CVE-2010-2301
https://notcve.org/view.php?id=CVE-2010-2301
Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en editing/markup.cpp en WebCore en WebKit en Google Chrome anterior v5.0.375.70 permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores relacionados con la propiedad node.innerHTML del elemento TEXTATREA. NOTA: Esta vulnerabilidad se solapa con CVE-2010-1762. • http://code.google.com/p/chromium/issues/detail?id=43902 http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40072 http://secunia.com/advisories/43068 http://www.vupen.com/english/advisories/2011/0212 https://bugs.webkit.org/show_bug.cgi?id=38922 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11861 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-2302
https://notcve.org/view.php?id=CVE-2010-2302
Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE: this might overlap CVE-2010-1771. Vulnerabilidad de uso después de la liberación (Use-after-free) en WebCore de WebKit de Google Chrome anterior a v5.0.375.70 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente la ejecución de código de su elección a través de vectores que involucran a fuentes remotas en conjunción con los árboles DOM referenciados. También conocido como problema rdar 8007953. NOTA: esto podría coincidir con el CVE-2010-1771. • http://code.google.com/p/chromium/issues/detail?id=44740 http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40072 http://secunia.com/advisories/43068 http://www.vupen.com/english/advisories/2011/0212 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11948 • CWE-416: Use After Free •
CVE-2010-1297 – Adobe Flash Player Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2010-1297
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010. Vulnerabilidad sin especificar en Adobe Flash Player v9.0.x a v9.0.262 y v10.x a v10.0.45.2, y authplay.dl en Adobe Reader y Acrobat v9.x a 9.3.2, permite a atacantes remotos ejecutar código a su elección a través de contenido SWF manipulado, se explota activamente desde Junio de 2010. Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). • https://www.exploit-db.com/exploits/13787 https://www.exploit-db.com/exploits/14853 https://www.exploit-db.com/exploits/16614 https://www.exploit-db.com/exploits/16687 http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com& • CWE-787: Out-of-bounds Write •
CVE-2010-0395 – openoffice.org Execution of Python code when browsing macros
https://notcve.org/view.php?id=CVE-2010-0395
OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed. OpenOffice.org v2.x y v3.0 anterior v3.2.1 permite a atacantes remotos asistidos por usuarios supera las restricciones macro de seguridad de Python y ejecutar código Python de su elección a través de un fichero de texto OpenDocument manipulado lo cual ocasiona la ejecución de código cuando la estructura directorio macro es previsualizada. • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/40070 http://secunia.com/advisories/40084 http://secunia.com/advisories/40104 http://secunia.com/advisories/40107 http://secunia.com/advisories/41818 http:/ •
CVE-2010-1770 – Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1770
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 y Windows, Safari de Apple anterior a versión 4.1 sobre Mac OS X versión 10.4 y Chrome de Google anterior a versión 5.0.375.70, no maneja apropiadamente una transformación de un nodo de texto que tiene el conjunto de caracteres IBM1147, que permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) por medio de un documento HTML especialmente diseñado que contiene un elemento BR, relacionado con un "type checking issue." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Webkit's support of character sets. If the IBM1147 character set is applied to a particular element and that element has a text transformation applied to it, the application will attempt to access an object that doesn't exist in order to perform the transformation. • http://code.google.com/p/chromium/issues/detail?id=43487 http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •