var-201204-0089
Vulnerability from variot
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling. Google Chrome Is inadequate in focus processing, so it interferes with service operation. (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, and perform cross-origin attacks; other attacks may also be possible. NOTE: The issue (described by CVE-2011-3071) has been moved to BID 57027 (Webkit CVE-2011-3071 Remote Code Execution Vulnerability) to better document it. Versions prior to Chrome 18.0.1025.151 are vulnerable. Google Chrome is a web browser developed by Google (Google). ============================================================================ Ubuntu Security Notice USN-1617-1 October 25, 2012
webkit vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Multiple security vulnerabilities were fixed in WebKit.
Software Description: - webkit: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKit browser and JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: libjavascriptcoregtk-1.0-0 1.8.3-0ubuntu0.12.04.1 libjavascriptcoregtk-3.0-0 1.8.3-0ubuntu0.12.04.1 libwebkitgtk-1.0-0 1.8.3-0ubuntu0.12.04.1 libwebkitgtk-3.0-0 1.8.3-0ubuntu0.12.04.1
After a standard system update you need to restart your session to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1617-1 CVE-2011-3031, CVE-2011-3038, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3051, CVE-2011-3053, CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3076, CVE-2011-3081, CVE-2011-3086, CVE-2011-3090, CVE-2012-1521, CVE-2012-3598, CVE-2012-3601, CVE-2012-3604, CVE-2012-3611, CVE-2012-3612, CVE-2012-3617, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3645, CVE-2012-3652, CVE-2012-3657, CVE-2012-3669, CVE-2012-3670, CVE-2012-3671, CVE-2012-3672, CVE-2012-3674, CVE-2012-3674, https://launchpad.net/bugs/1058339
Package Information: https://launchpad.net/ubuntu/+source/webkit/1.8.3-0ubuntu0.12.04.1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-09-12-1 iTunes 10.7
iTunes 10.7 is now available and addresses the following:
WebKit Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues are addressed through improved memory handling. CVE-ID CVE-2011-3016 : miaubiz CVE-2011-3021 : Arthur Gerkis CVE-2011-3027 : miaubiz CVE-2011-3032 : Arthur Gerkis CVE-2011-3034 : Arthur Gerkis CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur Gerkis CVE-2011-3036 : miaubiz CVE-2011-3037 : miaubiz CVE-2011-3038 : miaubiz CVE-2011-3039 : miaubiz CVE-2011-3040 : miaubiz CVE-2011-3041 : miaubiz CVE-2011-3042 : miaubiz CVE-2011-3043 : miaubiz CVE-2011-3044 : Arthur Gerkis CVE-2011-3050 : miaubiz CVE-2011-3053 : miaubiz CVE-2011-3059 : Arthur Gerkis CVE-2011-3060 : miaubiz CVE-2011-3064 : Atte Kettunen of OUSPG CVE-2011-3068 : miaubiz CVE-2011-3069 : miaubiz CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative CVE-2011-3073 : Arthur Gerkis CVE-2011-3074 : Slawomir Blazek CVE-2011-3075 : miaubiz CVE-2011-3076 : miaubiz CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team CVE-2011-3081 : miaubiz CVE-2011-3086 : Arthur Gerkis CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz CVE-2011-3090 : Arthur Gerkis CVE-2011-3105 : miaubiz CVE-2011-3913 : Arthur Gerkis CVE-2011-3924 : Arthur Gerkis CVE-2011-3926 : Arthur Gerkis CVE-2011-3958 : miaubiz CVE-2011-3966 : Aki Helin of OUSPG CVE-2011-3968 : Arthur Gerkis CVE-2011-3969 : Arthur Gerkis CVE-2011-3971 : Arthur Gerkis CVE-2012-0682 : Apple Product Security CVE-2012-0683 : Dave Mandelin of Mozilla CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-2817 : miaubiz CVE-2012-2818 : miaubiz CVE-2012-2829 : miaubiz CVE-2012-2831 : miaubiz CVE-2012-2842 : miaubiz CVE-2012-2843 : miaubiz CVE-2012-3589 : Dave Mandelin of Mozilla CVE-2012-3590 : Apple Product Security CVE-2012-3591 : Apple Product Security CVE-2012-3592 : Apple Product Security CVE-2012-3593 : Apple Product Security CVE-2012-3594 : miaubiz CVE-2012-3595 : Martin Barbella of Google Chrome Security CVE-2012-3596 : Skylined of the Google Chrome Security Team CVE-2012-3597 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2012-3598 : Apple Product Security CVE-2012-3599 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2012-3600 : David Levin of the Chromium development community CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer CVE-2012-3602 : miaubiz CVE-2012-3603 : Apple Product Security CVE-2012-3604 : Skylined of the Google Chrome Security Team CVE-2012-3605 : Cris Neckar of the Google Chrome Security team CVE-2012-3606 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3607 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3608 : Skylined of the Google Chrome Security Team CVE-2012-3609 : Skylined of the Google Chrome Security Team CVE-2012-3610 : Skylined of the Google Chrome Security Team CVE-2012-3611 : Apple Product Security CVE-2012-3612 : Skylined of the Google Chrome Security Team CVE-2012-3613 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3614 : Yong Li of Research In Motion, Inc. CVE-2012-3615 : Stephen Chenney of the Chromium development community CVE-2012-3616 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3617 : Apple Product Security CVE-2012-3618 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2012-3620 : Abhishek Arya of Google Chrome Security Team CVE-2012-3621 : Skylined of the Google Chrome Security Team CVE-2012-3622 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3623 : Skylined of the Google Chrome Security Team CVE-2012-3624 : Skylined of the Google Chrome Security Team CVE-2012-3625 : Skylined of Google Chrome Security Team CVE-2012-3626 : Apple Product Security CVE-2012-3627 : Skylined and Abhishek Arya of Google Chrome Security team CVE-2012-3628 : Apple Product Security CVE-2012-3629 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2012-3630 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2012-3631 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2012-3632 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3640 : miaubiz CVE-2012-3641 : Slawomir Blazek CVE-2012-3642 : miaubiz CVE-2012-3643 : Skylined of the Google Chrome Security Team CVE-2012-3644 : miaubiz CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3646 : Julien Chaffraix of the Chromium development community, Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3647 : Skylined of the Google Chrome Security Team CVE-2012-3648 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3649 : Dominic Cooney of Google and Martin Barbella of the Google Chrome Security Team CVE-2012-3651 : Abhishek Arya and Martin Barbella of the Google Chrome Security Team CVE-2012-3652 : Martin Barbella of Google Chrome Security Team CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3654 : Skylined of the Google Chrome Security Team CVE-2012-3655 : Skylined of the Google Chrome Security Team CVE-2012-3656 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2012-3657 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3658 : Apple CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3660 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3661 : Apple Product Security CVE-2012-3663 : Skylined of Google Chrome Security Team CVE-2012-3664 : Thomas Sepez of the Chromium development community CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3666 : Apple CVE-2012-3667 : Trevor Squires of propaneapp.com CVE-2012-3668 : Apple Product Security CVE-2012-3669 : Apple Product Security CVE-2012-3670 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer, Arthur Gerkis CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome Security Team CVE-2012-3672 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3673 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3674 : Skylined of Google Chrome Security Team CVE-2012-3675 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3676 : Julien Chaffraix of the Chromium development community CVE-2012-3677 : Apple CVE-2012-3678 : Apple Product Security CVE-2012-3679 : Chris Leary of Mozilla CVE-2012-3680 : Skylined of Google Chrome Security Team CVE-2012-3681 : Apple CVE-2012-3682 : Adam Barth of the Google Chrome Security Team CVE-2012-3683 : wushi of team509 working with iDefense VCP CVE-2012-3684 : kuzzcc CVE-2012-3685 : Apple Product Security CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing) CVE-2012-3687 : kuzzcc CVE-2012-3688 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3692 : Skylined of the Google Chrome Security Team, Apple Product Security CVE-2012-3699 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3700 : Apple Product Security CVE-2012-3701 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3702 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3703 : Apple Product Security CVE-2012-3704 : Skylined of the Google Chrome Security Team CVE-2012-3705 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3706 : Apple Product Security CVE-2012-3707 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer CVE-2012-3708 : Apple CVE-2012-3709 : Apple Product Security CVE-2012-3710 : James Robinson of Google CVE-2012-3711 : Skylined of the Google Chrome Security Team CVE-2012-3712 : Abhishek Arya of the Google Chrome Security Team using AddressSanitizer
iTunes 10.7 may be obtained from: http://www.apple.com/itunes/download/
For Windows XP / Vista / Windows 7: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 499c39aad4a05c76286e3159f4e1e081dab8fe86
For 64-bit Windows XP / Vista / Windows 7: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: c632854371097edbf3d831f7f2d449297d9f988e
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQUMRFAAoJEPefwLHPlZEwmlsP/2mlVZEsRtFPk3k/mkYyj8gs 4j8VH6D5PNk7cR5S65L0BRM6ijmvGJ1J5WyKxdK55BtZ2gd1vGjmpruSMVptDIzF JkRQKV8koK/kqUIGI679borf8qv9hK0eFsoO8cVfGfA3LoRB94DlKl9UGhZpQjIt bKS2hsNvDO1EWaoVFZeJw6wxx37zp8XdIuneoNsEPgECJywfMtncQT1MDE0deP5D 79vb3ds44CpCV2ltdwni5n43sUmGalCyMLkuR8GkUUQ7hd631cSOXK1mw39w6CY+ kM8lpczoW8s116E44GeGSu5rrYgOfthJPO0yUolB/kdjoccEri802YLq84Y2FV9u c0T2BWMjmcoCEfuhT1JW6dL8FXTQGrQz/DvQlIzkzUf3KHVuu0pfc0V4bG202c2h zGnHNsZOY38wAFwHbISBs0BM78/G2fJeOaXil2eUu1F8ChZOw4+KqQYee9lUgM1u FBamxVVi5bzc4qj+EraLQS0X1gehKX3Riq6SwF6L7uOw0oSHTUwrqoiJq9s6CtGd 7YdxNQAugTScCWW0dCLajg5M4lW1pudOgIU1VfTnGYvqGTMsLCRL5WtJ69anQzWv 7pi898e8Wn7Iw1y3CTkoZZZNg9yD5ZvYf7FkIqEVj8ksmGliDC/O988KVg/dWQ7F HUcSouao5FGpzuLJSdhc =l7aG -----END PGP SIGNATURE----- . This fixes multiple vulnerabilities, where some have unknown impacts while others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA48732
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48732/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48732
RELEASE DATE: 2012-04-06
DISCUSS ADVISORY: http://secunia.com/advisories/48732/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48732/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48732
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome where some have unknown impacts while others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
1) Two unspecified errors in Flash Player can be exploited to corrupt memory in the Chrome interface.
2) An out-of-bounds read error exists when handling Skia clipping.
3) An error exists within the cross-origin policy when handling iframe replacement.
4) A use-after-free error exists when handling run-ins.
5) A use-after-free error exists when handling line boxes.
6) A use-after-free error exits when handling v8 bindings.
7) A use-after-free error exits when handling HTMLMediaElement.
8) An error exists within the cross-origin policy when parenting pop-up windows.
9) A use-after-free error exists when handling SVG resources.
10) A use-after-free error exists when handling media content.
11) A use-after-free error exists when applying style commands.
12) A use-after-free error exists when handling focus events.
13) A read-after-free error exists within script bindings.
SOLUTION: Update to version 18.0.1025.151.
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2, 4, 5, 11, 12) miaubiz 3, 8) Sergey Glazunov 6) SkyLined, Google Chrome Security Team 7) pa_kt via ZDI 9) Arthur Gerkis 10) Slawomir Blazek 13) Inferno, Google Chrome Security Team
ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201204-03
http://security.gentoo.org/
Severity: Normal Title: Chromium: Multiple vulnerabilities Date: April 10, 2012 Bugs: #410963 ID: 201204-03
Synopsis
Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code.
Background
Chromium is an open source web browser project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 18.0.1025.151 >= 18.0.1025.151
Description
Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details.
Impact
A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, or bypass of the same origin policy.
Workaround
There is no known workaround at this time.
Resolution
All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-18.0.1025.151"
References
[ 1 ] CVE-2011-3066 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3066 [ 2 ] CVE-2011-3067 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3067 [ 3 ] CVE-2011-3068 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3068 [ 4 ] CVE-2011-3069 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3069 [ 5 ] CVE-2011-3070 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3070 [ 6 ] CVE-2011-3071 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3071 [ 7 ] CVE-2011-3072 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3072 [ 8 ] CVE-2011-3073 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3073 [ 9 ] CVE-2011-3074 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3074 [ 10 ] CVE-2011-3075 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3075 [ 11 ] CVE-2011-3076 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3076 [ 12 ] CVE-2011-3077 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3077 [ 13 ] Release Notes 18.0.1025.151
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-= updates.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201204-03.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0089",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "chrome",
"scope": "lt",
"trust": 1.8,
"vendor": "google",
"version": "18.0.1025.151"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.8,
"vendor": "apple",
"version": "10.7"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "6.0"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "6.0"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6 (iphone 3gs or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6 (ipod touch first 4 after generation )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.0 (mac os)"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "3.0.190.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "6.0.408.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "2.0.172.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "5.0.375.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "2.0.172.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "3.0.182.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "5.0.375.70"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "5.0.375.69"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "2.0.172.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "5.0.356.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.83"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.100"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.43"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.204"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.128"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.127"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.142"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.91275"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.96379"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.112"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.71"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.91"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.78"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "chrome",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.151"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.107"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.120"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.77"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.96365"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.672.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.121"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.163"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.77"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.112"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874102"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.133"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.215"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.205"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.186"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.63"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.202"
}
],
"sources": [
{
"db": "BID",
"id": "52913"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002018"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-085"
},
{
"db": "NVD",
"id": "CVE-2011-3076"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002018"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "miaubiz, Sergey Glazunov, Google Chrome Security Team (SkyLined), pa_kt, Arthur Gerkis, Slawomir Blazek, and Google Chrome Security Team (Inferno).",
"sources": [
{
"db": "BID",
"id": "52913"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3076",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2011-3076",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-3076",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-51021",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3076",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-3076",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201204-085",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-51021",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51021"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002018"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-085"
},
{
"db": "NVD",
"id": "CVE-2011-3076"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling. Google Chrome Is inadequate in focus processing, so it interferes with service operation. (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, and perform cross-origin attacks; other attacks may also be possible. \nNOTE: The issue (described by CVE-2011-3071) has been moved to BID 57027 (Webkit CVE-2011-3071 Remote Code Execution Vulnerability) to better document it. \nVersions prior to Chrome 18.0.1025.151 are vulnerable. Google Chrome is a web browser developed by Google (Google). ============================================================================\nUbuntu Security Notice USN-1617-1\nOctober 25, 2012\n\nwebkit vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n\nSummary:\n\nMultiple security vulnerabilities were fixed in WebKit. \n\nSoftware Description:\n- webkit: Web content engine library for GTK+\n\nDetails:\n\nA large number of security issues were discovered in the WebKit browser and\nJavaScript engines. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n libjavascriptcoregtk-1.0-0 1.8.3-0ubuntu0.12.04.1\n libjavascriptcoregtk-3.0-0 1.8.3-0ubuntu0.12.04.1\n libwebkitgtk-1.0-0 1.8.3-0ubuntu0.12.04.1\n libwebkitgtk-3.0-0 1.8.3-0ubuntu0.12.04.1\n\nAfter a standard system update you need to restart your session to make all\nthe necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-1617-1\n CVE-2011-3031, CVE-2011-3038, CVE-2011-3042, CVE-2011-3043,\n CVE-2011-3044, CVE-2011-3051, CVE-2011-3053, CVE-2011-3059,\n CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3076,\n CVE-2011-3081, CVE-2011-3086, CVE-2011-3090, CVE-2012-1521,\n CVE-2012-3598, CVE-2012-3601, CVE-2012-3604, CVE-2012-3611,\n CVE-2012-3612, CVE-2012-3617, CVE-2012-3625, CVE-2012-3626,\n CVE-2012-3627, CVE-2012-3628, CVE-2012-3645, CVE-2012-3652,\n CVE-2012-3657, CVE-2012-3669, CVE-2012-3670, CVE-2012-3671,\n CVE-2012-3672, CVE-2012-3674, CVE-2012-3674, https://launchpad.net/bugs/1058339\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/webkit/1.8.3-0ubuntu0.12.04.1\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-09-12-1 iTunes 10.7\n\niTunes 10.7 is now available and addresses the following:\n\nWebKit\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in WebKit. \nThese issues are addressed through improved memory handling. \nCVE-ID\nCVE-2011-3016 : miaubiz\nCVE-2011-3021 : Arthur Gerkis\nCVE-2011-3027 : miaubiz\nCVE-2011-3032 : Arthur Gerkis\nCVE-2011-3034 : Arthur Gerkis\nCVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur\nGerkis\nCVE-2011-3036 : miaubiz\nCVE-2011-3037 : miaubiz\nCVE-2011-3038 : miaubiz\nCVE-2011-3039 : miaubiz\nCVE-2011-3040 : miaubiz\nCVE-2011-3041 : miaubiz\nCVE-2011-3042 : miaubiz\nCVE-2011-3043 : miaubiz\nCVE-2011-3044 : Arthur Gerkis\nCVE-2011-3050 : miaubiz\nCVE-2011-3053 : miaubiz\nCVE-2011-3059 : Arthur Gerkis\nCVE-2011-3060 : miaubiz\nCVE-2011-3064 : Atte Kettunen of OUSPG\nCVE-2011-3068 : miaubiz\nCVE-2011-3069 : miaubiz\nCVE-2011-3071 : pa_kt working with HP\u0027s Zero Day Initiative\nCVE-2011-3073 : Arthur Gerkis\nCVE-2011-3074 : Slawomir Blazek\nCVE-2011-3075 : miaubiz\nCVE-2011-3076 : miaubiz\nCVE-2011-3078 : Martin Barbella of the Google Chrome Security Team\nCVE-2011-3081 : miaubiz\nCVE-2011-3086 : Arthur Gerkis\nCVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz\nCVE-2011-3090 : Arthur Gerkis\nCVE-2011-3105 : miaubiz\nCVE-2011-3913 : Arthur Gerkis\nCVE-2011-3924 : Arthur Gerkis\nCVE-2011-3926 : Arthur Gerkis\nCVE-2011-3958 : miaubiz\nCVE-2011-3966 : Aki Helin of OUSPG\nCVE-2011-3968 : Arthur Gerkis\nCVE-2011-3969 : Arthur Gerkis\nCVE-2011-3971 : Arthur Gerkis\nCVE-2012-0682 : Apple Product Security\nCVE-2012-0683 : Dave Mandelin of Mozilla\nCVE-2012-1520 : Martin Barbella of the Google Chrome Security Team\nusing AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com\nworking with iDefense VCP\nCVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A. \nVazquez of spa-s3c.blogspot.com working with iDefense VCP\nCVE-2012-2817 : miaubiz\nCVE-2012-2818 : miaubiz\nCVE-2012-2829 : miaubiz\nCVE-2012-2831 : miaubiz\nCVE-2012-2842 : miaubiz\nCVE-2012-2843 : miaubiz\nCVE-2012-3589 : Dave Mandelin of Mozilla\nCVE-2012-3590 : Apple Product Security\nCVE-2012-3591 : Apple Product Security\nCVE-2012-3592 : Apple Product Security\nCVE-2012-3593 : Apple Product Security\nCVE-2012-3594 : miaubiz\nCVE-2012-3595 : Martin Barbella of Google Chrome Security\nCVE-2012-3596 : Skylined of the Google Chrome Security Team\nCVE-2012-3597 : Abhishek Arya of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3598 : Apple Product Security\nCVE-2012-3599 : Abhishek Arya of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3600 : David Levin of the Chromium development community\nCVE-2012-3601 : Martin Barbella of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3602 : miaubiz\nCVE-2012-3603 : Apple Product Security\nCVE-2012-3604 : Skylined of the Google Chrome Security Team\nCVE-2012-3605 : Cris Neckar of the Google Chrome Security team\nCVE-2012-3606 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3607 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3608 : Skylined of the Google Chrome Security Team\nCVE-2012-3609 : Skylined of the Google Chrome Security Team\nCVE-2012-3610 : Skylined of the Google Chrome Security Team\nCVE-2012-3611 : Apple Product Security\nCVE-2012-3612 : Skylined of the Google Chrome Security Team\nCVE-2012-3613 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3614 : Yong Li of Research In Motion, Inc. \nCVE-2012-3615 : Stephen Chenney of the Chromium development community\nCVE-2012-3616 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3617 : Apple Product Security\nCVE-2012-3618 : Abhishek Arya of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3620 : Abhishek Arya of Google Chrome Security Team\nCVE-2012-3621 : Skylined of the Google Chrome Security Team\nCVE-2012-3622 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3623 : Skylined of the Google Chrome Security Team\nCVE-2012-3624 : Skylined of the Google Chrome Security Team\nCVE-2012-3625 : Skylined of Google Chrome Security Team\nCVE-2012-3626 : Apple Product Security\nCVE-2012-3627 : Skylined and Abhishek Arya of Google Chrome Security\nteam\nCVE-2012-3628 : Apple Product Security\nCVE-2012-3629 : Abhishek Arya of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3630 : Abhishek Arya of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3631 : Abhishek Arya of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3632 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3633 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3634 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3635 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3636 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3637 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3638 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3639 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3640 : miaubiz\nCVE-2012-3641 : Slawomir Blazek\nCVE-2012-3642 : miaubiz\nCVE-2012-3643 : Skylined of the Google Chrome Security Team\nCVE-2012-3644 : miaubiz\nCVE-2012-3645 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3646 : Julien Chaffraix of the Chromium development\ncommunity, Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3647 : Skylined of the Google Chrome Security Team\nCVE-2012-3648 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3649 : Dominic Cooney of Google and Martin Barbella of the\nGoogle Chrome Security Team\nCVE-2012-3651 : Abhishek Arya and Martin Barbella of the Google\nChrome Security Team\nCVE-2012-3652 : Martin Barbella of Google Chrome Security Team\nCVE-2012-3653 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3654 : Skylined of the Google Chrome Security Team\nCVE-2012-3655 : Skylined of the Google Chrome Security Team\nCVE-2012-3656 : Abhishek Arya of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3657 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3658 : Apple\nCVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya\nof the Google Chrome Security Team using AddressSanitizer\nCVE-2012-3660 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3661 : Apple Product Security\nCVE-2012-3663 : Skylined of Google Chrome Security Team\nCVE-2012-3664 : Thomas Sepez of the Chromium development community\nCVE-2012-3665 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3666 : Apple\nCVE-2012-3667 : Trevor Squires of propaneapp.com\nCVE-2012-3668 : Apple Product Security\nCVE-2012-3669 : Apple Product Security\nCVE-2012-3670 : Abhishek Arya of Google Chrome Security Team using\nAddressSanitizer, Arthur Gerkis\nCVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome\nSecurity Team\nCVE-2012-3672 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3673 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3674 : Skylined of Google Chrome Security Team\nCVE-2012-3675 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3676 : Julien Chaffraix of the Chromium development\ncommunity\nCVE-2012-3677 : Apple\nCVE-2012-3678 : Apple Product Security\nCVE-2012-3679 : Chris Leary of Mozilla\nCVE-2012-3680 : Skylined of Google Chrome Security Team\nCVE-2012-3681 : Apple\nCVE-2012-3682 : Adam Barth of the Google Chrome Security Team\nCVE-2012-3683 : wushi of team509 working with iDefense VCP\nCVE-2012-3684 : kuzzcc\nCVE-2012-3685 : Apple Product Security\nCVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)\nCVE-2012-3687 : kuzzcc\nCVE-2012-3688 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3692 : Skylined of the Google Chrome Security Team, Apple\nProduct Security\nCVE-2012-3699 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3700 : Apple Product Security\nCVE-2012-3701 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3702 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3703 : Apple Product Security\nCVE-2012-3704 : Skylined of the Google Chrome Security Team\nCVE-2012-3705 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3706 : Apple Product Security\nCVE-2012-3707 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3708 : Apple\nCVE-2012-3709 : Apple Product Security\nCVE-2012-3710 : James Robinson of Google\nCVE-2012-3711 : Skylined of the Google Chrome Security Team\nCVE-2012-3712 : Abhishek Arya of the Google Chrome Security Team\nusing AddressSanitizer\n\niTunes 10.7 may be obtained from:\nhttp://www.apple.com/itunes/download/\n\nFor Windows XP / Vista / Windows 7:\nThe download file is named: \"iTunesSetup.exe\"\nIts SHA-1 digest is: 499c39aad4a05c76286e3159f4e1e081dab8fe86\n\nFor 64-bit Windows XP / Vista / Windows 7:\nThe download file is named: \"iTunes64Setup.exe\"\nIts SHA-1 digest is: c632854371097edbf3d831f7f2d449297d9f988e\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJQUMRFAAoJEPefwLHPlZEwmlsP/2mlVZEsRtFPk3k/mkYyj8gs\n4j8VH6D5PNk7cR5S65L0BRM6ijmvGJ1J5WyKxdK55BtZ2gd1vGjmpruSMVptDIzF\nJkRQKV8koK/kqUIGI679borf8qv9hK0eFsoO8cVfGfA3LoRB94DlKl9UGhZpQjIt\nbKS2hsNvDO1EWaoVFZeJw6wxx37zp8XdIuneoNsEPgECJywfMtncQT1MDE0deP5D\n79vb3ds44CpCV2ltdwni5n43sUmGalCyMLkuR8GkUUQ7hd631cSOXK1mw39w6CY+\nkM8lpczoW8s116E44GeGSu5rrYgOfthJPO0yUolB/kdjoccEri802YLq84Y2FV9u\nc0T2BWMjmcoCEfuhT1JW6dL8FXTQGrQz/DvQlIzkzUf3KHVuu0pfc0V4bG202c2h\nzGnHNsZOY38wAFwHbISBs0BM78/G2fJeOaXil2eUu1F8ChZOw4+KqQYee9lUgM1u\nFBamxVVi5bzc4qj+EraLQS0X1gehKX3Riq6SwF6L7uOw0oSHTUwrqoiJq9s6CtGd\n7YdxNQAugTScCWW0dCLajg5M4lW1pudOgIU1VfTnGYvqGTMsLCRL5WtJ69anQzWv\n7pi898e8Wn7Iw1y3CTkoZZZNg9yD5ZvYf7FkIqEVj8ksmGliDC/O988KVg/dWQ7F\nHUcSouao5FGpzuLJSdhc\n=l7aG\n-----END PGP SIGNATURE-----\n. This fixes multiple\nvulnerabilities, where some have unknown impacts while others can be\nexploited by malicious people to bypass certain security restrictions\nand compromise a user\u0027s system. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nGoogle Chrome Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA48732\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48732/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48732\n\nRELEASE DATE:\n2012-04-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48732/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48732/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48732\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Google Chrome where\nsome have unknown impacts while others can be exploited by malicious\npeople to bypass certain security restrictions and compromise a\nuser\u0027s system. \n\n1) Two unspecified errors in Flash Player can be exploited to corrupt\nmemory in the Chrome interface. \n\n2) An out-of-bounds read error exists when handling Skia clipping. \n\n3) An error exists within the cross-origin policy when handling\niframe replacement. \n\n4) A use-after-free error exists when handling run-ins. \n\n5) A use-after-free error exists when handling line boxes. \n\n6) A use-after-free error exits when handling v8 bindings. \n\n7) A use-after-free error exits when handling HTMLMediaElement. \n\n8) An error exists within the cross-origin policy when parenting\npop-up windows. \n\n9) A use-after-free error exists when handling SVG resources. \n\n10) A use-after-free error exists when handling media content. \n\n11) A use-after-free error exists when applying style commands. \n\n12) A use-after-free error exists when handling focus events. \n\n13) A read-after-free error exists within script bindings. \n\nSOLUTION:\nUpdate to version 18.0.1025.151. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n2, 4, 5, 11, 12) miaubiz\n3, 8) Sergey Glazunov\n6) SkyLined, Google Chrome Security Team\n7) pa_kt via ZDI\n9) Arthur Gerkis\n10) Slawomir Blazek\n13) Inferno, Google Chrome Security Team\n\nORIGINAL ADVISORY:\nhttp://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201204-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Chromium: Multiple vulnerabilities\n Date: April 10, 2012\n Bugs: #410963\n ID: 201204-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been reported in Chromium, some of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nChromium is an open source web browser project. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/chromium \u003c 18.0.1025.151 \u003e= 18.0.1025.151\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Chromium. Please\nreview the CVE identifiers and release notes referenced below for\ndetails. \n\nImpact\n======\n\nA remote attacker could entice a user to open a specially crafted web\nsite using Chromium, possibly resulting in the execution of arbitrary\ncode with the privileges of the process, a Denial of Service condition,\nor bypass of the same origin policy. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-client/chromium-18.0.1025.151\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-3066\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3066\n[ 2 ] CVE-2011-3067\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3067\n[ 3 ] CVE-2011-3068\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3068\n[ 4 ] CVE-2011-3069\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3069\n[ 5 ] CVE-2011-3070\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3070\n[ 6 ] CVE-2011-3071\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3071\n[ 7 ] CVE-2011-3072\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3072\n[ 8 ] CVE-2011-3073\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3073\n[ 9 ] CVE-2011-3074\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3074\n[ 10 ] CVE-2011-3075\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3075\n[ 11 ] CVE-2011-3076\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3076\n[ 12 ] CVE-2011-3077\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3077\n[ 13 ] Release Notes 18.0.1025.151\n\nhttp://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-=\nupdates.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201204-03.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3076"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002018"
},
{
"db": "BID",
"id": "52913"
},
{
"db": "VULHUB",
"id": "VHN-51021"
},
{
"db": "PACKETSTORM",
"id": "117673"
},
{
"db": "PACKETSTORM",
"id": "116534"
},
{
"db": "PACKETSTORM",
"id": "111773"
},
{
"db": "PACKETSTORM",
"id": "111642"
},
{
"db": "PACKETSTORM",
"id": "111738"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3076",
"trust": 3.1
},
{
"db": "BID",
"id": "52913",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "48732",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "48749",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1026892",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002018",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201204-085",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-51021",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "117673",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116534",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111773",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111642",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111738",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51021"
},
{
"db": "BID",
"id": "52913"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002018"
},
{
"db": "PACKETSTORM",
"id": "117673"
},
{
"db": "PACKETSTORM",
"id": "116534"
},
{
"db": "PACKETSTORM",
"id": "111773"
},
{
"db": "PACKETSTORM",
"id": "111642"
},
{
"db": "PACKETSTORM",
"id": "111738"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-085"
},
{
"db": "NVD",
"id": "CVE-2011-3076"
}
]
},
"id": "VAR-201204-0089",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-51021"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:22:49.046000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT5400",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5400"
},
{
"title": "HT5503",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5503"
},
{
"title": "HT5485",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5485"
},
{
"title": "HT5400",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5400?viewlocale=ja_JP"
},
{
"title": "HT5503",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5503?viewlocale=ja_JP"
},
{
"title": "HT5485",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5485?viewlocale=ja_JP"
},
{
"title": "Stable and Beta Channel Updates",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/2012/04/stable-and-beta-channel-updates.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja\u0026hl=ja"
},
{
"title": "Google Chrome Remediation measures for releasing exploits",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114608"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002018"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-085"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51021"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002018"
},
{
"db": "NVD",
"id": "CVE-2011-3076"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-201204-03.xml"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2012/jul/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/52913"
},
{
"trust": 1.7,
"url": "http://code.google.com/p/chromium/issues/detail?id=120037"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht5400"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht5485"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht5503"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15172"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1026892"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48732"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48749"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74636"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3076"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3076"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu624491/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu864819/"
},
{
"trust": 0.3,
"url": "http://www.google.com/chrome"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3076"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3059"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3067"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3038"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3064"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3043"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3044"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3053"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3074"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3075"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3071"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3068"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3069"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3073"
},
{
"trust": 0.2,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3625"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3051"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1617-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3598"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3031"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3090"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1058339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3626"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1521"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3601"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3081"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3617"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit/1.8.3-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3612"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3035"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3078"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3041"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3021"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3040"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3037"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3039"
},
{
"trust": 0.1,
"url": "http://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48749/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48749/"
},
{
"trust": 0.1,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201204-03.xml"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48749"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48732/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48732"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48732/"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3071"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3066"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3072"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3073"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3070"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3075"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3074"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3077"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3077"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3072"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3066"
},
{
"trust": 0.1,
"url": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-="
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3069"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3067"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3068"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51021"
},
{
"db": "BID",
"id": "52913"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002018"
},
{
"db": "PACKETSTORM",
"id": "117673"
},
{
"db": "PACKETSTORM",
"id": "116534"
},
{
"db": "PACKETSTORM",
"id": "111773"
},
{
"db": "PACKETSTORM",
"id": "111642"
},
{
"db": "PACKETSTORM",
"id": "111738"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-085"
},
{
"db": "NVD",
"id": "CVE-2011-3076"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-51021"
},
{
"db": "BID",
"id": "52913"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002018"
},
{
"db": "PACKETSTORM",
"id": "117673"
},
{
"db": "PACKETSTORM",
"id": "116534"
},
{
"db": "PACKETSTORM",
"id": "111773"
},
{
"db": "PACKETSTORM",
"id": "111642"
},
{
"db": "PACKETSTORM",
"id": "111738"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-085"
},
{
"db": "NVD",
"id": "CVE-2011-3076"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-51021"
},
{
"date": "2012-04-05T00:00:00",
"db": "BID",
"id": "52913"
},
{
"date": "2012-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002018"
},
{
"date": "2012-10-25T20:48:27",
"db": "PACKETSTORM",
"id": "117673"
},
{
"date": "2012-09-14T02:13:11",
"db": "PACKETSTORM",
"id": "116534"
},
{
"date": "2012-04-11T07:10:07",
"db": "PACKETSTORM",
"id": "111773"
},
{
"date": "2012-04-06T04:58:48",
"db": "PACKETSTORM",
"id": "111642"
},
{
"date": "2012-04-11T14:21:31",
"db": "PACKETSTORM",
"id": "111738"
},
{
"date": "2010-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-085"
},
{
"date": "2012-04-05T22:02:08.043000",
"db": "NVD",
"id": "CVE-2011-3076"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-51021"
},
{
"date": "2012-12-21T15:00:00",
"db": "BID",
"id": "52913"
},
{
"date": "2013-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002018"
},
{
"date": "2020-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-085"
},
{
"date": "2024-11-21T01:29:40.200000",
"db": "NVD",
"id": "CVE-2011-3076"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "117673"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-085"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002018"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-085"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.