Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2011:039 First vendor Publication 2011-03-02
Vendor Mandriva Last vendor Modification 2011-03-02
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit.

Please consult the CVE web links for further information.

The updated packages have been upgraded to the latest version (1.2.7) to correct these issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

CWE : Common Weakness Enumeration

% Id Name
31 % CWE-399 Resource Management Errors
22 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9 % CWE-200 Information Exposure
7 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
6 % CWE-416 Use After Free
6 % CWE-264 Permissions, Privileges, and Access Controls
4 % CWE-189 Numeric Errors (CWE/SANS Top 25)
4 % CWE-94 Failure to Control Generation of Code ('Code Injection')
4 % CWE-20 Improper Input Validation
1 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
1 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
1 % CWE-255 Credentials Management
1 % CWE-193 Off-by-one Error
1 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10964
 
Oval ID: oval:org.mitre.oval:def:10964
Title: use-after-free vulnerability in WebKit in Apple Safari before 5.0.1
Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1780
 Version: 13
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11140
 
Oval ID: oval:org.mitre.oval:def:11140
Title: Cross-site request forgery in Google Chrome version before 4.1.249.1059.
Description: Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1767
 Version: 15
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11221
 
Oval ID: oval:org.mitre.oval:def:11221
Title: Google Chrome Image Read Access Restriction Same Origin Policy Bypass Remote Information Disclosure
Description: WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3259
 Version: 14
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11577
 
Oval ID: oval:org.mitre.oval:def:11577
Title: Vulnerability in text-editing implementation in Google Chrome before 5.0.375.127
Description: The text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before performing a cast, which has unspecified impact and attack vectors related to (1) DeleteSelectionCommand.cpp, (2) InsertLineBreakCommand.cpp, or (3) InsertParagraphSeparatorCommand.cpp in WebCore/editing/.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3114
 Version: 14
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11661
 
Oval ID: oval:org.mitre.oval:def:11661
Title: Vulnerability in page/Geolocation.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70
Description: Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1772
 Version: 15
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11689
 
Oval ID: oval:org.mitre.oval:def:11689
Title: Integer overflow vulnerability in WebKit in Apple Safari before 5.0.3 versions
Description: Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3812
 Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11736
 
Oval ID: oval:org.mitre.oval:def:11736
Title: Google Chrome Counter Node Handling Unspecified Memory Corruption
Description: Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3255
 Version: 14
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11766
 
Oval ID: oval:org.mitre.oval:def:11766
Title: The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1
Description: The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1784
 Version: 13
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11777
 
Oval ID: oval:org.mitre.oval:def:11777
Title: WebKit in Apple Safari before 5.0.1 related to reentrancy issue.
Description: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue."
Family: windows Class: vulnerability
Reference(s): CVE-2010-1790
 Version: 13
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11802
 
Oval ID: oval:org.mitre.oval:def:11802
Title: Integer signedness error in WebKit in Apple Safari before 5.0.1 related to vectors involving a JavaScript array index.
Description: Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1791
 Version: 11
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11820
 
Oval ID: oval:org.mitre.oval:def:11820
Title: WebKit in Apple Safari before 5.0.1 Denial of Service vulnerability
Description: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1783
 Version: 13
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11830
 
Oval ID: oval:org.mitre.oval:def:11830
Title: Vulnerability in toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70
Description: Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1773
 Version: 18
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11837
 
Oval ID: oval:org.mitre.oval:def:11837
Title: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 related to foreignObject element in an SVG document.
Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1786
 Version: 13
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11877
 
Oval ID: oval:org.mitre.oval:def:11877
Title: WebKit in Apple Safari before 5.0.1 related to a floating element in an SVG document.
Description: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1787
 Version: 13
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11884
 
Oval ID: oval:org.mitre.oval:def:11884
Title: Denial of service Vulnerability in Google Chrome before 5.0.375.99 related to SVG document
Description: Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2647
 Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11898
 
Oval ID: oval:org.mitre.oval:def:11898
Title: WebKit in Apple Safari before 5.0.1 related to crafted regular expression.
Description: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1792
 Version: 13
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11900
 
Oval ID: oval:org.mitre.oval:def:11900
Title: Vulnerability in implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99
Description: The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2648
 Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11901
 
Oval ID: oval:org.mitre.oval:def:11901
Title: Vulnerability in handling of SVG documents in Google Chrome before 5.0.375.127
Description: Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3113
 Version: 14
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11909
 
Oval ID: oval:org.mitre.oval:def:11909
Title: Vulnerability while processing MIME types in Google Chrome before 5.0.375.127
Description: Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3116
 Version: 14
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11923
 
Oval ID: oval:org.mitre.oval:def:11923
Title: Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 related to font-face or use element in an SVG document.
Description: Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1793
 Version: 13
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11935
 
Oval ID: oval:org.mitre.oval:def:11935
Title: WebKit in Apple Safari before 5.0.1 denial of service vulnerability related to the rendering of an inline element
Description: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1782
 Version: 13
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11941
 
Oval ID: oval:org.mitre.oval:def:11941
Title: WebKit in Apple Safari before 5.0.1 memory accesses vulnerability
Description: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1785
 Version: 13
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11949
 
Oval ID: oval:org.mitre.oval:def:11949
Title: Denial of Service vulnerability in Google Chrome before 7.0.517.44 via unknown vectors
Description: Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4206
 Version: 14
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11953
 
Oval ID: oval:org.mitre.oval:def:11953
Title: Vulnerability in history feature implementation in Google Chrome before 5.0.375.127
Description: Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3115
 Version: 14
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11962
 
Oval ID: oval:org.mitre.oval:def:11962
Title: WebKit in Apple Safari before 5.0.1 related to a use element in an SVG document.
Description: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1788
 Version: 13
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11964
 
Oval ID: oval:org.mitre.oval:def:11964
Title: Webkit Floating Point Datatype Remote Code Execution Vulnerability
Description: WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1807
 Version: 8
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12052
 
Oval ID: oval:org.mitre.oval:def:12052
Title: Google Chrome Clipboard Copy Restriction Weakness Unspecified Issue
Description: Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3248
 Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12107
 
Oval ID: oval:org.mitre.oval:def:12107
Title: Vulnerability in Ruby language support in Google Chrome before 5.0.375.127
Description: Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3119
 Version: 14
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12138
 
Oval ID: oval:org.mitre.oval:def:12138
Title: Google Chrome Focus Handling Stale Pointer Remote DoS
Description: Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3257
 Version: 14
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12157
 
Oval ID: oval:org.mitre.oval:def:12157
Title: Vulnerability in Google Chrome before 7.0.517.44 via a crafted HTML document
Description: WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4198
 Version: 14
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12174
 
Oval ID: oval:org.mitre.oval:def:12174
Title: Denial of Service vulnerability in Google Chrome before 7.0.517.44 via unknown vectors
Description: WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4204
 Version: 14
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12266
 
Oval ID: oval:org.mitre.oval:def:12266
Title: Use-after-free vulnerability in Google Chrome before 7.0.517.44 via vectors involving text editing
Description: Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4197
 Version: 14
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12293
 
Oval ID: oval:org.mitre.oval:def:12293
Title: Vulnerability in WebKit in Apple Safari before 5.0.3 versions
Description: The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3813
 Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13653
 
Oval ID: oval:org.mitre.oval:def:13653
Title: WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
Description: WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0651
 Version: 18
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Apple Safari
Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13791
 
Oval ID: oval:org.mitre.oval:def:13791
Title: WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.
Description: WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0650
 Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Google Chrome
Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14094
 
Oval ID: oval:org.mitre.oval:def:14094
Title: WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element.
Description: WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0647
 Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14501
 
Oval ID: oval:org.mitre.oval:def:14501
Title: WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.
Description: WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0656
 Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23977
 
Oval ID: oval:org.mitre.oval:def:23977
Title: WebKit vulnerability in Apple Safari before 5.0 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages
Description: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2264
 Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24486
 
Oval ID: oval:org.mitre.oval:def:24486
Title: Vulnerability in Apple Safari, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site
Description: Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0314
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6649
 
Oval ID: oval:org.mitre.oval:def:6649
Title: WebKit Dragging or Pasting Cross Domain Scripting Vulnerability
Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1389
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6739
 
Oval ID: oval:org.mitre.oval:def:6739
Title: WebKit JavaScript 'execCommand' Vulnerability
Description: The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1421
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6810
 
Oval ID: oval:org.mitre.oval:def:6810
Title: WebKit Right-to-Left Displayed Text Handling Memory Corruption Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0049
 Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6836
 
Oval ID: oval:org.mitre.oval:def:6836
Title: WebKit Common IRC Service Port Blacklist Exclusion
Description: Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1409
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6862
 
Oval ID: oval:org.mitre.oval:def:6862
Title: WebKit Fonts Handling Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1771
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6871
 
Oval ID: oval:org.mitre.oval:def:6871
Title: WebKit 'src' Attribute Cross-site Scripting Vulnerability
Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1418
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6876
 
Oval ID: oval:org.mitre.oval:def:6876
Title: WebKit CSS-Styled HTML Handling Remote Code Execution Vulnerability
Description: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1417
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6878
 
Oval ID: oval:org.mitre.oval:def:6878
Title: Problem in handling HTML5 media in Google Chrome version less than 4.1.249.1064
Description: Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1664
 Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6882
 
Oval ID: oval:org.mitre.oval:def:6882
Title: WebKit Object Element Fallback Memory Corruption Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0047
 Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6888
 
Oval ID: oval:org.mitre.oval:def:6888
Title: WebKit UTF-7 Encoded Data Cross Site Scripting Vulnerability
Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1390
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6912
 
Oval ID: oval:org.mitre.oval:def:6912
Title: WebKit 'DOCUMENT_POSITION_DISCONNECTED' Attribute Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1397
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6915
 
Oval ID: oval:org.mitre.oval:def:6915
Title: WebKit HTML Image Element Handling Memory Corruption Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0054
 Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6981
 
Oval ID: oval:org.mitre.oval:def:6981
Title: WebKit 'first-letter' CSS Style Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1401
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7005
 
Oval ID: oval:org.mitre.oval:def:7005
Title: WebKit 'Node.normalize' Method Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1759
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7024
 
Oval ID: oval:org.mitre.oval:def:7024
Title: WebKit HTML Button Use After Free Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1392
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7031
 
Oval ID: oval:org.mitre.oval:def:7031
Title: WebKit Caption Element Handling Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1400
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7034
 
Oval ID: oval:org.mitre.oval:def:7034
Title: Problem in handling fonts in Google Chrome version less than 4.1.249.1064
Description: Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1665
 Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7041
 
Oval ID: oval:org.mitre.oval:def:7041
Title: WebKit 'removeChild' DOM Method Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1414
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7053
 
Oval ID: oval:org.mitre.oval:def:7053
Title: WebKit CSS 'format()' Arguments Memory Corruption Vulnerability
Description: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0046
 Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7061
 
Oval ID: oval:org.mitre.oval:def:7061
Title: Apple iTunes JavaScriptCore Page Transitions Denial Of Service Vulnerability
Description: Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1387
 Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
 Product(s): Apple iTunes
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7071
 
Oval ID: oval:org.mitre.oval:def:7071
Title: WebKit 'ConditionEventListener' Remote Code Execution Vulnerability
Description: Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1402
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7082
 
Oval ID: oval:org.mitre.oval:def:7082
Title: WebKit Path Traversal Vulnerability
Description: Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1391
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7099
 
Oval ID: oval:org.mitre.oval:def:7099
Title: WebKit IBM1147 Character Set Text Transform Remote Code Execution Vulnerability
Description: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."
Family: windows Class: vulnerability
Reference(s): CVE-2010-1770
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7135
 
Oval ID: oval:org.mitre.oval:def:7135
Title: WebKit XML Document Parsing Memory Corruption Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0048
 Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7150
 
Oval ID: oval:org.mitre.oval:def:7150
Title: WebKit SVG 'use' Element Remote Code Execution Vulnerability
Description: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1410
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7157
 
Oval ID: oval:org.mitre.oval:def:7157
Title: WebKit HTML Document Subtrees Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1761
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7197
 
Oval ID: oval:org.mitre.oval:def:7197
Title: WebKit HTTPS Referer Header Passing Vulnerability
Description: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1406
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7252
 
Oval ID: oval:org.mitre.oval:def:7252
Title: WebKit Custom Vertical Positioning Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1405
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7288
 
Oval ID: oval:org.mitre.oval:def:7288
Title: WebKit Option Element 'ContentEditable' Attribute Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1396
 Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7295
 
Oval ID: oval:org.mitre.oval:def:7295
Title: WebKit Non-default TCP Port Handling Vulnerability
Description: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1408
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7314
 
Oval ID: oval:org.mitre.oval:def:7314
Title: WebKit Use After Free Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1419
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7323
 
Oval ID: oval:org.mitre.oval:def:7323
Title: WebKit CSS 'run-in' Display Use-After-Free Error Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0053
 Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7335
 
Oval ID: oval:org.mitre.oval:def:7335
Title: WebKit DOM Range Objects Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1758
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7346
 
Oval ID: oval:org.mitre.oval:def:7346
Title: WebKit CSS Handling Vulnerability
Description: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1393
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7347
 
Oval ID: oval:org.mitre.oval:def:7347
Title: WebKit HTTP Redirect Vulnerability
Description: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1764
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7374
 
Oval ID: oval:org.mitre.oval:def:7374
Title: WebKit 'libxml' Context Handling Remote Code Execution Vulnerability
Description: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."
Family: windows Class: vulnerability
Reference(s): CVE-2010-1415
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7401
 
Oval ID: oval:org.mitre.oval:def:7401
Title: WebKit SVG Cross-site Scripting Vulnerability
Description: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue."
Family: windows Class: vulnerability
Reference(s): CVE-2010-1416
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7403
 
Oval ID: oval:org.mitre.oval:def:7403
Title: WebKit HTML Elements Callback Use-After-Free Error Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0052
 Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7464
 
Oval ID: oval:org.mitre.oval:def:7464
Title: WebKit DOM Constructor Cross Site Scripting Vulnerability
Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue."
Family: windows Class: vulnerability
Reference(s): CVE-2010-1395
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7476
 
Oval ID: oval:org.mitre.oval:def:7476
Title: WebKit HTML Tables Remote Code Execution Vulnerability
Description: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1774
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7497
 
Oval ID: oval:org.mitre.oval:def:7497
Title: WebKit Option Recursive Use Element Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1404
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7503
 
Oval ID: oval:org.mitre.oval:def:7503
Title: WebKit HTML Document textarea Remote Code Execution Vulnerability
Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1762
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7519
 
Oval ID: oval:org.mitre.oval:def:7519
Title: WebKit SVG 'use' Element Remote Code Execution Vulnerability
Description: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1403
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7552
 
Oval ID: oval:org.mitre.oval:def:7552
Title: WebKit HTML Fragment Cross Site Scripting Vulnerability
Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1394
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7554
 
Oval ID: oval:org.mitre.oval:def:7554
Title: WebKit Cross-Origin Stylesheet Request Information Disclosure Vulnerability
Description: WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0051
 Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7556
 
Oval ID: oval:org.mitre.oval:def:7556
Title: WebKit Editable Containers Remote Code Execution Vulnerability
Description: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1398
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7587
 
Oval ID: oval:org.mitre.oval:def:7587
Title: WebKit Nested HTML Tags Use-After-Free Error Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0050
 Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7591
 
Oval ID: oval:org.mitre.oval:def:7591
Title: WebKit Keyboard Focus Vulnerability
Description: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1422
 Version: 11
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7606
 
Oval ID: oval:org.mitre.oval:def:7606
Title: WebKit Hover Event Handling Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1412
 Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7646
 
Oval ID: oval:org.mitre.oval:def:7646
Title: Google Chrome before 7.0.517.41 does not properly handle animated GIF images
Description: Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4040
 Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 251
Application 195
Application 9
Application 2
Application 785
Application 47
Application 3
Application 7
Os 93
Os 1
Os 4
Os 2
Os 3
Os 10
Os 7
Os 1

ExploitDB Exploits

id Description
2012-11-01 Konqueror 4.7.3 Memory Corruption
2012-02-01 Webkit normalize bug for android 2.2 (CVE-2010-1759)
2010-11-15 Android 2.0/2.1 Use-After-Free Remote Code Execution on Webkit
2010-11-05 Android 2.0-2.1 Reverse Shell Exploit

OpenVAS Exploits

Date Description
2012-11-19 Name : Fedora Update for kdelibs FEDORA-2012-17388
File : nvt/gb_fedora_2012_17388_kdelibs_fc16.nasl
2012-06-05 Name : RedHat Update for webkitgtk RHSA-2011:0177-01
File : nvt/gb_RHSA-2011_0177-01_webkitgtk.nasl
2012-04-02 Name : Fedora Update for kdelibs FEDORA-2011-16151
File : nvt/gb_fedora_2011_16151_kdelibs_fc16.nasl
2012-03-29 Name : Fedora Update for kdelibs FEDORA-2012-3483
File : nvt/gb_fedora_2012_3483_kdelibs_fc15.nasl
2011-08-27 Name : Ubuntu Update for webkit USN-1195-1
File : nvt/gb_ubuntu_USN_1195_1.nasl
2011-05-12 Name : Debian Security Advisory DSA 2188-1 (webkit)
File : nvt/deb_2188_1.nasl
2011-03-07 Name : Mandriva Update for webkit MDVSA-2011:039 (webkit)
File : nvt/gb_mandriva_MDVSA_2011_039.nasl
2011-03-05 Name : FreeBSD Ports: bugzilla
File : nvt/freebsd_bugzilla12.nasl
2011-03-05 Name : FreeBSD Ports: webkit-gtk2
File : nvt/freebsd_webkit-gtk23.nasl
2011-02-18 Name : Fedora Update for webkitgtk FEDORA-2011-1224
File : nvt/gb_fedora_2011_1224_webkitgtk_fc13.nasl
2011-01-24 Name : FreeBSD Ports: webkit-gtk2
File : nvt/freebsd_webkit-gtk22.nasl
2011-01-11 Name : Fedora Update for webkitgtk FEDORA-2011-0121
File : nvt/gb_fedora_2011_0121_webkitgtk_fc13.nasl
2010-11-23 Name : Apple Safari Webkit Multiple Vulnerabilities - Nov10
File : nvt/gb_apple_safari_webkit_mult_vuln_nov10.nasl
2010-11-18 Name : Google Chrome multiple vulnerabilities - November 10(Windows)
File : nvt/gb_google_chrome_mult_vuln_nov10_win.nasl
2010-11-18 Name : Google Chrome multiple vulnerabilities - November 10(Linux)
File : nvt/gb_google_chrome_mult_vuln_nov10_lin.nasl
2010-11-17 Name : FreeBSD Ports: webkit-gtk2
File : nvt/freebsd_webkit-gtk21.nasl
2010-10-28 Name : Google Chrome multiple vulnerabilities - October 10(Windows)
File : nvt/gb_google_chrome_mult_vuln_oct10_win.nasl
2010-10-28 Name : Google Chrome multiple vulnerabilities - October 10(Linux)
File : nvt/gb_google_chrome_mult_vuln_oct10_lin.nasl
2010-10-22 Name : Fedora Update for webkitgtk FEDORA-2010-15957
File : nvt/gb_fedora_2010_15957_webkitgtk_fc13.nasl
2010-10-22 Name : Fedora Update for webkitgtk FEDORA-2010-15982
File : nvt/gb_fedora_2010_15982_webkitgtk_fc12.nasl
2010-10-22 Name : Ubuntu Update for webkit vulnerabilities USN-1006-1
File : nvt/gb_ubuntu_USN_1006_1.nasl
2010-10-10 Name : FreeBSD Ports: webkit-gtk2
File : nvt/freebsd_webkit-gtk20.nasl
2010-10-01 Name : Google Chrome 'WebKit' Multiple Vulnerabilities (Linux) - Sep 10
File : nvt/secpod_google_chrome_mult_vuln_lin01_sep10.nasl
2010-09-22 Name : Fedora Update for webkitgtk FEDORA-2010-14409
File : nvt/gb_fedora_2010_14409_webkitgtk_fc13.nasl
2010-09-22 Name : Fedora Update for webkitgtk FEDORA-2010-14419
File : nvt/gb_fedora_2010_14419_webkitgtk_fc12.nasl
2010-09-21 Name : Google Chrome multiple vulnerabilities (Linux)
File : nvt/gb_google_chrome_mult_vuln_sep10_lin.nasl
2010-09-21 Name : Google Chrome multiple vulnerabilities (Windows) Sep10
File : nvt/gb_google_chrome_mult_vuln_sep10_win.nasl
2010-09-15 Name : Apple Safari Multiple Vulnerabilities - Sep10
File : nvt/gb_apple_safari_mult_vuln_sep10.nasl
2010-08-26 Name : Google Chrome multiple vulnerabilities - (Aug10)
File : nvt/secpod_google_chrome_mult_vuln_aug10.nasl
2010-08-02 Name : Apple Safari Multiple Vulnerabilities - July 10
File : nvt/secpod_apple_safari_mult_vuln_jul10.nasl
2010-07-22 Name : FreeBSD Ports: webkit-gtk2
File : nvt/freebsd_webkit-gtk2.nasl
2010-07-16 Name : Fedora Update for qt FEDORA-2010-11020
File : nvt/gb_fedora_2010_11020_qt_fc12.nasl
2010-07-16 Name : Fedora Update for qt FEDORA-2010-11011
File : nvt/gb_fedora_2010_11011_qt_fc13.nasl
2010-07-12 Name : Google Chrome multiple vulnerabilities - July 10
File : nvt/gb_google_chrome_mult_vuln_jul10.nasl
2010-06-25 Name : Apple iTunes Multiple Unspecified Vulnerabilities
File : nvt/secpod_apple_itunes_mult_unspecified_vuln.nasl
2010-06-22 Name : Google Chrome 'WebKit' Multiple Vulnerabilities (Windows) - June 10
File : nvt/secpod_google_chrome_mult_vuln_win_jun10.nasl
2010-06-16 Name : Apple Safari Multiple Vulnerabilities (June-10)
File : nvt/gb_apple_safari_mult_vuln_jun10.nasl
2010-05-17 Name : Fedora Update for qt FEDORA-2010-8379
File : nvt/gb_fedora_2010_8379_qt_fc11.nasl
2010-05-17 Name : Fedora Update for qt FEDORA-2010-8360
File : nvt/gb_fedora_2010_8360_qt_fc12.nasl
2010-05-07 Name : Google Chrome Multiple Vulnerabilities Windows - May10
File : nvt/gb_google_chrome_mult_vuln_may10.nasl
2010-04-30 Name : Google Chrome Multiple Vulnerabilities (win)
File : nvt/secpod_google_chrome_mult_vuln_apr10.nasl
2010-04-06 Name : Safari 4.0.5 Update
File : nvt/macosx_safari_4_0_5.nasl
2010-03-31 Name : Fedora Update for qt FEDORA-2010-4524
File : nvt/gb_fedora_2010_4524_qt_fc11.nasl
2010-03-31 Name : Fedora Update for qt FEDORA-2010-4518
File : nvt/gb_fedora_2010_4518_qt_fc12.nasl
2010-03-18 Name : Apple Safari Webkit Multiple Vulnerabilities
File : nvt/gb_apple_safari_webkit_mult_vuln_mar10.nasl
2010-02-22 Name : Google Chrome Multiple Vulnerabilities - (Win)
File : nvt/secpod_google_chrome_mult_vuln_win01.nasl
2010-02-22 Name : Google Chrome Multiple Vulnerabilities - (Windows)
File : nvt/secpod_google_chrome_mult_vuln_win02.nasl
2010-01-20 Name : Apple Safari Multiple Vulnerabilities
File : nvt/gb_apple_safari_mult_vuln_jan10.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
69434 Apple Safari WebKit HTML Link Element DNS Prefetch Setting Bypass

Apple Safari contains a flaw related to the WebKit's HTML Link Element. The issue is triggered when WebKit encounters an HTML Link Element that requests DNS prefetching. This will bypass any prefetching preference that has been set, and may result in undesired requests to remote servers.
69433 Apple Safari WebKit wholeText Method Size Calculation Overflow

Apple WebKit in Apple Safari before 5.0.3 on Windows 7, Windows Vista, Windows XP SP2 or later, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, and Apple WebKit in Apple Safari before 4.1.3 on Mac OS X v10.4.11 and Mac OS X Server v10.4.11 is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in an integer overflow while handling Text objects. Visiting a specially crafted website a remote attacker can potentially cause an unexpected application termination or arbitrary code execution.
69172 Google Chrome SVG Document Out-of-bounds Array Index Memory Access DoS

Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program accesses memory in an out-of-bounds array index while processing an SVG document, allowing a context-dependent attacker to cause a denial of service or possibly have other unspecified impact.
69170 Google Chrome Destroyed Frame Object Access Remote DoS

Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program accesses a frame object after it has been destroyed, allowing a context-dependent attacker to cause a denial of service or possibly have other unspecified impact.
69164 Google Chrome Crafted HTML Document Text Area Handling Memory Corruption

A memory corruption flaw exists in Google Chrome. The program fails to sanitize user-supplied input when processing large text areas, resulting in memory corruption. With a specially crafted HTML document, a context-dependent attacker can cause a denial of service, or possibly have other unspecified impact.
69163 Google Chrome Text Editing Use-after-free Remote DoS

Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when a use-after-free error related to text editing is exploited to cause a denial of service.
68841 Google Chrome Crafted Animated GIF Handling Memory Corruption

A memory corruption flaw exists in Google Chrome. The program fails to sanitize user-supplied input when processing animated GIF images, resulting in memory corruption. With a specially crafted .gif image file, a context-dependent attacker can execute arbitrary code.
67962 Apple Safari WebKit Floating Point Data Crafted HTML Document Handling Arbitr...

Apple Safari WebKit contains an input validation flaw related to WebKit's handling of floating point data types. The issue is triggered when visiting a maliciously crafted website. This may allow a context-dependent attacker to execute arbitrary code via a crafted HTML document.
67933 Apple iOS WebKit on iPhone / iPod Scrollbar Use-after-free Arbitrary Code Exe...
67932 Apple iOS WebKit on iPhone / iPod Menu Arbitrary Code Execution
67930 Apple iOS WebKit on iPhone / iPod Selections Use-after-free Arbitrary Code Ex...
67926 Apple iOS WebKit on iPhone / iPod Inline Element Rendering Double-free Arbitr...
67867 Google Chrome Image Read Access Restriction Same Origin Policy Bypass Remote ...
67865 Google Chrome Focus Handling Stale Pointer Memory Corruption
67863 Google Chrome Counter Node Handling Unspecified Memory Corruption
67856 Google Chrome Clipboard Copy Restriction Weakness Unspecified Issue
67466 Google Chrome Ruby Support Weakness Memory Corruption DoS
67462 Google Chrome MIME Type Processing Weakness Memory Corruption DoS
67461 Google Chrome History Feature Address Bar Unspecified Spoofing Weakness
67460 Google Chrome Text Editing Implementation Unspecified Casting Issue
67459 Google Chrome SVG Document Handling Memory Corruption DoS
67296 WebKit WebCore loader/DocumentThreadableLoader.cpp XMLHttpRequest Implementat...
67295 WebKit WebCore page/Geolocation.cpp lastPosition Function Access Restriction ...
66857 Apple Safari WebKit SVG Document Multiple Element Use-after-free Arbitrary Co...

Apple Safari WebKit contains a use-after-free flaw related to WebKit's handling of "font-face" and "use" elements in SVG documents. The issue is triggered when visiting a maliciously crafted website. This may allow a context-dependent attacker to execute arbitrary code.
66856 Apple Safari WebKit Crafted Regular Expression Arbitrary Code Execution

Apple Safari WebKit contains a memory corruption flaw related to WebKit's handling of regular expressions. The issue is triggered when visiting a maliciously crafted website. This may allow a context-dependent attacker to execute arbitrary code.
66855 Apple Safari Webkit JavaScript Array Index Integer Signedness Arbitrary Code ...

Apple Safari Webkit contains an integer signedness flaw related to WebKit's handling of JavaScript arrays. The issue is triggered when visiting a maliciously crafted website. This may allow a context-dependent attacker to execute arbitrary code.
66854 Apple Safari WebKit JIT Compiled JavaScript Stub Reentrancy Issue Arbitrary C...

Apple Safari WebKit contains a reentrancy issue related to the WebKit's handling of just-in-time compiled JavaScript stubs. The issue is triggered when visiting a maliciously crafted website. This may allow a context-dependent attacker to execute arbitrary code.
66852 Apple Safari Webkit SVG Document Use Element Arbitrary Code Execution

Apple Safari Webkit contains a memory corruption flaw related to WebKit's handling of 'use' elements in SVG documents. The issue is triggered when visiting a maliciously crafted website. This may allow a context-dependent attacker to execute arbitrary code.
66851 Apple Safari WebKit SVG Document Floating Element Arbitrary Code Execution

Apple Safari WebKit contains a memory corruption flaw related to WebKit's handling of floating elements in SVG documents. The issue is triggered when visiting a maliciously crafted website. This may allow a context-dependent attacker to execute arbitrary code.
66850 Apple Safari WebKit SVG Document foreignObject Element Use-after-free Arbitra...

Apple Safari WebKit contains a use-after-free flaw related to WebKit's handling of foreignObject elements in SVG documents. The issue is triggered when visiting a maliciously crafted website. This may allow a context-dependent attacker to execute arbitrary code.
66849 Apple Safari WebKit SVG Text Multiple Pseudo-elements Crafted Document Arbitr...

Apple Safari WebKit contains an uninitialized memory access flaw related to WebKit's handling of the :first-letter and :first-line pseudo-elements in SVG text elements. The issue is triggered when visiting a maliciously crafted website. This may allow a context-dependent attacker to execute arbitrary code.
66848 Apple Safari WebKit CSS Implementation Counters Functionality Crafted HTML Do...

Apple Safari WebKit contains a memory corruption flaw related to WebKit's handling of CSS counters. The issue is triggered when visiting a maliciously crafted website. This may allow a context-dependent attacker to execute arbitrary code via a crafted HTML document.
66847 Apple Safari WebKit Text Node Dynamic Modification Arbitrary Code Execution

Apple Safari WebKit contains a memory corruption flaw related to WebKit's handling of dynamic modifications to text nodes. The issue is triggered when visiting a maliciously crafted website. This may allow a context-dependent attacker to execute arbitrary code via a crafted HTML document.
66846 Apple Safari WebKit Inline Element Rendering Arbitrary Code Execution

Apple Safari WebKit contains a memory corruption flaw related to WebKit's rendering of inline elements. The issue is triggered when visiting a maliciously crafted website. This may allow a context-dependent attacker to execute arbitrary code.
66845 Apple Safari WebKit Element Focus Use-after-free Arbitrary Code Execution

Apple Safari WebKit contains a use-after-free flaw related to WebKit's handling of element focus. The issue is triggered when visiting a maliciously crafted website. This may allow a context-dependent attacker to execute arbitrary code.
66480 WebKit WebCore websockets/WebSocketHandshake.cpp WebSocketHandshake::readServ...
66046 Google Chrome Unicode Bidirectional Algorithm Unspecified Remote DoS
66045 Google Chrome Invalid SVG Document Memory Corruption DoS
65700 Apple iOS WebKit on iPhone / iPod history.replaceState Method IFRAME Element ...
65657 Apple iTunes WebKit on Windows Unspecified Issue (2010-1387)
65448 Google Chrome WebKit Caption Element Handling Use-after-free Arbitrary Code E...
65400 Google Chrome WebKit WebCore page/Geolocation.cpp Geolocation Event Document ...
65399 Google Chrome WebKit WebCore rendering/RenderListMarker.cpp toAlphabetic Func...
65341 Apple Safari WebKit SVG Document Nested use Element Memory Corruption
65340 Apple Safari WebKit Ordered List Insertion Handling Memory Corruption
65338 Apple Safari WebKit IBM1147 Character Set Handling Arbitrary Code Execution
65337 Apple Safari WebKit Crafted CSS-styled HTML Content Rendering Memory Corruption
65336 Apple Safari WebKit SVG Document Multiple use Element Handling Use-after-free...
65335 Apple Safari WebKit HTML Button Rendering User-after-free Arbitrary Code Exec...
65334 Apple Safari WebKit DOM Range Object Handling Use-after-free Arbitrary Code E...
65333 Apple Safari WebKit hover Event Handling Use-after-free Arbitrary Code Execution
65330 Apple Safari WebKit Font Handling Use-after-free Arbitrary Code Execution
65329 Apple Safari WebKit Frame Element src Attribute Validation XSS
65328 Apple Safari WebKit HTML Element Vertical Position Handling Use-after-free Ar...
65327 Apple Safari WebKit HTML Document Fragment Handling XSS
65326 Apple Safari WebKit Node.normalize Method Handling Use-after-free Arbitrary C...
65324 Apple Safari WebKit Caption Element Handling Use-after-free Arbitrary Code Ex...
65322 Apple Safari WebKit HTML Table Handling Arbitrary Code Execution
65321 Apple Safari WebKit Drag and Drop Operation Use-after-free Arbitrary Code Exe...
65320 Apple Safari WebKit HTTP Site Redirect Referer Header Information Disclosure
65319 Apple Safari WebKit DOM Constructor Object Handling XSS
65318 Apple Safari WebKit HTML Document Subtree Rendering Use-after-free Arbitrary ...
65317 Apple Safari WebKit removeChild DOM Method Use-after-free Arbitrary Code Exec...
65316 Apple Safari WebKit CSS first-letter Pseudo-element Handling User-after-free ...
65315 Apple Safari WebKit Selection Dragging / Pasting XSS
65314 Apple Safari WebKit execCommand Function Clipboard Content Manipulation

65313 Apple Safari WebKit TCP Port Request Handling Information Disclosure
65312 Apple Safari WebKit Container Element ContentEditable Attribute Use-after-fre...
65311 Apple Safari WebKit textarea Element HTML Handling XSS
65310 Apple Safari WebKit libxml Context Handling API Abuse Arbitrary Code Execution
65309 Apple Safari WebKit SVG Document ConditionEventListener Double-free Arbitrary...
65308 Apple Safari WebKit UTF-7 Encoded Text Unterminated Quoted String XSS
65307 Apple Safari WebKit Keyboard Focus Cross-frame Request Initialization
65306 Apple Safari WebKit Incomplete Port Blacklist Remote Information Disclosure W...
65305 Apple Safari WebKit DOCUMENT_POSITION_DISCONNECTED Attribute Handling Use-aft...
65304 Apple Safari WebKit Form Submission HTTP Redirect Remote Information Disclosure
65303 Apple Safari WebKit Crafted Canvas Cross-site Image Capture Disclosure
65302 Apple Safari WebKit SVG Document use Element Handling Arbitrary Code Execution
65301 Apple Safari WebKit Local Storage / Web SQL Database Traversal Arbitrary File...
65299 Apple Safari WebKit CSS visited Pseudo-class Handling Browsing History Disclo...
65298 Apple Safari WebKit CSS HREF Attribute Handling Information Disclosure
64258 Google Chrome Unspecified Font Handling Memory Corruption
64257 Google Chrome HTML5 Media Handling Memory Corruption
64002 Google Chrome WebKit WebCore loader/DocumentThreadableLoader.cpp XMLHttpReque...
62949 Apple Safari WebKit HTML IMG Element Use-after-free Arbitrary Code Execution

Safari contains an use-after-free flaw that may allow an attacker to execute arbitrary code or a denial of service (application crash). The issue is triggered when a user accesses a web page with specially crafted HTML IMG elements.
62948 Apple Safari WebKit CSS Display Property WebCore::RenderBlock() Method Use-af...
62947 Apple Safari WebKit HTML Element Callback Use-after-free Arbitrary Code Execu...

Safari contains a use-after-free flaw that may allow an attacker to execute arbitrary code or a denial of service (application crash). The issue is triggered when a user accesses a web page containing specially crafted HTML elements.
62944 Apple Safari WebKit CSS Stylesheet Cross-origin Information Disclosure
62943 Apple Safari WebKit Blink Event Embedded Event Handling Use-after-free Arbitr...
62942 Apple Safari WebKit HTML Element RTL Text Directionality Use-after-free Arbit...
62941 Apple Safari WebKit Crafted XML Document Handling Use-after-free Arbitrary Co...
62940 Apple Safari WebKit HTML Object Element Fallback Content Use-after-free Arbit...
62939 Apple Safari WebKit CSS Implementation Crafted Format Argument Arbitrary Code...
62317 Google Chrome ruby Tag Handling Arbitrary Code Execution
62308 Google Chrome WebKit Directory Listing XMLHttpRequests Information Disclosure
62307 Google Chrome WebKit CSS Stylesheet Cross-origin Information Disclosure
62306 Google Chrome WebKit Mouse-click Event Pop-up Blocker Restriction Bypass
61793 Apple Safari document.styleSheets[0].href Property URL Redirect Target Disclo...
59941 Apple Safari WebKit HTML 5 Audio / Video Media Element Loading Weakness
57891 Apple iPhone / iPod Touch WebKit Referer Header Information Disclosure

Snort® IPS/IDS

Date Description
2018-03-27 Apple Safari Webkit button first-letter style rendering code execution attempt
RuleID : 45735 - Revision : 1 - Type : BROWSER-WEBKIT
2018-03-27 Apple Safari Webkit button first-letter style rendering code execution attempt
RuleID : 45734 - Revision : 1 - Type : BROWSER-WEBKIT
2018-03-27 Apple Safari Webkit button first-letter style rendering code execution attempt
RuleID : 45733 - Revision : 1 - Type : BROWSER-WEBKIT
2018-03-27 Apple Safari Webkit button first-letter style rendering code execution attempt
RuleID : 45732 - Revision : 1 - Type : BROWSER-WEBKIT
2014-01-10 Apple Safari CSS font format corruption attempt
RuleID : 19099 - Revision : 11 - Type : BROWSER-WEBKIT
2014-01-10 Apple Safari Webkit ContentEditable code exeuction attempt
RuleID : 19098 - Revision : 10 - Type : BROWSER-WEBKIT
2014-01-10 Apple Safari Webkit ContentEditable code execution attempt
RuleID : 19097 - Revision : 11 - Type : BROWSER-WEBKIT
2014-01-10 Apple Safari Webkit CSS Charset Text transformation code execution attempt
RuleID : 19096 - Revision : 10 - Type : BROWSER-WEBKIT
2014-01-10 Apple Safari Webkit CSS Charset Text transformation code execution attempt
RuleID : 19095 - Revision : 10 - Type : BROWSER-WEBKIT
2014-01-10 Apple Safari WebKit menu onchange memory corruption attempt
RuleID : 19010 - Revision : 10 - Type : BROWSER-WEBKIT
2014-01-10 Apple Safari WebKit menu onchange memory corruption attempt
RuleID : 19009 - Revision : 8 - Type : BROWSER-WEBKIT
2014-01-10 Apple Safari Webkit floating point conversion memory corruption attempt
RuleID : 19008 - Revision : 10 - Type : BROWSER-WEBKIT
2014-01-10 Apple Safari Webkit removeAllRanges use-after-free attempt
RuleID : 18995 - Revision : 8 - Type : BROWSER-WEBKIT
2014-01-10 Apple Safari Webkit button first-letter style rendering code execution attempt
RuleID : 18973 - Revision : 9 - Type : BROWSER-WEBKIT
2014-01-10 Apple Safari WebKit Rendering Counter Code Execution
RuleID : 18903 - Revision : 10 - Type : BROWSER-WEBKIT
2014-01-10 Apple Safari image use after reparent attempt
RuleID : 16632 - Revision : 13 - Type : BROWSER-WEBKIT
2014-01-10 Apple Safari image use after remove attempt
RuleID : 16631 - Revision : 12 - Type : BROWSER-WEBKIT
2014-01-10 Apple Safari inline text box use after free attempt
RuleID : 16492 - Revision : 12 - Type : BROWSER-WEBKIT

Nessus® Vulnerability Scanner

Date Description
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-09.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libwebkit-110104.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libwebkit-100920.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libwebkit-100723.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0177.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110125_webkitgtk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-03-27 Name : The remote Fedora host is missing a security update.
File : fedora_2012-3483.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote Fedora host is missing a security update.
File : fedora_2011-16151.nasl - Type : ACT_GATHER_INFO
2011-08-24 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1195-1.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libwebkit-110111.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2188.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-039.nasl - Type : ACT_GATHER_INFO
2011-02-18 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1224.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_35ecdcbe350111e0afcd0015f2db7bde.nasl - Type : ACT_GATHER_INFO
2011-01-26 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_c8c927e5289111e08f2600151735203a.nasl - Type : ACT_GATHER_INFO
2011-01-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0177.nasl - Type : ACT_GATHER_INFO
2011-01-10 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0121.nasl - Type : ACT_GATHER_INFO
2011-01-03 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_06a12e26142e11e0bea20015f2db7bde.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : safari_5_0_3.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : macosx_Safari5_0_3.nasl - Type : ACT_GATHER_INFO
2010-11-04 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_7_0_517_44.nasl - Type : ACT_GATHER_INFO
2010-10-21 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_e5090d2adbbe11df82f80015f2db7bde.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1006-1.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15982.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_7_0_517_41.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15957.nasl - Type : ACT_GATHER_INFO
2010-09-21 Name : The remote Fedora host is missing a security update.
File : fedora_2010-14419.nasl - Type : ACT_GATHER_INFO
2010-09-16 Name : The remote Fedora host is missing a security update.
File : fedora_2010-14409.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_9bcfd7b6bcda11df9a6a0015f2db7bde.nasl - Type : ACT_GATHER_INFO
2010-09-08 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : safari_5_0_2.nasl - Type : ACT_GATHER_INFO
2010-09-08 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : macosx_Safari5_0_2.nasl - Type : ACT_GATHER_INFO
2010-09-02 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_6_0_472_53.nasl - Type : ACT_GATHER_INFO
2010-09-02 Name : The remote host contains an application that has multiple vulnerabilities.
File : itunes_10_0.nasl - Type : ACT_GATHER_INFO
2010-09-02 Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_10_0_banner.nasl - Type : ACT_GATHER_INFO
2010-08-20 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_5_0_375_127.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : macosx_Safari5_0_1.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : safari_5_0_1.nasl - Type : ACT_GATHER_INFO
2010-07-19 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_19419b3b92bd11dfb1400015f2db7bde.nasl - Type : ACT_GATHER_INFO
2010-07-14 Name : The remote Fedora host is missing a security update.
File : fedora_2010-11011.nasl - Type : ACT_GATHER_INFO
2010-07-14 Name : The remote Fedora host is missing a security update.
File : fedora_2010-11020.nasl - Type : ACT_GATHER_INFO
2010-07-05 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_5_0_375_99.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-4518.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-4521.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-4524.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8360.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8423.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8379.nasl - Type : ACT_GATHER_INFO
2010-06-17 Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_9_2_banner.nasl - Type : ACT_GATHER_INFO
2010-06-17 Name : The remote host contains an application that is affected by multiple vulnerab...
File : itunes_9_2.nasl - Type : ACT_GATHER_INFO
2010-06-09 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_5_0_375_70.nasl - Type : ACT_GATHER_INFO
2010-06-08 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : safari_5_0.nasl - Type : ACT_GATHER_INFO
2010-06-08 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : macosx_Safari5_0.nasl - Type : ACT_GATHER_INFO
2010-04-28 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_4_1_249_1064.nasl - Type : ACT_GATHER_INFO
2010-04-23 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_4_1_249_1059.nasl - Type : ACT_GATHER_INFO
2010-03-11 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : safari_4_0_5.nasl - Type : ACT_GATHER_INFO
2010-03-11 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : macosx_Safari4_0_5.nasl - Type : ACT_GATHER_INFO
2010-02-11 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_4_0_249_89.nasl - Type : ACT_GATHER_INFO
2010-01-26 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_4_0_249_78.nasl - Type : ACT_GATHER_INFO
2009-11-12 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : macosx_Safari4_0_4.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:42:06
  • Multiple Updates