Page 72 of 777 results (0.023 seconds)

CVSS: 6.8EPSS: 0%CPEs: 28EXPL: 0

Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Desbordamiento de búfer basado en pila en el Java Web Start Command Launcher en Java para Mac OS X v10.5 anterior a la actualización 5, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://securitytracker.com/id?1022820 http://www.vupen.com/english/advisories/2009/2543 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.1EPSS: 0%CPEs: 81EXPL: 0

WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. WebKit en Apple Safari anteriores a v4.0.3 no restringe apropiadamente el esquema URL del atributo pluginspage de un elemento EMBED, lo que permite a los atacantes remotos asistidos por usuarios lanzar un archivo arbitrario: URLs y obtener información sensible a través de un documento HTML manipulado. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3733 http://www.securityfocus.com/bid/36024 http://www.securitytracker.com/id?1022720 http://www.vupen.com/english/advisories/2011/0212 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 90%CPEs: 81EXPL: 1

Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers. Desbordamiento de búfer en WebKit en Apple Safari anteriores a v4.0.3, permite a los atacantes remotos ejecutar arbitrariamente código o causar una denegación de servicio (caída de la aplicación) a través de un número punto-flotante manipulado. • https://www.exploit-db.com/exploits/33164 http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3733 http://support.apple.com/kb/HT4225 http://www.securityfocus.com/bid/36023 http://www.securitytracker.com/id?1022717 http://www.vupen.com/english/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0

Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. Vulnerabilidad no especificada en Apple Safari 4 anteriores a v4.0.3 que permite a los servidores web remotos colocar un sitio web arbitrario en la vista "Top Sites", y posiblemente conducir un ataque de phishing, a través de vectores desconocidos. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html http://support.apple.com/kb/HT3733 http://www.securityfocus.com/bid/36022 http://www.securitytracker.com/id?1022718 •

CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Múltiples vulnerabilidades de uso anterior a la liberación en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto producir una denegación de servicio (caída de aplicación) a través de una ,manipulación de (1) una notación o (2) tipos de atributo de enumeración en un fichero XML como se demostró en Codenomicon XML fuzzing framework. • http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://secunia.com/advisories/35036 http://secunia.com/advisories/36207 http://secunia.com/advisories/36338 http://secunia • CWE-416: Use After Free •