Page 238 of 1334 results (0.017 seconds)

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2010-0044

https://notcve.org/view.php?id=CVE-2010-0044

PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. PubSub en Apple Safari anterior a v 4.0.5 no implementa adecuadamente las preferencias de uso para aceptar y rechazar cookies, lo que facilita a servidores web remotos seguir las preferencias de usuario (tracking) estableciendo una cookie en un (1) RSS o (2) Atom feed. • http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://osvdb.org/62937 http://support.apple.com/kb/HT4070 http://www.securityfocus.com/bid/38671 http://www.securityfocus.com/bid/38675 https://exchange.xforce.ibmcloud.com/vulnerabilities/56830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7051 • CWE-16: Configuration •

CVSS: 9.3EPSS: 3%CPEs: 7EXPL: 0

CVE-2010-0043

https://notcve.org/view.php?id=CVE-2010-0043

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. ImageIO en Apple Safari en versiones anteriores a la v4.0.5 en Windows permite a usuarios remotos ejecutar comandos de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de una imagen TIFF modificada. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://secunia.com/advisories/39135 http://support.apple.com/kb/HT4070 http://support.apple.com/kb/HT4077 http://support.apple.com/kb/HT4105 http://support.apple.com/kb/HT4225 http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 2%CPEs: 7EXPL: 0

CVE-2010-0040

https://notcve.org/view.php?id=CVE-2010-0040

Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. Desbordamiento de entero en ColorSync en Apple Safari anterior a 4.0.5 sobre Windows, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una imagen con un perfil de color manipulado que provoca un desbordamiento de búfer basado en memoria dinámica (heap). • http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://secunia.com/advisories/39135 http://support.apple.com/kb/HT4070 http://support.apple.com/kb/HT4105 http://www.securityfocus.com/bid/38671 http://www.securityfocus.com/bid/38674 http://www.securitytracker.com/id?1023706 https://exchange.xforce.ibmcloud.com/vulnerabilities/56826 https://oval.cisecurity.org/repository/search/definition& • CWE-189: Numeric Errors •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2010-0651

https://notcve.org/view.php?id=CVE-2010-0651

WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. WebKit anterior a versión r52784, tal como es usado en Google Chrome anterior a versión 4.0.249.78 y Apple Safari anterior a versión 4.0.5, permite la carga de hojas de estilos CSS de origen cruzado, incluso cuando la descarga de hojas de estilo tiene un tipo MIME incorrecto y el documento de hojas de estilo está malformado, lo que permite a los atacantes remotos obtener información confidencial por medio de un documento especialmente diseñado. • http://code.google.com/p/chromium/issues/detail?id=9877 http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://securitytracker.com/id?1023506 http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs http: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 69EXPL: 0

CVE-2009-2841

https://notcve.org/view.php?id=CVE-2009-2841

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202. WebKit en Apple Safari en versiones anteriores a la 4.0.4 en Mac OS X no realiza las devoluciones de llamada esperadas para elementos multimedia HTML 5 que tienen URLs externas para recursos multimedia, lo que permite a atacantes remotos disparar peticiones a sitios web de su elección mediante un documento HTML manipulado, tal como se ha demostrado por un mensaje de correo electrónico HTML que usa un elemento multimedia para la funcionalidad X-Confirm-Reading-To. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/59941 http://secunia.com/advisories/37346 http://secunia.com/advisories/40557 http://secunia.com/ •