.5", "cpe:/a:apple:safari:3.0.2", "cpe:/a:apple:safari:1.2.0", "cpe:/a:apple:safari:3.0.1b", "cpe:/a:apple:safari:4.1.2", "cpe:/a:apple:safari:5.0", "cpe:/a:apple:safari:5.0.3", "cpe:/a:apple:safari:1.1.1", "cpe:/a:apple:safari:3.1.1", "cpe:/a:apple:safari:4.1.1", "cpe:/a:apple:safari:3", "cpe:/a:apple:safari:3.0.0", "cpe:/a:apple:safari:1.2", "cpe:/a:apple:safari:1.0.2", "cpe:/a:apple:safari:1.3.1", "cpe:/a:apple:safari:3.0.1", "cpe:/a:apple:safari:2", "cpe:/a:apple:safari:1.1.0", "cpe:/a:apple:safari:1.2.3", "cpe:/a:apple:safari:5.0.4", "cpe:/a:apple:safari:3.2.2", "cpe:/a:apple:safari:5.0.1", "cpe:/a:apple:safari:1.1", "cpe:/a:apple:safari:3.1.2", "cpe:/a:apple:safari:2.0.2", "cpe:/a:apple:safari:1.0.3", "cpe:/a:apple:safari:1.2.2", "cpe:/a:apple:safari:3.2.1", "cpe:/a:apple:webkit:*", "cpe:/a:apple:safari:1.0.0b2", "cpe:/a:apple:safari:5.0.5", "cpe:/a:apple:safari:1.3.2", "cpe:/a:apple:safari:1.0", "cpe:/a:apple:safari:3.0.4", "cpe:/a:apple:safari:3.0.3b", "cpe:/a:apple:safari:1.0.0b1", "cpe:/a:apple:safari:3.0.0b", "cpe:/a:apple:safari:3.1.0", "cpe:/a:apple:safari:3.0.4b", "cpe:/a:apple:safari:3.2.0", "cpe:/a:apple:safari:1.3", "cpe:/a:apple:safari:2.0.0", "cpe:/a:apple:safari:1.0.1"], "id": "CVE-2011-0234", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0234", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-30T13:58:43", "description": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.", "cvss3": {}, "published": "2011-03-03T20:00:00", "type": "cve", "title": "CVE-2011-0164", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0164"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:5.0", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:7.6", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.5", "cpe:/a:apple:itunes:4.6", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:7.5", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:7.4", "cpe:/a:apple:itunes:8.0.0", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:8.1.1", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:4.7", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:6.0.4.2", "cpe:/a:apple:itunes:8.0.2", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:8.2.1", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:7.7", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:webkit:*", "cpe:/a:apple:itunes:8.2", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:8.1", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:7.2.0"], "id": "CVE-2011-0164", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0164", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:14:00", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "cvss3": {}, "published": "2011-07-21T23:55:00", "type": "cve", "title": "CVE-2011-1453", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1453"], "modified": "2011-10-21T02:53:00", "cpe": ["cpe:/a:apple:safari:2.0.1", "cpe:/a:apple:safari:3.1.0b", "cpe:/a:apple:safari:5.0.2", "cpe:/a:apple:safari:3.0.0", "cpe:/a:apple:safari:1.1", "cpe:/a:apple:safari:3.0.3", "cpe:/a:apple:webkit:*", "cpe:/a:apple:safari:3.1.0", "cpe:/a:apple:safari:1.3.1", "cpe:/a:apple:safari:1.0.3", "cpe:/a:apple:safari:1.2.0", "cpe:/a:apple:safari:3.0.2b", "cpe:/a:apple:safari:4.1.2", "cpe:/a:apple:safari:1.2.1", "cpe:/a:apple:safari:1.2.3", "cpe:/a:apple:safari:2.0.3", "cpe:/a:apple:safari:3.2.2", "cpe:/a:apple:safari:1.3.2", "cpe:/a:apple:safari:3.0.4", "cpe:/a:apple:safari:4.1", "cpe:/a:apple:safari:5.0.5", "cpe:/a:apple:safari:5.0", "cpe:/a:apple:safari:3.0", "cpe:/a:apple:safari:5.0.3", "cpe:/a:apple:safari:3.0.0b", "cpe:/a:apple:safari:3.0.4b", "cpe:/a:apple:safari:1.0.0", "cpe:/a:apple:safari:4.1.1", "cpe:/a:apple:safari:1.3", "cpe:/a:apple:safari:3.0.2", "cpe:/a:apple:safari:3.0.1", "cpe:/a:apple:safari:1.0.2", "cpe:/a:apple:safari:1.1.0", "cpe:/a:apple:safari:1.0.0b1", "cpe:/a:apple:safari:1.3.0", "cpe:/a:apple:safari:2.0.0", "cpe:/a:apple:safari:1.2.4", "cpe:/a:apple:safari:3.0.3b", "cpe:/a:apple:safari:1.0", "cpe:/a:apple:safari:3.1.2", "cpe:/a:apple:safari:5.0.4", "cpe:/a:apple:safari:1.2", "cpe:/a:apple:safari:1.0.0b2", "cpe:/a:apple:safari:5.0.1", "cpe:/a:apple:safari:2.0", "cpe:/a:apple:safari:2.0.2", "cpe:/a:apple:safari:3", "cpe:/a:apple:safari:3.1.1", "cpe:/a:apple:safari:1.0.1", "cpe:/a:apple:safari:1.2.2", "cpe:/a:apple:safari:2", "cpe:/a:apple:safari:3.2.0", "cpe:/a:apple:safari:3.0.1b", "cpe:/a:apple:safari:1.2.5", "cpe:/a:apple:safari:3.2.1", "cpe:/a:apple:safari:1.1.1", "cpe:/a:apple:safari:2.0.4"], "id": "CVE-2011-1453", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1453", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:13:57", "description": "Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.", "cvss3": {}, "published": "2011-05-03T22:55:00", "type": "cve", "title": "CVE-2011-1440", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1440"], "modified": "2020-05-22T18:24:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:6.0"], "id": "CVE-2011-1440", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1440", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:13:16", "description": "Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.", "cvss3": {}, "published": "2011-03-11T02:01:00", "type": "cve", "title": "CVE-2011-1204", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1204"], "modified": "2020-06-04T14:17:00", "cpe": [], "id": "CVE-2011-1204", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1204", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-29T14:12:57", "description": "Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"", "cvss3": {}, "published": "2011-03-01T23:00:00", "type": "cve", "title": "CVE-2011-1115", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1115"], "modified": "2020-06-04T18:06:00", "cpe": [], "id": "CVE-2011-1115", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1115", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-30T13:59:02", "description": "CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-0259", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0259"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:5.0", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:7.6", "cpe:/a:apple:itunes:10.3.1", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.5", "cpe:/a:apple:itunes:4.6", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:7.5", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:7.4", "cpe:/a:apple:itunes:8.0.0", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:8.1.1", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:4.7", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:6.0.4.2", "cpe:/a:apple:itunes:8.0.2", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:8.2.1", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:7.7", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:8.2", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:8.1", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:7.2.0"], "id": "CVE-2011-0259", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0259", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:13:33", "description": "Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "cvss3": {}, "published": "2011-03-25T19:55:00", "type": "cve", "title": "CVE-2011-1293", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1293"], "modified": "2020-05-29T21:03:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:6.0"], "id": "CVE-2011-1293", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1293", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:16:36", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-2356", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2356"], "modified": "2017-09-19T01:32:00", "cpe": ["cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:webkit:*", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:9.1", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:8.0.0", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:9.1.1", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:10.3.1"], "id": "CVE-2011-2356", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2356", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:18:20", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-2831", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2831"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:webkit:*", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:9.1", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:8.0.0", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:9.1.1", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:10.3.1"], "id": "CVE-2011-2831", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2831", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:12:58", "description": "Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"", "cvss3": {}, "published": "2011-03-01T23:00:00", "type": "cve", "title": "CVE-2011-1109", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1109"], "modified": "2020-06-03T20:04:00", "cpe": [], "id": "CVE-2011-1109", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1109", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-29T14:18:15", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-2820", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2820"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:webkit:*", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:9.1", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:8.0.0", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:9.1.1", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:10.3.1"], "id": "CVE-2011-2820", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2820", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:13:31", "description": "Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"", "cvss3": {}, "published": "2011-03-25T19:55:00", "type": "cve", "title": "CVE-2011-1296", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1296"], "modified": "2020-05-29T21:06:00", "cpe": [], "id": "CVE-2011-1296", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1296", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-29T14:18:09", "description": "Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.", "cvss3": {}, "published": "2011-08-03T00:55:00", "type": "cve", "title": "CVE-2011-2788", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2788"], "modified": "2020-05-19T15:25:00", "cpe": [], "id": "CVE-2011-2788", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2788", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-30T13:58:57", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "cvss3": {}, "published": "2011-07-21T23:55:00", "type": "cve", "title": "CVE-2011-0233", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0233"], "modified": "2011-10-21T02:51:00", "cpe": ["cpe:/a:apple:safari:2.0.3", "cpe:/a:apple:safari:3.0.2b", "cpe:/a:apple:safari:3.1.0b", "cpe:/a:apple:safari:3.0", "cpe:/a:apple:safari:2.0", "cpe:/a:apple:safari:1.2.1", "cpe:/a:apple:safari:1.2.4", "cpe:/a:apple:safari:1.3.0", "cpe:/a:apple:safari:5.0.2", "cpe:/a:apple:safari:2.0.1", "cpe:/a:apple:safari:4.1", "cpe:/a:apple:safari:1.0.0", "cpe:/a:apple:safari:2.0.4", "cpe:/a:apple:safari:3.0.3", "cpe:/a:apple:safari:1.2.5", "cpe:/a:apple:safari:3.0.2", "cpe:/a:apple:safari:1.2.0", "cpe:/a:apple:safari:3.0.1b", "cpe:/a:apple:safari:4.1.2", "cpe:/a:apple:safari:5.0", "cpe:/a:apple:safari:5.0.3", "cpe:/a:apple:safari:1.1.1", "cpe:/a:apple:safari:3.1.1", "cpe:/a:apple:safari:4.1.1", "cpe:/a:apple:safari:3", "cpe:/a:apple:safari:3.0.0", "cpe:/a:apple:safari:1.2", "cpe:/a:apple:safari:1.0.2", "cpe:/a:apple:safari:1.3.1", "cpe:/a:apple:safari:3.0.1", "cpe:/a:apple:safari:2", "cpe:/a:apple:safari:1.1.0", "cpe:/a:apple:safari:1.2.3", "cpe:/a:apple:safari:5.0.4", "cpe:/a:apple:safari:3.2.2", "cpe:/a:apple:safari:5.0.1", "cpe:/a:apple:safari:1.1", "cpe:/a:apple:safari:3.1.2", "cpe:/a:apple:safari:2.0.2", "cpe:/a:apple:safari:1.0.3", "cpe:/a:apple:safari:1.2.2", "cpe:/a:apple:safari:3.2.1", "cpe:/a:apple:webkit:*", "cpe:/a:apple:safari:1.0.0b2", "cpe:/a:apple:safari:5.0.5", "cpe:/a:apple:safari:1.3.2", "cpe:/a:apple:safari:1.0", "cpe:/a:apple:safari:3.0.4", "cpe:/a:apple:safari:3.0.3b", "cpe:/a:apple:safari:1.0.0b1", "cpe:/a:apple:safari:3.0.0b", "cpe:/a:apple:safari:3.1.0", "cpe:/a:apple:safari:3.0.4b", "cpe:/a:apple:safari:3.2.0", "cpe:/a:apple:safari:1.3", "cpe:/a:apple:safari:2.0.0", "cpe:/a:apple:safari:1.0.1"], "id": "CVE-2011-0233", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0233", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-30T13:58:53", "description": "Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.", "cvss3": {}, "published": "2011-06-24T20:55:00", "type": "cve", "title": "CVE-2011-0200", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0200"], "modified": "2012-02-04T03:56:00", "cpe": ["cpe:/o:apple:mac_os_x:10.6.6", "cpe:/o:apple:mac_os_x:10.6.5", "cpe:/o:apple:mac_os_x_server:10.6.6", "cpe:/o:apple:mac_os_x_server:10.6.2", "cpe:/o:apple:mac_os_x_server:10.6.7", "cpe:/o:apple:mac_os_x_server:10.6.5", "cpe:/o:apple:mac_os_x:10.6.3", "cpe:/o:apple:mac_os_x:10.6.4", "cpe:/o:apple:mac_os_x:10.6.2", "cpe:/o:apple:mac_os_x_server:10.6.3", "cpe:/o:apple:mac_os_x_server:10.6.0", "cpe:/o:apple:mac_os_x:10.6.0", "cpe:/o:apple:mac_os_x:10.6.1", "cpe:/o:apple:mac_os_x_server:10.6.1", "cpe:/o:apple:mac_os_x_server:10.6.4", "cpe:/o:apple:mac_os_x:10.6.7"], "id": "CVE-2011-0200", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0200", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:13:16", "description": "Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"", "cvss3": {}, "published": "2011-03-11T02:01:00", "type": "cve", "title": "CVE-2011-1203", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1203"], "modified": "2020-06-03T18:47:00", "cpe": [], "id": "CVE-2011-1203", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1203", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-29T14:19:53", "description": "YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.", "cvss3": {}, "published": "2011-09-29T00:55:00", "type": "cve", "title": "CVE-2011-3232", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3232"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:2.0_.9", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0_.4", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:thunderbird:2.0_.12", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:thunderbird:2.0_.13", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:seamonkey:2.0a1pre", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:thunderbird:2.0_.5", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0_.6", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:thunderbird:3.1.8", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0_.14", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:thunderbird:3.1.9", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:1.0.99", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:thunderbird:2.0_8", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:seamonkey:2.0a1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:1.1.13", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.1"], "id": "CVE-2011-3232", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3232", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0a1:*:pre:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0a1pre:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:beta:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0_.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*"]}, {"lastseen": "2023-05-30T13:58:54", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "cvss3": {}, "published": "2011-07-21T23:55:00", "type": "cve", "title": "CVE-2011-0225", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0225"], "modified": "2011-10-21T02:51:00", "cpe": ["cpe:/a:apple:safari:2.0.3", "cpe:/a:apple:safari:3.0.2b", "cpe:/a:apple:safari:3.1.0b", "cpe:/a:apple:safari:3.0", "cpe:/a:apple:safari:2.0", "cpe:/a:apple:safari:1.2.1", "cpe:/a:apple:safari:1.2.4", "cpe:/a:apple:safari:1.3.0", "cpe:/a:apple:safari:5.0.2", "cpe:/a:apple:safari:2.0.1", "cpe:/a:apple:safari:4.1", "cpe:/a:apple:safari:1.0.0", "cpe:/a:apple:safari:2.0.4", "cpe:/a:apple:safari:3.0.3", "cpe:/a:apple:safari:1.2.5", "cpe:/a:apple:safari:3.0.2", "cpe:/a:apple:safari:1.2.0", "cpe:/a:apple:safari:3.0.1b", "cpe:/a:apple:safari:4.1.2", "cpe:/a:apple:safari:5.0", "cpe:/a:apple:safari:5.0.3", "cpe:/a:apple:safari:1.1.1", "cpe:/a:apple:safari:3.1.1", "cpe:/a:apple:safari:4.1.1", "cpe:/a:apple:safari:3", "cpe:/a:apple:safari:3.0.0", "cpe:/a:apple:safari:1.2", "cpe:/a:apple:safari:1.0.2", "cpe:/a:apple:safari:1.3.1", "cpe:/a:apple:safari:3.0.1", "cpe:/a:apple:safari:2", "cpe:/a:apple:safari:1.1.0", "cpe:/a:apple:safari:1.2.3", "cpe:/a:apple:safari:5.0.4", "cpe:/a:apple:safari:3.2.2", "cpe:/a:apple:safari:5.0.1", "cpe:/a:apple:safari:1.1", "cpe:/a:apple:safari:3.1.2", "cpe:/a:apple:safari:2.0.2", "cpe:/a:apple:safari:1.0.3", "cpe:/a:apple:safari:1.2.2", "cpe:/a:apple:safari:3.2.1", "cpe:/a:apple:webkit:*", "cpe:/a:apple:safari:1.0.0b2", "cpe:/a:apple:safari:5.0.5", "cpe:/a:apple:safari:1.3.2", "cpe:/a:apple:safari:1.0", "cpe:/a:apple:safari:3.0.4", "cpe:/a:apple:safari:3.0.3b", "cpe:/a:apple:safari:1.0.0b1", "cpe:/a:apple:safari:3.0.0b", "cpe:/a:apple:safari:3.1.0", "cpe:/a:apple:safari:3.0.4b", "cpe:/a:apple:safari:3.2.0", "cpe:/a:apple:safari:1.3", "cpe:/a:apple:safari:2.0.0", "cpe:/a:apple:safari:1.0.1"], "id": "CVE-2011-0225", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0225", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:18:12", "description": "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.", "cvss3": {}, "published": "2011-08-03T00:55:00", "type": "cve", "title": "CVE-2011-2792", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2792"], "modified": "2020-05-20T01:49:00", "cpe": [], "id": "CVE-2011-2792", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2792", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-29T14:19:59", "description": "Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-3252", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3252"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:7.4", "cpe:/a:apple:itunes:7.5", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:7.6", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:4.6", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:itunes:4.7", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:8.2", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:4.5", "cpe:/a:apple:itunes:8.1", "cpe:/a:apple:itunes:7.7", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:10.3.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:8.1.1", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:8.0.2", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:8.2.1", "cpe:/a:apple:itunes:5.0", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:6.0.4.2", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:8.0.0"], "id": "CVE-2011-3252", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3252", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:19:54", "description": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-3239", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3239"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:webkit:*", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:9.1", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:8.0.0", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:9.1.1", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:10.3.1"], "id": "CVE-2011-3239", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3239", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-30T13:58:54", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "cvss3": {}, "published": "2011-07-21T23:55:00", "type": "cve", "title": "CVE-2011-0218", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0218"], "modified": "2011-10-21T02:51:00", "cpe": ["cpe:/a:apple:safari:2.0.3", "cpe:/a:apple:safari:3.0.2b", "cpe:/a:apple:safari:3.1.0b", "cpe:/a:apple:safari:3.0", "cpe:/a:apple:safari:2.0", "cpe:/a:apple:safari:1.2.1", "cpe:/a:apple:safari:1.2.4", "cpe:/a:apple:safari:1.3.0", "cpe:/a:apple:safari:5.0.2", "cpe:/a:apple:safari:2.0.1", "cpe:/a:apple:safari:4.1", "cpe:/a:apple:safari:1.0.0", "cpe:/a:apple:safari:2.0.4", "cpe:/a:apple:safari:3.0.3", "cpe:/a:apple:safari:1.2.5", "cpe:/a:apple:safari:3.0.2", "cpe:/a:apple:safari:1.2.0", "cpe:/a:apple:safari:3.0.1b", "cpe:/a:apple:safari:4.1.2", "cpe:/a:apple:safari:5.0", "cpe:/a:apple:safari:5.0.3", "cpe:/a:apple:safari:1.1.1", "cpe:/a:apple:safari:3.1.1", "cpe:/a:apple:safari:4.1.1", "cpe:/a:apple:safari:3", "cpe:/a:apple:safari:3.0.0", "cpe:/a:apple:safari:1.2", "cpe:/a:apple:safari:1.0.2", "cpe:/a:apple:safari:1.3.1", "cpe:/a:apple:safari:3.0.1", "cpe:/a:apple:safari:2", "cpe:/a:apple:safari:1.1.0", "cpe:/a:apple:safari:1.2.3", "cpe:/a:apple:safari:5.0.4", "cpe:/a:apple:safari:3.2.2", "cpe:/a:apple:safari:5.0.1", "cpe:/a:apple:safari:1.1", "cpe:/a:apple:safari:3.1.2", "cpe:/a:apple:safari:2.0.2", "cpe:/a:apple:safari:1.0.3", "cpe:/a:apple:safari:1.2.2", "cpe:/a:apple:safari:3.2.1", "cpe:/a:apple:webkit:*", "cpe:/a:apple:safari:1.0.0b2", "cpe:/a:apple:safari:5.0.5", "cpe:/a:apple:safari:1.3.2", "cpe:/a:apple:safari:1.0", "cpe:/a:apple:safari:3.0.4", "cpe:/a:apple:safari:3.0.3b", "cpe:/a:apple:safari:1.0.0b1", "cpe:/a:apple:safari:3.0.0b", "cpe:/a:apple:safari:3.1.0", "cpe:/a:apple:safari:3.0.4b", "cpe:/a:apple:safari:3.2.0", "cpe:/a:apple:safari:1.3", "cpe:/a:apple:safari:2.0.0", "cpe:/a:apple:safari:1.0.1"], "id": "CVE-2011-0218", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0218", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-29T14:14:03", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "cvss3": {}, "published": "2011-07-21T23:55:00", "type": "cve", "title": "CVE-2011-1462", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1462"], "modified": "2011-10-21T02:53:00", "cpe": ["cpe:/a:apple:safari:2.0.1", "cpe:/a:apple:safari:3.1.0b", "cpe:/a:apple:safari:5.0.2", "cpe:/a:apple:safari:3.0.0", "cpe:/a:apple:safari:1.1", "cpe:/a:apple:safari:3.0.3", "cpe:/a:apple:webkit:*", "cpe:/a:apple:safari:3.1.0", "cpe:/a:apple:safari:1.3.1", "cpe:/a:apple:safari:1.0.3", "cpe:/a:apple:safari:1.2.0", "cpe:/a:apple:safari:3.0.2b", "cpe:/a:apple:safari:4.1.2", "cpe:/a:apple:safari:1.2.1", "cpe:/a:apple:safari:1.2.3", "cpe:/a:apple:safari:2.0.3", "cpe:/a:apple:safari:3.2.2", "cpe:/a:apple:safari:1.3.2", "cpe:/a:apple:safari:3.0.4", "cpe:/a:apple:safari:4.1", "cpe:/a:apple:safari:5.0.5", "cpe:/a:apple:safari:5.0", "cpe:/a:apple:safari:3.0", "cpe:/a:apple:safari:5.0.3", "cpe:/a:apple:safari:3.0.0b", "cp
Apple iTunes < 10.5 Multiple Vulnerabilities (credentialed check)
