CVSS: 6.8EPSS: 14%CPEs: 9EXPL: 0CVE-2006-6503
https://notcve.org/view.php?id=CVE-2006-6503
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI. Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunderbird anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 permite a atacantes remotos evitar la protección de secuencias de comandos en sitios cruzados (XSS) cambiando el atributo src de un elemento IMG a javascript: URI. • ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc http://fedoranews.org/cms/node/2297 http://fedoranews.org/cms/node/2338 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://rhn.redhat.com/errata/RHSA-2006-0758.html http://rhn.redhat.com/errata/RHSA-2006-0759.html http://rhn.redhat.com/errata/RHSA-2006-0760.html http://secunia.com/advisories/23282 http://secunia.com/advisories/23420 http://secunia.com/advisories& • CWE-254: 7PK - Security Features •
CVSS: 6.8EPSS: 16%CPEs: 9EXPL: 0CVE-2006-6501
https://notcve.org/view.php?id=CVE-2006-6501
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function. Vulnerabilidad no especificada en Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunderbird anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 permite a atacantes remotos obtener privilegios e instalar código malicioso mediante la función watch de Javascript. • ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc http://fedoranews.org/cms/node/2297 http://fedoranews.org/cms/node/2338 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://rhn.redhat.com/errata/RHSA-2006-0758.html http://rhn.redhat.com/errata/RHSA-2006-0759.html http://rhn.redhat.com/errata/RHSA-2006-0760.html http://secunia.com/advisories/23282 http://secunia.com/advisories/23420 http://secunia.com/advisories& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 92%CPEs: 6EXPL: 0CVE-2006-6504 – Mozilla Firefox SVG Processing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-6504
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption. Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 permite a atacantes remotos ejecutar código de su elección añadiendo un nodo DOM con un comentario SVG a otro tipo de documento, lo cual desemboca en una corrupción de memoria. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the browser's handling of SVG comment objects. Firefox does not correctly handle requests to append SVG comments to elements in other types of documents. • ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc http://fedoranews.org/cms/node/2297 http://fedoranews.org/cms/node/2338 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://rhn.redhat.com/errata/RHSA-2006-0758.html http://rhn.redhat.com/errata/RHSA-2006-0759.html http://rhn.redhat.com/errata/RHSA-2006-0760.html http://secunia.com/advisories/23282 http://secunia.com/advisories/23422 http://secunia.com/advisories& • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2006-5649
https://notcve.org/view.php?id=CVE-2006-5649
Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors. Vulnerabilidad sin especificar en el "manejador de excepciones del check de alineamiento" en el Ubuntu 5.10, 6.06 LTS, y 6.10 para el PowerPC (PPC) permite a usuarios locales provocar una denegación de servicio (kernel panic) mediante vectores sin especificar. • http://secunia.com/advisories/23361 http://secunia.com/advisories/23370 http://secunia.com/advisories/23384 http://secunia.com/advisories/23395 http://secunia.com/advisories/23474 http://www.novell.com/linux/security/advisories/2006_79_kernel.html http://www.securityfocus.com/bid/21523 http://www.ubuntu.com/usn/usn-395-1 http://www.us.debian.org/security/2006/dsa-1233 http://www.us.debian.org/security/2006/dsa-1237 •
CVSS: 10.0EPSS: 5%CPEs: 32EXPL: 0CVE-2006-6235
https://notcve.org/view.php?id=CVE-2006-6235
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. Una vulnerabilidad de "escritura en pila" en GnuPG (gpg) 1.x anterior a la 1.4.6, 2.x anterior a la 2.0.2 y 1.9.0 hasta la 1.9.95 permite a atacantes ejecutar código de su elección mediante paquetes OpenPGP artesanales que provocan que GnuPG haga referencia a un puntero a función que está en memoria (en la pila) que ya ha sido liberada. • ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html http://secunia.com/advisories/23245 http://secunia.com/advisories/23250 http://secunia.com/advisories/23255 http://secunia.com/advisories/23259 http://secunia.com/advisories/23269 http://secunia.com/advisories/23284 http://secunia.com/advisories/23290 http://secunia. •