8 results (0.002 seconds)

CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0

CVE-2010-1760

https://notcve.org/view.php?id=CVE-2010-1760

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150. loader/DocumentThreadableLoader.cpp en la implementación XMLHttpRequest en WebCore en WebKit anterior a r58409 no maneja adecuadamente las credenciales durante una petición de sincronización cross-origin, lo que tiene un impacto y vectores de ataque remoto sin especificar, también conocido como problema rdar 7905150. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://security-tracker.debian.org/tracker/CVE-2010-1760 http://trac.webkit.org/changeset/58409 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.securityfocus.com/bid/42494 http://www.ubuntu.com/usn/USN-1006-1 http://www.vupen.com/english/advisories/2010/2722 http://www.vupen.com/english/advisories/2011&#x • CWE-255: Credentials Management Errors •

CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0

CVE-2010-1386

https://notcve.org/view.php?id=CVE-2010-1386

page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357. En el archivo page/Geolocation.cpp en WebCore en WebKit anterior a r56188 y anterior a versión 1.2.5 no restringe apropiadamente el acceso a la función lastPosition, que tiene un impacto no especificado y vectores de ataque remoto, también se conoce como rdar problem 7746357. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://security-tracker.debian.org/tracker/CVE-2010-1386 http://trac.webkit.org/changeset/56188 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.securityfocus.com/bid/42500 http://www.ubuntu.com/usn/USN-1006-1 http://www.vupen.com/english/advisories/2010/2722 http://www.vupen.com/english/advisories/2011&#x • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

CVE-2010-1766

https://notcve.org/view.php?id=CVE-2010-1766

Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. Error de superación de límite en la función WebSocketHandshake::readServerHandshake en websockets/WebSocketHandshake.cpp en WebCore en WebKit anterior a r56380, utilizado en Qt y otros productos, permite a los servidores de websockets remotos provocar una denegación de servicio (corrupción de memoria), o posiblemente tener otro impacto no especificado a través de una cabecera de actualización que es larga e inválida. • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40557 http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://trac.webkit.org/changeset/56380 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.ubuntu.com/usn/USN-1006-1 http:/& • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 8%CPEs: 49EXPL: 0

CVE-2010-0659

https://notcve.org/view.php?id=CVE-2010-0659

The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size. El decodificador de imagen en WebKit anterior a r52833, usado en Google Chrome anterior a v4.0.249.78, no controla correctamente un error de asignación de memoria, lo cual permite a atacantes remotos ejecutar código arbitrario en el recinto de seguridad de Chrome (sandbox) a través de un archivo GIF malformado que especifica un tamaño grande . • http://code.google.com/p/chromium/issues/detail?id=28566 http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://securitytracker.com/id?1023506 http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs http://trac.webkit.org/changeset/52833 http://www.vupen.com/english/advisories/2011/0212 https://bugs.webkit.org/s • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 6%CPEs: 49EXPL: 0

CVE-2010-0647

https://notcve.org/view.php?id=CVE-2010-0647

WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence. WebKit anterior r53525, como el usado en Google Chrome anterior v4.0.249.89, permite a atacantes remotos ejecutar código en el sandbox a través de un elemento RUBY malformado, como queda demostrado con la secuencia <ruby>><table><rt>. • http://code.google.com/p/chromium/issues/detail?id=31692 http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/38545 http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://securitytracker.com/id?1023583 http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs http://trac.webkit.org/changeset/53525 http:/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •