NotCVE - vendor:"Apple" product:"Safari" version:"4.0"

Page 246 of 1245 results (0.024 seconds)

CVSS: 5.8EPSS: 0%CPEs: 34EXPL: 1

CVE-2009-1693

https://notcve.org/view.php?id=CVE-2009-1693

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos leer imágenes desde sitios Web de su elección a través de un elemento CANVAS con una imagen SVG, relativo a "Característica de captura de imagen en sitio cruzado". • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55004 http://secunia.com/advisories/35379 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.debian.org/security/2009/dsa-1950 http:/&#x •

CVSS: 9.3EPSS: 2%CPEs: 34EXPL: 1

CVE-2009-1687 – kdelibs: Integer overflow in KJS JavaScript garbage collector

https://notcve.org/view.php?id=CVE-2009-1687

The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." El JavaScript garbage collector en WebKit en Apple Safari anteriores a v4.0 no maneja adecuadamente la localización de fallos, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (consumo de memoria y caída de aplicación) a través de un documento HTML manipulado que lanza acceso de escritura a un "offset de un puntero NULL". • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54985 http://secunia.com/advisories/35379 http://secunia.com/advisories/36057 http://secunia.com/advisories/36062 http://secunia.com/advisories/36790 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://securitytracker.com&# • CWE-190: Integer Overflow or Wraparound CWE-399: Resource Management Errors •

CVSS: 5.8EPSS: 0%CPEs: 34EXPL: 0

CVE-2009-1694

https://notcve.org/view.php?id=CVE-2009-1694

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." WebKit en Apple Safari anterior a v4.0 no redirecciona correctamente, lo que permite a atacantes remotos leer las imágenes de sitios web a su eleccion a traves de vectores relacionados al elemento CANVAS y redirección, relacionado con una "incidencia de captura de imagen de sitios cruzados." • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55005 http://secunia.com/advisories/35379 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.debian.org/security/2009/dsa-1950 http:/&#x •

CVSS: 4.3EPSS: 11%CPEs: 34EXPL: 2

CVE-2009-1684 – WebKit - JavaScript 'onload()' Event Cross Domain Scripting

https://notcve.org/view.php?id=CVE-2009-1684

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores a v4.0, permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través de un procesador de evento que lanza la ejecución de una secuencia de comandos en el contexto del próximo documento cargado. • https://www.exploit-db.com/exploits/33033 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54987 http://secunia.com/advisories/35379 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022344 http://support.apple.com/kb/HT3613 http://support • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 1

CVE-2009-1688

https://notcve.org/view.php?id=CVE-2009-1688

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores a v4.0 permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través de vectores relativos a determinados contextos de seguridad un desarrollo que no es el "método estándar HTML 5". • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54986 http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022344 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35260 http://www.sec • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...244 245 246 247 248