Page 263 of 1393 results (0.013 seconds)

CVSS: 4.3EPSS: 0%CPEs: 42EXPL: 0

CVE-2008-4216

https://notcve.org/view.php?id=CVE-2008-4216

The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files." La interface plug-in en WebKit de Apple Safari versiones anteiores a v3.2 no impide que los plug-ins de acceso de URLs local, lo cual permite a atacantes remotos obtener información sensible a través de vectores que "lanzan archivos locales". • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://secunia.com/advisories/32706 http://support.apple.com/kb/HT3298 http://www.securityfocus.com/bid/32291 http://www.securitytracker.com/id?1021227 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 88%CPEs: 15EXPL: 1

CVE-2008-3529 – Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)

https://notcve.org/view.php?id=CVE-2008-3529

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. Desbordamiento de búfer basado en pila en la función xmlParseAttValueComplex en el módulo parser.c de libxml2 versiones anteriores a 2.7.0 permite a atacantes dependientes del contexto provocar una denegación de servicio (parada inesperada) o la posibilidad de ejecutar código de su elección al utilizar un nombre largo de entidad XML. • https://www.exploit-db.com/exploits/8798 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00000.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://secunia.com/advisories/31558 http://secunia.com/advisories/31855 http://secunia.com/advisories/31860 http://secunia.com/advisories/31868 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0

CVE-2008-3281 – libxml2 denial of service

https://notcve.org/view.php?id=CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. libxml2 2.6.32 y anteriores, no detecta correctamente la recursividad durante la expansión de una entidad en un valor de un atributo; esto permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de la memoria y la CPU) mediante un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://lists.vmware.com/pipermail/security-announce/2008/000039.html http://mail.gnome.org/archives/xml/2008-August/msg00034.html http://secunia.com/advisories/31558 http://secunia.com/advisories/31566 http://secunia.com/advisories/31590 http://secunia.com/advisories/3172 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •

CVSS: 9.3EPSS: 9%CPEs: 60EXPL: 0

CVE-2008-2307

https://notcve.org/view.php?id=CVE-2008-2307

Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. Una vulnerabilidad no especificada en WebKit en Apple Safari anterior a la versión 3.1.2, distribuida en Mac OS X anterior a la versión 10.5.4, e independiente para Windows y Mac OS X versión 10.4, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) o ejecutar código arbitrario por medio de vectores que involucra a la matriz JavaScript que desencadena una corrupción de memoria. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jun/msg00003.html http://secunia.com/advisories/30775 http://secunia.com/advisories/30801 http://secunia.com/advisories/30992 http://secunia.com/advisories/31074 http://support.apple.com/kb/HT2092 http://support.apple.com/kb/HT2163 http://support.apple.com/kb/HT2165 h • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 1%CPEs: 9EXPL: 0

CVE-2008-2306

https://notcve.org/view.php?id=CVE-2008-2306

Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. Apple Safari anterior a la versión 3.1.2 en Windows no interpreta apropiadamente la configuración de zona de Internet Explorer URLACTION_SHELL_EXECUTE_HIGHRISK, que permite a los atacantes remotos omitir las restricciones de acceso previstas y forzar a un sistema cliente a descargar y ejecutar archivos arbitrarios. • http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html http://secunia.com/advisories/30775 http://www.kb.cert.org/vuls/id/127185 http://www.securityfocus.com/bid/29835 http://www.securitytracker.com/id?1020329 http://www.vupen.com/english/advisories/2008/1882/references • CWE-264: Permissions, Privileges, and Access Controls •