Page 224 of 1354 results (0.011 seconds)

CVSS: 10.0EPSS: 5%CPEs: 8EXPL: 0

CVE-2010-3116 – webkit: memory corruption with MIME types

https://notcve.org/view.php?id=CVE-2010-3116

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins. Google Chrome anterior a v5.0.375.127 no procesa correctamente los tipos MIME, lo que podría permitir a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto mediante vectores desconocidos • http://code.google.com/p/chromium/issues/detail?id=50515 http://code.google.com/p/chromium/issues/detail?id=51835 http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 • CWE-416: Use After Free •

CVSS: 10.0EPSS: 14%CPEs: 78EXPL: 0

CVE-2010-1787 – Apple Webkit SVG Floating Text Element Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-1787

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document. WebKit de Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores a la v4.1.1 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de elemento flotante en un documento SVG. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's process for handling floating elements within an SVG document. During layout of the element, the application will mismanage references to the floating element. • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 4%CPEs: 78EXPL: 0

CVE-2010-1790 – WebKit: multiple vulnerabilities in WebKitGTK

https://notcve.org/view.php?id=CVE-2010-1790

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue." WebKit de Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores a la v4.1.1 en Mac OS X v10.4, no gestiona adecuadamente los códigos JavaScript compilados "just-in-time" (JIT), lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de un documento HTML modificado, relacionado con un asunto de re-ejecución. • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://secunia.com/advisories/43086 http://support.apple.com/kb/HT4276 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.redhat.com/support/errata/RHSA-2011-0177.html&# •

CVSS: 4.3EPSS: 0%CPEs: 78EXPL: 0

CVE-2010-1778

https://notcve.org/view.php?id=CVE-2010-1778

Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta la v10.6 y en Windows, y anteriores a la v4.1.1 en Mac OS X 10.4, permiten a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de un feed RSS. • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html http://support.apple.com/kb/HT4276 http://www.securityfocus.com/bid/42020 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11639 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 9%CPEs: 78EXPL: 0

CVE-2010-1792 – WebKit: multiple vulnerabilities in WebKitGTK

https://notcve.org/view.php?id=CVE-2010-1792

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression. WebKit de Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores a la v4.1.1 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de una expresión regular modificada. • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://secunia.com/advisories/43086 http://support.apple.com/kb/HT4276 http://support.apple.com/kb/HT4564 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •