Page 155 of 777 results (0.010 seconds)

CVSS: 6.8EPSS: 3%CPEs: 21EXPL: 0

CVE-2015-1154

https://notcve.org/view.php?id=CVE-2015-1154

WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153. WebKit, utilizado en Apple Safari anterior a 6.2.6, 7.x anterior a 7.1.6, y 8.x anterior a 8.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de memoria (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a CVE-2015-1152 y CVE-2015-1153. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://lists.apple.com/archives/security-announce/2015/May/msg00000.html http://www.securityfocus.com/bid/74526 http://www.securitytracker.com/id/1032270 https://support.apple.com/HT204826 https://support.apple.com/kb/HT204949 •

CVSS: 7.1EPSS: 0%CPEs: 81EXPL: 0

CVE-2009-2200

https://notcve.org/view.php?id=CVE-2009-2200

WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. WebKit en Apple Safari anteriores a v4.0.3 no restringe apropiadamente el esquema URL del atributo pluginspage de un elemento EMBED, lo que permite a los atacantes remotos asistidos por usuarios lanzar un archivo arbitrario: URLs y obtener información sensible a través de un documento HTML manipulado. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3733 http://www.securityfocus.com/bid/36024 http://www.securitytracker.com/id?1022720 http://www.vupen.com/english/advisories/2011/0212 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 90%CPEs: 81EXPL: 1

CVE-2009-2195 – WebKit - Floating Point Number Remote Buffer Overflow

https://notcve.org/view.php?id=CVE-2009-2195

Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers. Desbordamiento de búfer en WebKit en Apple Safari anteriores a v4.0.3, permite a los atacantes remotos ejecutar arbitrariamente código o causar una denegación de servicio (caída de la aplicación) a través de un número punto-flotante manipulado. • https://www.exploit-db.com/exploits/33164 http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3733 http://support.apple.com/kb/HT4225 http://www.securityfocus.com/bid/36023 http://www.securitytracker.com/id?1022717 http://www.vupen.com/english/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 5%CPEs: 25EXPL: 0

CVE-2006-1552

https://notcve.org/view.php?id=CVE-2006-1552

Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom". • http://drunkenblog.com/drunkenblog-archives/000760.html http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://secunia.com/advisories/20077 http://www.osvdb.org/25597 http://www.securityfocus.com/bid/17321 http://www.securityfocus.com/bid/17951 http://www.us-cert.gov/cas/techalerts/TA06-132A.html http://www.vupen.com/english/advisories/2006/1779 https://exchange.xforce.ibmcloud.com/vulnerabilities/26412 • CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0

CVE-2004-1314

https://notcve.org/view.php?id=CVE-2004-1314

Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122. • http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html http://secunia.com/advisories/13252 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/18397 •