123 matches found
SuSE 11.1 Security Update : kdelibs4 (SAT Patch Number 4407)
This update fixes a cross-site scripting XSS vulnerability in the way KHTML handles error pages. CVE-2011-1168 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C...
openSUSE Security Update : kdelibs4 (openSUSE-SU-2011:0480-1)
A XSS vulnerability in the way KHTML handles error pages has been fixed. CVE-2011-1168 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update kdelibs4-4406. The text...
openSUSE Security Update : kdelibs4 (openSUSE-SU-2010:1036-1)
An invalid character reference causing a buffer overflow in khtml has been fixed in the kdelibs package. CVE-2009-1725 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
openSUSE Security Update : kdelibs3 (openSUSE-SU-2010:1034-1)
The following vulnerabilities in kdelibs3's khtml subsystem have been fixed: CVE-2009-1690,CVE-2009-1687 and CVE-2009-1698. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update kdelibs3-3472. The...
Moderate: Red Hat Security Advisory: kdelibs security update
Updated kdelibs packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
KDE KHTML crossite scripting
Crossite scripting via error pages...
USN-1110-1: KDE-Libs vulnerabilities
It was discovered that KDE KSSL did not properly verify X.509 certificates when the certificate was issued for an IP address. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. CVE-2011-1094 Tim Brown discovere...
Apple Safari OfficeArtBlip解析远程代码执行漏洞
CVE ID: CVE-2011-1417 Safari是苹果计算机的最新作业系统Mac OS X中的浏览器,使用了KDE的KHTML作为浏览器的运算核心。 Apple Safari在实现上存在OfficeArtBlip解析远程代码执行漏洞,远程攻击者可利用此漏洞在受影响应用程序中执行任意代码。 此漏洞源于对Office文件解析的支持。在处理OfficeArtMetafileHeader时,进程信任cbSize字段并在分配前对其执行运算工作。由于没有检查结果的溢出性,后续分配会不足。在复制到此缓冲区时,内存可被破坏导致以当前用户权限执行任意代码。 Apple Safari 厂商补丁:...
SuSE 10 Security Update : kdelibs (ZYPP Patch Number 7217)
An invalid character reference causing a buffer overflow in khtml has been fixed in the kdelibs package. CVE-2009-1725 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0;...
CVE-2010-1772
Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted web site, related to failure to stop timers associate...
CVE-2010-3415
Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...
CVE-2010-3253
The implementation of notification permissions in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...
CVE-2010-3246
Google Chrome before 6.0.472.53 does not properly handle the blank value for the target attribute of unspecified elements, which allows remote attackers to bypass the pop-up blocker via unknown vectors...
CVE-2010-3252
Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...
CVE-2010-3254
The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...
CVE-2010-1786
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service application crash via a foreignObject elemen...
CVE-2010-1782
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to the rendering...
CVE-2010-1780
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to...
CVE-2010-1792
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression...
CVE-2010-2902
The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...