Page 175 of 1393 results (0.012 seconds)

CVSS: 6.8EPSS: 1%CPEs: 12EXPL: 0

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. WebKit, utilizado en Apple Safari anterior a 6.1.3 y 7.x anterior a 7.0.3, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-04-01-1. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html https://support.apple.com/kb/HT6537 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access. WebKit, utilizado en Apple Safari anterior a 6.1.3 y 7.x anterior a 7.0.3, no valida debidamente mensajes IPC de WebProcess, lo que permite a atacantes remotos evadir un mecanismo de protección sandbox y leer archivos arbitrarios mediante el aprovechamiento de acceso a WebProcess. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 1%CPEs: 12EXPL: 0

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. WebKit, utilizado en Apple Safari anterior a 6.1.3 y 7.x anterior a 7.0.3, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit CVEs listados en APPLE-SA-2014-04-01-1. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html https://support.apple.com/kb/HT6537 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 13%CPEs: 2EXPL: 0

Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014. Vulnerabilidad no especificada en Apple Safari 7.0.2 en OS X permite a atacantes remotos ejecutar código arbitrario con privilegios root a través de vectores desconocidos, como fue demostrado por Google durante una competición Pwn4Fun en CanSecWest 2014. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of string objects. The issue lies in the joining of strings in an array. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html http://twitter.com/thezdi/statuses/443796547872903168 http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one https://support.apple.com/kb/HT6537 •

CVSS: 10.0EPSS: 27%CPEs: 1EXPL: 3

Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014. Desbordamiento de buffer basado en memoria dinámica en Apple Safari 7.0.2 permite a atacantes remotos ejecutar código arbitrario y evadir un mecanismo de proyección sandbox a través de vectores no especificados, como fue demostrado por Liang Chen durante una competición Pwn2Own en CanSecWest 2014. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CSS rules. The issue lies in the improper handling of CSSSelector elements. • https://www.exploit-db.com/exploits/44200 https://www.exploit-db.com/exploits/44204 https://github.com/RKX1209/CVE-2014-1303 http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html http://twitter.com/thezdi/statuses/444157530139136000 http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two https://support.apple.com/kb/HT6537 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •