Page 250 of 1351 results (0.023 seconds)

CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 1

CVE-2009-1681

https://notcve.org/view.php?id=CVE-2009-1681

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. WebKit en Apple Safari anteriores a v4.0 no previene que páginas web sean cargadas en contenidos de terceros dentro de un "submarco", lo que permite a los atacantes remotos evitar la Política Original Misma y conduce a un ataque de "clickjacking" a través de un documento HTML manipulado. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54981 http://secunia.com/advisories/35379 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.debian.org/security/2009/dsa-1950 http:/&#x •

CVSS: 9.3EPSS: 2%CPEs: 34EXPL: 1

CVE-2009-1687 – kdelibs: Integer overflow in KJS JavaScript garbage collector

https://notcve.org/view.php?id=CVE-2009-1687

The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." El JavaScript garbage collector en WebKit en Apple Safari anteriores a v4.0 no maneja adecuadamente la localización de fallos, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (consumo de memoria y caída de aplicación) a través de un documento HTML manipulado que lanza acceso de escritura a un "offset de un puntero NULL". • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54985 http://secunia.com/advisories/35379 http://secunia.com/advisories/36057 http://secunia.com/advisories/36062 http://secunia.com/advisories/36790 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://securitytracker.com&# • CWE-190: Integer Overflow or Wraparound CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 1

CVE-2009-1682

https://notcve.org/view.php?id=CVE-2009-1682

Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. Apple Safari antes de v4.0 no comprueba adecuadamente la revocación de certificados Extended Validation (EV), lo cual hace más fácil a atacantes remotos engañar a un usuario para aceptar un certificado no válido. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://osvdb.org/54982 http://secunia.com/advisories/35379 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/35260 http://www.securityfocus.com/bid/35353 http://www.securitytracker.com/id?1022346 http://www.vupen.com/english/advisories/2009/1522 • CWE-255: Credentials Management Errors •

CVSS: 4.3EPSS: 9%CPEs: 34EXPL: 2

CVE-2009-1684 – WebKit - JavaScript 'onload()' Event Cross Domain Scripting

https://notcve.org/view.php?id=CVE-2009-1684

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores a v4.0, permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través de un procesador de evento que lanza la ejecución de una secuencia de comandos en el contexto del próximo documento cargado. • https://www.exploit-db.com/exploits/33033 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54987 http://secunia.com/advisories/35379 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022344 http://support.apple.com/kb/HT3613 http://support • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 34EXPL: 0

CVE-2009-1694

https://notcve.org/view.php?id=CVE-2009-1694

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." WebKit en Apple Safari anterior a v4.0 no redirecciona correctamente, lo que permite a atacantes remotos leer las imágenes de sitios web a su eleccion a traves de vectores relacionados al elemento CANVAS y redirección, relacionado con una "incidencia de captura de imagen de sitios cruzados." • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55005 http://secunia.com/advisories/35379 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.debian.org/security/2009/dsa-1950 http:/&#x •