Page 181 of 1392 results (0.005 seconds)

CVSS: 7.5EPSS: 26%CPEs: 111EXPL: 1

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. Una condición de carrera en WebKit de Apple iOS antes de v6.0.1 y Safari antes de v6.0.2 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de la aplicación) a través de vectores relacionados con las matrices en JavaScript. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Array objects. When splicing a sparse array, the size of a sparse array is not properly validated. • https://www.exploit-db.com/exploits/28081 http://archives.neohapsis.com/archives/bugtraq/2012-11/0012.html http://archives.neohapsis.com/archives/bugtraq/2012-11/0013.html http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2012/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00003.html http://secunia.com/advisories/51445 http://support.apple.com/kb/HT5567 http://support.apple.co • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0

The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site. La característica Form Autofill en Apple Safari anteriores a v6.0.1 no restringen los campos rellenados al grupo de los campos que contiene el autorellenado, lo que permite a los atacantes remotos a obtener la tarjeta Me desde la Address Book a través de una sitio Web manipulado. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html http://osvdb.org/85653 http://support.apple.com/kb/HT5502 http://www.securityfocus.com/bid/55625 https://exchange.xforce.ibmcloud.com/vulnerabilities/78681 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0

Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document. Apple Safari anterior a v6.0.1 no maneja adecuadamente el atributo Quarantine de los documentos HTML, lo que permite a atacantes remotos asistidos por el usuario leer archivos de su elección aprovechando la presencia de un documento descargado. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html http://osvdb.org/85652 http://support.apple.com/kb/HT5502 http://www.securityfocus.com/bid/55624 https://exchange.xforce.ibmcloud.com/vulnerabilities/78679 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0

Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network. Apple Safari antes de v6.0.1 hace peticiones http para URIs https en determinadas circunstacionas relacionadas con un "pegado" en la barra de direcciones, lo que permite obtener información sensible a atacantes remotos con cierta ayuda de un usuario local capturando tráfico de red. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html http://osvdb.org/85655 http://support.apple.com/kb/HT5502 http://www.securityfocus.com/bid/55626 https://exchange.xforce.ibmcloud.com/vulnerabilities/78680 • CWE-310: Cryptographic Issues •

CVSS: 9.3EPSS: 3%CPEs: 102EXPL: 0

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. WebKit, como se usa en Apple Safari antes de v6.0, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web modificado, una vulnerabilidad diferente a otros CVE del WebKit APPLE-SA-2012-07-25-1. • http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5400 http://support.apple.com/kb/HT5485 http://support.apple.com/kb/HT5503 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •