CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2330
https://notcve.org/view.php?id=CVE-2015-2330
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. Verificación tardía del certificado TLS en WebKitGTK+ anterior a la versión 2.6.6 permite a atacantes remotos ver una solicitud HTTP segura, incluyendo, por ejemplo, cookies seguras. • http://www.openwall.com/lists/oss-security/2015/03/17/11 http://www.openwall.com/lists/oss-security/2015/03/18/4 https://bugs.webkit.org/show_bug.cgi?id=142244 https://security.gentoo.org/glsa/201706-15 https://trac.webkit.org/changeset/181074 https://webkitgtk.org/security/WSA-2015-0002.html • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2010-4198 – WebKit: Memory corruption due to improper handling of large text area
https://notcve.org/view.php?id=CVE-2010-4198
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document. Google Chrome antes de su versión v7.0.517.44 no maneja correctamente areas de texto demasiado grandes, lo que permite a atacantes remotos causar una denegación de servicio (por corrupción de memoria) o incluso posiblemente tener algún otro impacto no especificado a travñes de un documento HTML debidamente modificado. • http://code.google.com/p/chromium/issues/detail?id=55257 http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html http://secunia.com/advisories/42109 http://secunia.com/advisories/43086 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.redhat.com/support/errata/RHSA-2011-0177.html http://www.securityfocus.com/bid/45719 http://www.vupen.com/english/advisories/2011& • CWE-20: Improper Input Validation •