CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9643 – Gentoo Linux Security Advisory 201706-15
https://notcve.org/view.php?id=CVE-2016-9643
07 Mar 2017 — The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis). El código regex en Webkit 2.4.11 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) como se demuestra en un gran número de ($ (abrir paréntesis y dólar) seguido de {-2,16} y un gran número de +) (suma cerrar paréntesis). A large nu... • http://www.openwall.com/lists/oss-security/2016/11/26/2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2010-1386
https://notcve.org/view.php?id=CVE-2010-1386
19 Aug 2010 — page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357. En el archivo page/Geolocation.cpp en WebCore en WebKit anterior a r56188 y anterior a versión 1.2.5 no restringe apropiadamente el acceso a la función lastPosition, que tiene un impacto no especificado y vectores de ataque remoto, también se conoce como rdar problem 7746357. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2010-1760
https://notcve.org/view.php?id=CVE-2010-1760
19 Aug 2010 — loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150. loader/DocumentThreadableLoader.cpp en la implementación XMLHttpRequest en WebCore en WebKit anterior a r58409 no maneja adecuadamente las credenciales durante una petición de sincronización cross-origin, lo que tiene un impacto y vectores de... • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2010-1766
https://notcve.org/view.php?id=CVE-2010-1766
22 Jul 2010 — Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. Error de superación de límite en la función WebSocketHandshake::readServerHandshake en websockets/WebSocketHandshake.cpp en WebCore en WebKit anterior a r56380,... • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 10%CPEs: 49EXPL: 0CVE-2010-0647
https://notcve.org/view.php?id=CVE-2010-0647
18 Feb 2010 — WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence. WebKit anterior r53525, como el usado en Google Chrome anterior v4.0.249.89, permite a atacantes remotos ejecutar código en el sandbox a través de un elemento RUBY malformado, como queda demostrado con la secuencia <ruby>><table><rt>. • http://code.google.com/p/chromium/issues/detail?id=31692 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 2%CPEs: 3EXPL: 0CVE-2010-0651
https://notcve.org/view.php?id=CVE-2010-0651
18 Feb 2010 — WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. WebKit anterior a versión r52784, tal como es usado en Google Chrome anterior a versión 4.0.249.78 y Apple Safari anterior a versión 4.0.5, permite la carga de hojas de estilos CS... • http://code.google.com/p/chromium/issues/detail?id=9877 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 49EXPL: 0CVE-2010-0656
https://notcve.org/view.php?id=CVE-2010-0656
18 Feb 2010 — WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document. WebKit anterior a r51295 , usado en Google Chrome v4.0.249.78, presenta una página de listado de directorio en respuesta a un XMLHttpRequest de una URL file:// que corresponde a un directorio, lo... • http://code.google.com/p/chromium/issues/detail?id=20450 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 7%CPEs: 49EXPL: 0CVE-2010-0659
https://notcve.org/view.php?id=CVE-2010-0659
18 Feb 2010 — The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size. El decodificador de imagen en WebKit anterior a r52833, usado en Google Chrome anterior a v4.0.249.78, no controla correctamente un error de asignación de memoria, lo cual permite a atacantes remotos ejecutar código arbitrario en el rec... • http://code.google.com/p/chromium/issues/detail?id=28566 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 2%CPEs: 45EXPL: 0CVE-2009-3933
https://notcve.org/view.php?id=CVE-2009-3933
12 Nov 2009 — WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions. WebKit en versiones anteriores a la r50173, tal como se usa en Google Chrome en versiones anteriores a la 3.0.195.32, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante una página web qu... • http://code.google.com/p/chromium/issues/detail?id=25892 • CWE-399: Resource Management Errors •