31 results (0.007 seconds)

CVSS: 9.0EPSS: 4%CPEs: 142EXPL: 0

CVE-2011-1344 – WebKit WBR Tag Removal Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2011-1344

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. Vulnerabilidad sin especificar en WebKit. Tal como se utiliza en Apple Safari 5.0.4 en Mac OS X 10.6.6, permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, como ha demostrado Chaouki Bekrar durante el concurso Pwn2Own de la CanSecWest 2011. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the Webkit library handles WBR tags on a webpage. • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html http://secunia.com/advisories/44151 http://secunia.com/advisories/44154 http://support.apple.com/kb/HT4596 http://support.apple.com/kb/HT4607 http://twitter.com/aaronportnoy/statuses/45632544967901187&# • CWE-399: Resource Management Errors •

CVSS: 3.5EPSS: 0%CPEs: 29EXPL: 0

CVE-2010-1810

https://notcve.org/view.php?id=CVE-2010-1810

FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. FaceTime en Apple iOS anterior a v4.1 en el iPhone e iPod touch no maneja correctamente certificados X.509 no válidos, lo cual permite a atacantes de "hombre-en-medio" redireccionar llamadas a través de un certificado manipulado. • http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html http://support.apple.com/kb/HT4334 https://exchange.xforce.ibmcloud.com/vulnerabilities/61695 •

CVSS: 1.9EPSS: 0%CPEs: 22EXPL: 0

CVE-2010-1775

https://notcve.org/view.php?id=CVE-2010-1775

Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. Condición de carrera en Passcode Lock en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch permite a atacantes físicamente próximos eludir los requerimientos de contraseña establecidos y asociar un dispositivo bloqueado con una computadora y acceder a datos de su elección, a través de vectores relacionados con el arranque inicial. • http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://support.apple.com/kb/HT4225 http://www.securityfocus.com/bid/41016 https://exchange.xforce.ibmcloud.com/vulnerabilities/59637 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0

CVE-2010-1407

https://notcve.org/view.php?id=CVE-2010-1407

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. WebKit en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch no implementa de manera adecuada el método history.replaceState en ciertas situaciones relacionadas con elementos IFRAME, lo que permite a atacantes remotos obtener información sensible mediante un documento HTML manipulado. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4225 http://support.apple.com/kb/HT4456 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.securit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 4%CPEs: 85EXPL: 0

CVE-2010-1387

https://notcve.org/view.php?id=CVE-2010-1387

Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. Vulnerabilidad no específicada en WebKit en Apple iTunes anteriores a v9.2 en Windows, tiene un impacto y vectores de ataque desconocidos, es una vulnerabilidad diferente a CVE-2010-1387 y CVE-2010-1769. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024108 http:/ • CWE-399: Resource Management Errors •