Page 230 of 1254 results (0.018 seconds)

CVSS: 5.0EPSS: 0%CPEs: 74EXPL: 0

CVE-2010-1413

https://notcve.org/view.php?id=CVE-2010-1413

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, envía las credenciales NTLM sin cifrar en circunstancias sin especificar, lo cual permite a atacantes "hombre-en-el-medio" (man-in-the-middle) obtener información sensible a través de vectores sin especificar. • http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024067 http://support.apple.com/kb/HT4196 http://support.apple.com/kb/HT4225 http://www.securityfocus.com/bid/40620 http://www.securityfocus.com/bid/40733 http • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 74EXPL: 0

CVE-2010-1394

https://notcve.org/view.php?id=CVE-2010-1394

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) in WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a los atacantes remotos inyectar a su lección código web o HTML a través de vectores involucrados con fragmentos de documentos HTML. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024067 http://supp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 74EXPL: 0

CVE-2010-1390

https://notcve.org/view.php?id=CVE-2010-1390

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a los atacantes remotos inyectar a su elección código web o HTML a través de vectores relacionados con una incorrecta canonización UTF-7, y no cerrar una cadena entrecomillada en un documento HTML. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024067 http://supp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 74EXPL: 0

CVE-2010-1393

https://notcve.org/view.php?id=CVE-2010-1393

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. La implementación de hojas de estilo en cascada (CSS) en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a los atacantes remotos descubrir URLs sensibles a través del atributo HREF asociado a una redirección URL. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024067 http://supp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 4%CPEs: 74EXPL: 0

CVE-2010-1417

https://notcve.org/view.php?id=CVE-2010-1417

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors. La implementación de las Hojas de estilo en cascada (CSS) en Webkit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior v4.1 en Mac OS X v10.4, permite a los atacantes remotos ejecutar código a su elección o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de contenido HTML que contiene múltiples :after pseudo-selectors. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http://sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •