Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2012-03-30	CVE-2011-3058	Cross-Site Scripting vulnerability in Google Chrome Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. network google apple CWE-79	4.3
2012-03-22	CVE-2011-3056	Origin Validation Error vulnerability in Google Chrome Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe." network google opensuse apple CWE-346	6.8
2012-03-22	CVE-2011-3053	USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting. network google apple opensuse CWE-416	6.8
2012-03-22	CVE-2011-3050	USE After Free vulnerability in Google Chrome Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. network google opensuse apple CWE-416	6.8
2012-03-08	CVE-2012-0644	Race Condition vulnerability in Apple Iphone OS Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture. local apple CWE-362	6.9
2012-03-08	CVE-2012-0641	Improper Input Validation vulnerability in Apple Iphone OS CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447. network low complexity apple CWE-20	5.0
2012-03-08	CVE-2012-0608	Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. network apple CWE-119	6.8
2012-03-08	CVE-2012-0590	Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation. network apple CWE-79	4.3
2012-03-08	CVE-2012-0589	Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588. network apple CWE-79	4.3
2012-03-08	CVE-2012-0588	Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589. network apple CWE-79	4.3