CVE-2010-0050

CVE-2010-0050 is a use-after-free in WebKit used by Apple Safari prior to 4.0.5 that can allow remote code execution or a denial of service via an HTML document with improperly nested tags. Public references in the connected data show upstream(Safari/WebKit) vulnerability context and vendor secur...

CVE-2010-0050

Removed by vendor...

CVE-2010-0045

Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document...

CVE-2010-0656

WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted...

CVE-2010-0656

WebKit before r51295 (as used in Google Chrome before 4.0.249.78) may respond to a local file:// XMLHttpRequest targeting a directory with a directory listing, potentially exposing sensitive information or causing other impact via a crafted local HTML document. The mitigation is to update to the ...

Symantec Norton AntiVirus Stack Exhaustion

Norton AntiVirus is a virus protection solution produced by Symantec corporation. When installed on a system, it installs a number of dynamic libraries and registers several ActiveX controls. A vulnerability has been reported in several Symantec products. One of the dynamic link libraries install...

[SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1988-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano February 02, 2010 http://www.debian.org/security/faq -...

Mandriva Update for kdelibs4 MDVSA-2010:027 (kdelibs4)

Check for the Version of kdelibs4 OpenVAS Vulnerability Test Mandriva Update for kdelibs4 MDVSA-2010:027 kdelibs4 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Mandriva Security Advisory MDVSA-2009:330 (kdelibs)

The remote host is missing an update to kdelibs announced via advisory MDVSA-2009:330. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...

Update Protection against Oracle Document Capture EasyMail IMAP4 LicenseKey Buffer Overflow

A buffer overflow vulnerability exists in Oracle Document Capture which is integrated with Oracle Imaging and Process Management and Oracle Universal Content Management products. The vulnerability is due to a boundary error while parsing the LicenseKey property within the EasyMail IMAP4 ActiveX...

Design/Logic Flaw

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attacke...

CVE-2009-2841

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attacke...

CVE-2009-2841

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attacke...

CVE-2009-2841

Removed by vendor...

CVE-2009-2529

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."...

Design/Logic Flaw

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."...

CVE-2009-2529

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."...

FlexCell Grid FlexCell.Grid ActiveX Control Multiple Method Arbitrary File Overwrite

The remote host contains the FlexCell.Grid ActiveX control, a component of the FlexCell grid control software. The version of the control installed on the remote host reportedly fails to validate input to the 'File' argument of the 'SaveFile' and 'ExportToXML' methods before writing to the...

Altiris Altiris.AeXNSPkgDL.1 ActiveX Control DownloadAndInstall() Method Arbitrary Code Execution

The Altiris.AeXNSPkgDL.1 ActiveX control, a component of Altiris Deployment Solution, Altiris Notification Server, and Symantec Management Platform, is installed on the remote Windows host. The installed version of this control provides an unsafe method, named 'DownloadAndInstall'. If an attacker...

Design/Logic Flaw

Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns aka TreeColumns of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."...