NotCVE - vendor:"Apple" product:"Safari" version:"

Page 108 of 1352 results (0.010 seconds)

CVSS: 6.1EPSS: 0%CPEs: 65EXPL: 0

CVE-2011-0169

https://notcve.org/view.php?id=CVE-2011-0169

11 Mar 2011 — WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. WebKit en Apple Safari antes de v5.0.4, cuando el Inspector Web se utiliza, no controla correctamente la propiedad window.console._inspectorCommandLineAPI, que permite a atacantes remotos asistidos por el usuario elu... • http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 65EXPL: 0

CVE-2011-0166

https://notcve.org/view.php?id=CVE-2011-0166

11 Mar 2011 — The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778. La funcionalidad arrastrar y soltar de HTML5 de WebKit en Apple Safari anterior a v5.0.4, permite a atacantes remotos asistidos por el usuario evitar la Same Origin Policy y obtener información sensible a través de vectores relacionados con el... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1

CVE-2011-1188

https://notcve.org/view.php?id=CVE-2011-1188

11 Mar 2011 — Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Google Chrome anterior a v10.0.648.127, no maneja correctamente los nodos de contadores, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=69628 •

CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 1

CVE-2011-1190

https://notcve.org/view.php?id=CVE-2011-1190

11 Mar 2011 — The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." La implementación de Web Workers en Google Chrome anterior a v10.0.648.127 permite a atacantes remotos evitar la "política del mismo origen" (Same Origin Policy) a través de vectores no especificados, relacionados con un "error message leak". • http://code.google.com/p/chromium/issues/detail?id=70336 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0

CVE-2011-1203

https://notcve.org/view.php?id=CVE-2011-1203

11 Mar 2011 — Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Google Chrome anterior a v10.0.648.127 no maneja correctamente cursores SVG, lo que permite a atacantes remotos provocar una denegación de servicio o tener un impacto no especificado a través de vectores desconocidos que dan lugar a un "stale pointer". • http://code.google.com/p/chromium/issues/detail?id=73746 •

CVSS: 8.8EPSS: 3%CPEs: 4EXPL: 0

CVE-2011-1204

https://notcve.org/view.php?id=CVE-2011-1204

11 Mar 2011 — Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document. Google Chrome anterior a v10.0.648.127 no controla correctamente los atributos, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción del árbol DOM) o tener un impacto no especificado a través de un documento hecho a mano. • http://code.google.com/p/chromium/issues/detail?id=74030 • CWE-20: Improper Input Validation •

CVSS: 9.0EPSS: 4%CPEs: 142EXPL: 0

CVE-2011-1344 – WebKit WBR Tag Removal Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2011-1344

10 Mar 2011 — Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. Vulnerabilidad sin especificar en WebKit. Tal como se utiliza en Apple Safari 5.0.4 en Mac OS X 10.6.6, perm... • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 • CWE-399: Resource Management Errors •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2011-1107

https://notcve.org/view.php?id=CVE-2011-1107

01 Mar 2011 — Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors. Vulnerabilidad no especificada en Google Chrome anterior a v9.0.597.107 permite a atacantes remotos falsificar la barra de direcciones a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=54262 •

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

CVE-2011-1109

https://notcve.org/view.php?id=CVE-2011-1109

01 Mar 2011 — Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Google Chrome anterior a v9.0.597.107 no procesa correctamente los nodos en las hojas de estilo en cascada (CSS), lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vect... • http://code.google.com/p/chromium/issues/detail?id=68263 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1

CVE-2011-1114

https://notcve.org/view.php?id=CVE-2011-1114

01 Mar 2011 — Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." Google Chrome anterior a v9.0.597.107 no controla correctamente las tablas, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que dan lugar a un "stale node". • http://code.google.com/p/chromium/issues/detail?id=71114 •

1...106 107 108 109 110