Page 210 of 1393 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 126EXPL: 0

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebKit, como se utiliza en Apple iOS antes de v5 y Safari antes de v5.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que implican ventanas DOM inactivas. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76353 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50088 https://exchange.xforce.ibmcloud.com/vulnerabilities/70564 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 97EXPL: 0

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. Vulnerabilidad de salto de directorio en Apple Safari antes de v5.1.1 permite a atacantes remotos ejecutar código JavaScript de su elección en un contexto de extensiones de Safari a través de una extensión safari manipulada: URL. Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76388 http://support.apple.com/kb/HT5000 https://exchange.xforce.ibmcloud.com/vulnerabilities/70566 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0

Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font." Google Chrome antes de v14.0.835.202 no controla correctamente el texto SVG, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que conducen a una fuente de letra bloqueada. • http://code.google.com/p/chromium/issues/detail?id=95072 http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/48274 http://secunia.com/advisories/48288 http://secunia.com/advisories/48377 http://www.securitytracker.com/id •

CVSS: 6.8EPSS: 2%CPEs: 4EXPL: 0

Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." Google Chrome antes de la v14.0.835.163 no controla correctamente secuencias de señal Cascading Style Sheets (CSS), lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos que conducen a un "stale node." • http://code.google.com/p/chromium/issues/detail?id=92959 http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://osvdb.org/75557 http://secunia.com/advisories/48274 http://secunia.com/advisories/48288 http://secunia.com/advisories/48377 htt • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 6.8EPSS: 7%CPEs: 4EXPL: 0

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing." Vulnerabilidad de uso después de liberación en Google Chrome antes de v14.0.835.163 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con "el manejo del estilo ruby/table." • http://code.google.com/p/chromium/issues/detail?id=92651 http://code.google.com/p/chromium/issues/detail?id=94800 http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://osvdb.org/75556 http://secunia.com/advisories/48274 http://secunia • CWE-416: Use After Free •