cvelistv5 - cve-2010-1823

CVE-2010-1823 (GCVE-0-2010-1823)

Vulnerability from cvelistv5 – Published: 2010-09-24 18:00 – Updated: 2024-08-07 01:35

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://secunia.com/advisories/43068	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://support.apple.com/kb/HT4981	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/0212	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/Security-announce…	vendor-advisoryx_refsource_APPLE
	https://bugs.webkit.org/show_bug.cgi?id=44533	x_refsource_CONFIRM
	http://googlechromereleases.blogspot.com/2010/09/…	x_refsource_CONFIRM
	https://bugs.webkit.org/show_bug.cgi?id=43055	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://support.apple.com/kb/HT4808	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://code.google.com/p/chromium/issues/detail?i…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:35:53.660Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "name": "oval:org.mitre.oval:def:7405",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4981"
          },
          {
            "name": "ADV-2011-0212",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "name": "APPLE-SA-2011-10-11-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.webkit.org/show_bug.cgi?id=44533"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.webkit.org/show_bug.cgi?id=43055"
          },
          {
            "name": "SUSE-SR:2011:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4808"
          },
          {
            "name": "APPLE-SA-2011-07-20-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://code.google.com/p/chromium/issues/detail?id=50250"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "43068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43068"
        },
        {
          "name": "oval:org.mitre.oval:def:7405",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4981"
        },
        {
          "name": "ADV-2011-0212",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0212"
        },
        {
          "name": "APPLE-SA-2011-10-11-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.webkit.org/show_bug.cgi?id=44533"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.webkit.org/show_bug.cgi?id=43055"
        },
        {
          "name": "SUSE-SR:2011:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4808"
        },
        {
          "name": "APPLE-SA-2011-07-20-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://code.google.com/p/chromium/issues/detail?id=50250"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-1823",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "oval:org.mitre.oval:def:7405",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405"
            },
            {
              "name": "http://support.apple.com/kb/HT4981",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4981"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "name": "APPLE-SA-2011-10-11-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
            },
            {
              "name": "https://bugs.webkit.org/show_bug.cgi?id=44533",
              "refsource": "CONFIRM",
              "url": "https://bugs.webkit.org/show_bug.cgi?id=44533"
            },
            {
              "name": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html",
              "refsource": "CONFIRM",
              "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
            },
            {
              "name": "https://bugs.webkit.org/show_bug.cgi?id=43055",
              "refsource": "CONFIRM",
              "url": "https://bugs.webkit.org/show_bug.cgi?id=43055"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4808",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4808"
            },
            {
              "name": "APPLE-SA-2011-07-20-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
            },
            {
              "name": "http://code.google.com/p/chromium/issues/detail?id=50250",
              "refsource": "CONFIRM",
              "url": "http://code.google.com/p/chromium/issues/detail?id=50250"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2010-1823",
    "datePublished": "2010-09-24T18:00:00",
    "dateReserved": "2010-05-06T00:00:00",
    "dateUpdated": "2024-08-07T01:35:53.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.0.472.59\", \"matchCriteriaId\": \"083D2BC1-C013-4B03-B295-F8131B5AB162\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.5\", \"matchCriteriaId\": \"FFDEF0C6-55A8-4240-AFFC-D3FC70F82F1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.0.6\", \"matchCriteriaId\": \"BA42DFF0-41FC-4ADA-8F10-F18B32BA66C0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de usar despu\\u00e9s de liberar en WebKit en versiones anteriores a la vr65958, como se utiliza en Google Chrome en versiones anteriores a la v6.0.472.59, permite a atacantes remotos provocar una denegaci\\u00f3n de servicio y posiblemente provocar otros da\\u00f1os a trav\\u00e9s de vectores de ataque que provocan el uso de las APIs document tal como document.close durante el parseo, como se ha demostrado por un fichero de hojas de estilo en cascada (CSS) referenciando un \\\"font\\\" SVG, tambi\\u00e9n conocido como problema rdar 8442098.\"}]",
      "id": "CVE-2010-1823",
      "lastModified": "2024-11-21T01:15:16.217",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-09-24T19:00:04.357",
      "references": "[{\"url\": \"http://code.google.com/p/chromium/issues/detail?id=50250\", \"source\": \"product-security@apple.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/43068\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT4808\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT4981\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0212\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.webkit.org/show_bug.cgi?id=43055\", \"source\": \"product-security@apple.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://bugs.webkit.org/show_bug.cgi?id=44533\", \"source\": \"product-security@apple.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://code.google.com/p/chromium/issues/detail?id=50250\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/43068\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT4808\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT4981\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0212\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.webkit.org/show_bug.cgi?id=43055\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://bugs.webkit.org/show_bug.cgi?id=44533\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-1823\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2010-09-24T19:00:04.357\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de usar despu\u00e9s de liberar en WebKit en versiones anteriores a la vr65958, como se utiliza en Google Chrome en versiones anteriores a la v6.0.472.59, permite a atacantes remotos provocar una denegaci\u00f3n de servicio y posiblemente provocar otros da\u00f1os a trav\u00e9s de vectores de ataque que provocan el uso de las APIs document tal como document.close durante el parseo, como se ha demostrado por un fichero de hojas de estilo en cascada (CSS) referenciando un \\\"font\\\" SVG, tambi\u00e9n conocido como problema rdar 8442098.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.472.59\",\"matchCriteriaId\":\"083D2BC1-C013-4B03-B295-F8131B5AB162\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.5\",\"matchCriteriaId\":\"FFDEF0C6-55A8-4240-AFFC-D3FC70F82F1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0.6\",\"matchCriteriaId\":\"BA42DFF0-41FC-4ADA-8F10-F18B32BA66C0\"}]}]}],\"references\":[{\"url\":\"http://code.google.com/p/chromium/issues/detail?id=50250\",\"source\":\"product-security@apple.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4808\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4981\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.webkit.org/show_bug.cgi?id=43055\",\"source\":\"product-security@apple.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://bugs.webkit.org/show_bug.cgi?id=44533\",\"source\":\"product-security@apple.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://code.google.com/p/chromium/issues/detail?id=50250\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4808\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4981\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.webkit.org/show_bug.cgi?id=43055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://bugs.webkit.org/show_bug.cgi?id=44533\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

GSD-2010-1823

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-1823

Aliases

CVE-2010-1823

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-1823",
    "description": "Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.",
    "id": "GSD-2010-1823",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-1823.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-1823"
      ],
      "details": "Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.",
      "id": "GSD-2010-1823",
      "modified": "2023-12-13T01:21:32.181311Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2010-1823",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "43068",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "name": "oval:org.mitre.oval:def:7405",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405"
          },
          {
            "name": "http://support.apple.com/kb/HT4981",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4981"
          },
          {
            "name": "ADV-2011-0212",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "name": "APPLE-SA-2011-10-11-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
          },
          {
            "name": "https://bugs.webkit.org/show_bug.cgi?id=44533",
            "refsource": "CONFIRM",
            "url": "https://bugs.webkit.org/show_bug.cgi?id=44533"
          },
          {
            "name": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html",
            "refsource": "CONFIRM",
            "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
          },
          {
            "name": "https://bugs.webkit.org/show_bug.cgi?id=43055",
            "refsource": "CONFIRM",
            "url": "https://bugs.webkit.org/show_bug.cgi?id=43055"
          },
          {
            "name": "SUSE-SR:2011:002",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "name": "http://support.apple.com/kb/HT4808",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4808"
          },
          {
            "name": "APPLE-SA-2011-07-20-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
          },
          {
            "name": "http://code.google.com/p/chromium/issues/detail?id=50250",
            "refsource": "CONFIRM",
            "url": "http://code.google.com/p/chromium/issues/detail?id=50250"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.472.59",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-1823"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
            },
            {
              "name": "https://bugs.webkit.org/show_bug.cgi?id=44533",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugs.webkit.org/show_bug.cgi?id=44533"
            },
            {
              "name": "https://bugs.webkit.org/show_bug.cgi?id=43055",
              "refsource": "CONFIRM",
              "tags": [
                "Permissions Required"
              ],
              "url": "https://bugs.webkit.org/show_bug.cgi?id=43055"
            },
            {
              "name": "http://code.google.com/p/chromium/issues/detail?id=50250",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://code.google.com/p/chromium/issues/detail?id=50250"
            },
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "name": "http://support.apple.com/kb/HT4808",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.apple.com/kb/HT4808"
            },
            {
              "name": "APPLE-SA-2011-07-20-1",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4981",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.apple.com/kb/HT4981"
            },
            {
              "name": "APPLE-SA-2011-10-11-1",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
            },
            {
              "name": "oval:org.mitre.oval:def:7405",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2020-07-31T19:20Z",
      "publishedDate": "2010-09-24T19:00Z"
    }
  }
}

CERTA-2011-AVI-403

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été identifiées dans Safari. Ces vulnérabilités peuvent notamment être utilisées par une personne malveillante distante afin d'exécuter du code arbitraire.

Description

De multiples vulnérabilités ont été corrigées dans Safari. Ces vulnérabilités affectent entre autres les composants CFNetwork, ColorSync, ImageIO, libxslt et WebKit. Elles peuvent être exploitées par une personne malveillante distante pour faire exécuter du code arbitraire, contourner la politique de sécurité ou porter atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Safari 5.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4808 du 20 juillet 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSafari 5.x.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Safari. Ces\nvuln\u00e9rabilit\u00e9s affectent entre autres les composants CFNetwork,\nColorSync, ImageIO, libxslt et WebKit. Elles peuvent \u00eatre exploit\u00e9es par\nune personne malveillante distante pour faire ex\u00e9cuter du code\narbitraire, contourner la politique de s\u00e9curit\u00e9 ou porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1204"
    },
    {
      "name": "CVE-2011-1117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1117"
    },
    {
      "name": "CVE-2011-0195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0195"
    },
    {
      "name": "CVE-2011-0237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0237"
    },
    {
      "name": "CVE-2011-0983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0983"
    },
    {
      "name": "CVE-2011-0200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0200"
    },
    {
      "name": "CVE-2010-1823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1823"
    },
    {
      "name": "CVE-2011-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
    },
    {
      "name": "CVE-2011-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1774"
    },
    {
      "name": "CVE-2011-0240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0240"
    },
    {
      "name": "CVE-2011-0255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0255"
    },
    {
      "name": "CVE-2011-1190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1190"
    },
    {
      "name": "CVE-2011-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1188"
    },
    {
      "name": "CVE-2011-0253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0253"
    },
    {
      "name": "CVE-2011-0233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0233"
    },
    {
      "name": "CVE-2010-1383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1383"
    },
    {
      "name": "CVE-2011-1115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1115"
    },
    {
      "name": "CVE-2011-0244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0244"
    },
    {
      "name": "CVE-2011-1296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1296"
    },
    {
      "name": "CVE-2011-0202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0202"
    },
    {
      "name": "CVE-2011-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0164"
    },
    {
      "name": "CVE-2011-0981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0981"
    },
    {
      "name": "CVE-2011-0254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0254"
    },
    {
      "name": "CVE-2011-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0238"
    },
    {
      "name": "CVE-2011-1295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1295"
    },
    {
      "name": "CVE-2011-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0222"
    },
    {
      "name": "CVE-2011-1121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1121"
    },
    {
      "name": "CVE-2011-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0217"
    },
    {
      "name": "CVE-2011-0219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0219"
    },
    {
      "name": "CVE-2011-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0215"
    },
    {
      "name": "CVE-2011-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1797"
    },
    {
      "name": "CVE-2011-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0206"
    },
    {
      "name": "CVE-2011-1451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1451"
    },
    {
      "name": "CVE-2010-3829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3829"
    },
    {
      "name": "CVE-2011-0232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0232"
    },
    {
      "name": "CVE-2011-0214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0214"
    },
    {
      "name": "CVE-2011-1288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1288"
    },
    {
      "name": "CVE-2011-0241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0241"
    },
    {
      "name": "CVE-2011-1203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1203"
    },
    {
      "name": "CVE-2010-1420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1420"
    },
    {
      "name": "CVE-2011-0242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0242"
    },
    {
      "name": "CVE-2011-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0204"
    },
    {
      "name": "CVE-2011-1293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1293"
    },
    {
      "name": "CVE-2011-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0234"
    },
    {
      "name": "CVE-2011-1449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1449"
    },
    {
      "name": "CVE-2011-0201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0201"
    },
    {
      "name": "CVE-2011-1457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1457"
    },
    {
      "name": "CVE-2011-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0235"
    },
    {
      "name": "CVE-2011-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0225"
    },
    {
      "name": "CVE-2011-1114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1114"
    },
    {
      "name": "CVE-2011-1109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1109"
    },
    {
      "name": "CVE-2011-0221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0221"
    },
    {
      "name": "CVE-2011-0223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0223"
    },
    {
      "name": "CVE-2011-1462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1462"
    },
    {
      "name": "CVE-2011-1453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1453"
    },
    {
      "name": "CVE-2011-0218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0218"
    },
    {
      "name": "CVE-2011-1107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1107"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-403",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-07-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Safari. Ces\nvuln\u00e9rabilit\u00e9s peuvent notamment \u00eatre utilis\u00e9es par une personne\nmalveillante distante afin d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4808 du 20 juillet 2011",
      "url": "http://support.apple.com/kb/HT4808"
    }
  ]
}

CERTA-2011-AVI-569

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités ont été corrigées dans la version 10.5 d'iTunes pour plateforme Microsoft Windows. La plupart d'entre elles permettent l'exécution de code arbitraire à distance.

Description

Une nouvelle version d'iTunes, disponible pour les plateformes Microsoft Windows, corrige un grand nombre de vulnérabilités affectant plusieurs de ses modules internes, comme ImageIO ou WebKit.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iTunes pour Microsoft Windows, versions inférieures à 10.5.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4981 du 11 Octobre 2011	None	vendor-advisory
Bulletin de sécurité Apple HT4981 du 11 octobre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eApple iTunes pour Microsoft Windows,  versions inf\u00e9rieures \u00e0 10.5.\u003c/p\u003e",
  "content": "## Description\n\nUne nouvelle version d\u0027iTunes, disponible pour les plateformes Microsoft\nWindows, corrige un grand nombre de vuln\u00e9rabilit\u00e9s affectant plusieurs\nde ses modules internes, comme ImageIO ou WebKit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1204"
    },
    {
      "name": "CVE-2011-1117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1117"
    },
    {
      "name": "CVE-2011-0237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0237"
    },
    {
      "name": "CVE-2011-2811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2811"
    },
    {
      "name": "CVE-2011-0983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0983"
    },
    {
      "name": "CVE-2011-3238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3238"
    },
    {
      "name": "CVE-2011-0259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0259"
    },
    {
      "name": "CVE-2011-0200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0200"
    },
    {
      "name": "CVE-2011-2814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2814"
    },
    {
      "name": "CVE-2011-2815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2815"
    },
    {
      "name": "CVE-2011-2823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2823"
    },
    {
      "name": "CVE-2010-1823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1823"
    },
    {
      "name": "CVE-2011-2813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2813"
    },
    {
      "name": "CVE-2011-2359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2359"
    },
    {
      "name": "CVE-2011-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3219"
    },
    {
      "name": "CVE-2011-2788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2788"
    },
    {
      "name": "CVE-2011-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1774"
    },
    {
      "name": "CVE-2011-2799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2799"
    },
    {
      "name": "CVE-2011-0240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0240"
    },
    {
      "name": "CVE-2011-2341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2341"
    },
    {
      "name": "CVE-2011-0255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0255"
    },
    {
      "name": "CVE-2011-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1188"
    },
    {
      "name": "CVE-2011-0253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0253"
    },
    {
      "name": "CVE-2011-0233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0233"
    },
    {
      "name": "CVE-2011-3233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3233"
    },
    {
      "name": "CVE-2011-1115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1115"
    },
    {
      "name": "CVE-2011-1296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1296"
    },
    {
      "name": "CVE-2011-2351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2351"
    },
    {
      "name": "CVE-2011-2827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2827"
    },
    {
      "name": "CVE-2011-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0164"
    },
    {
      "name": "CVE-2011-0981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0981"
    },
    {
      "name": "CVE-2011-0254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0254"
    },
    {
      "name": "CVE-2011-2831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2831"
    },
    {
      "name": "CVE-2011-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0238"
    },
    {
      "name": "CVE-2011-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0222"
    },
    {
      "name": "CVE-2011-1121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1121"
    },
    {
      "name": "CVE-2011-3241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3241"
    },
    {
      "name": "CVE-2011-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0215"
    },
    {
      "name": "CVE-2011-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1797"
    },
    {
      "name": "CVE-2011-2817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2817"
    },
    {
      "name": "CVE-2011-1451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1451"
    },
    {
      "name": "CVE-2011-2790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2790"
    },
    {
      "name": "CVE-2011-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3235"
    },
    {
      "name": "CVE-2011-3237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3237"
    },
    {
      "name": "CVE-2011-0232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0232"
    },
    {
      "name": "CVE-2011-2356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2356"
    },
    {
      "name": "CVE-2011-2797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2797"
    },
    {
      "name": "CVE-2011-2339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2339"
    },
    {
      "name": "CVE-2011-1288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1288"
    },
    {
      "name": "CVE-2011-1203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1203"
    },
    {
      "name": "CVE-2011-2809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2809"
    },
    {
      "name": "CVE-2011-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0204"
    },
    {
      "name": "CVE-2011-1293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1293"
    },
    {
      "name": "CVE-2011-3234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3234"
    },
    {
      "name": "CVE-2011-2338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2338"
    },
    {
      "name": "CVE-2011-2792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2792"
    },
    {
      "name": "CVE-2011-3252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3252"
    },
    {
      "name": "CVE-2011-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0234"
    },
    {
      "name": "CVE-2011-1449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1449"
    },
    {
      "name": "CVE-2011-2818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2818"
    },
    {
      "name": "CVE-2011-1457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1457"
    },
    {
      "name": "CVE-2011-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0235"
    },
    {
      "name": "CVE-2011-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0225"
    },
    {
      "name": "CVE-2011-3236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3236"
    },
    {
      "name": "CVE-2011-1114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1114"
    },
    {
      "name": "CVE-2011-2820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2820"
    },
    {
      "name": "CVE-2011-1109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1109"
    },
    {
      "name": "CVE-2011-0221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0221"
    },
    {
      "name": "CVE-2011-2354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2354"
    },
    {
      "name": "CVE-2011-3239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3239"
    },
    {
      "name": "CVE-2011-2816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2816"
    },
    {
      "name": "CVE-2011-2352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2352"
    },
    {
      "name": "CVE-2011-0223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0223"
    },
    {
      "name": "CVE-2011-1462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1462"
    },
    {
      "name": "CVE-2011-1453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1453"
    },
    {
      "name": "CVE-2011-0218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0218"
    },
    {
      "name": "CVE-2011-3244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3244"
    },
    {
      "name": "CVE-2011-1440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1440"
    },
    {
      "name": "CVE-2011-3232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3232"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4981 du 11 octobre 2011 :",
      "url": "https://support.apple.com/kb/HT4981"
    }
  ],
  "reference": "CERTA-2011-AVI-569",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-10-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans la version 10.5\nd\u0027iTunes pour plateforme Microsoft Windows. La plupart d\u0027entre elles\npermettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iTunes",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4981 du 11 Octobre 2011",
      "url": null
    }
  ]
}

CERTA-2011-AVI-403

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été identifiées dans Safari. Ces vulnérabilités peuvent notamment être utilisées par une personne malveillante distante afin d'exécuter du code arbitraire.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Safari 5.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4808 du 20 juillet 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSafari 5.x.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Safari. Ces\nvuln\u00e9rabilit\u00e9s affectent entre autres les composants CFNetwork,\nColorSync, ImageIO, libxslt et WebKit. Elles peuvent \u00eatre exploit\u00e9es par\nune personne malveillante distante pour faire ex\u00e9cuter du code\narbitraire, contourner la politique de s\u00e9curit\u00e9 ou porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1204"
    },
    {
      "name": "CVE-2011-1117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1117"
    },
    {
      "name": "CVE-2011-0195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0195"
    },
    {
      "name": "CVE-2011-0237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0237"
    },
    {
      "name": "CVE-2011-0983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0983"
    },
    {
      "name": "CVE-2011-0200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0200"
    },
    {
      "name": "CVE-2010-1823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1823"
    },
    {
      "name": "CVE-2011-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
    },
    {
      "name": "CVE-2011-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1774"
    },
    {
      "name": "CVE-2011-0240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0240"
    },
    {
      "name": "CVE-2011-0255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0255"
    },
    {
      "name": "CVE-2011-1190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1190"
    },
    {
      "name": "CVE-2011-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1188"
    },
    {
      "name": "CVE-2011-0253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0253"
    },
    {
      "name": "CVE-2011-0233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0233"
    },
    {
      "name": "CVE-2010-1383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1383"
    },
    {
      "name": "CVE-2011-1115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1115"
    },
    {
      "name": "CVE-2011-0244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0244"
    },
    {
      "name": "CVE-2011-1296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1296"
    },
    {
      "name": "CVE-2011-0202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0202"
    },
    {
      "name": "CVE-2011-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0164"
    },
    {
      "name": "CVE-2011-0981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0981"
    },
    {
      "name": "CVE-2011-0254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0254"
    },
    {
      "name": "CVE-2011-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0238"
    },
    {
      "name": "CVE-2011-1295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1295"
    },
    {
      "name": "CVE-2011-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0222"
    },
    {
      "name": "CVE-2011-1121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1121"
    },
    {
      "name": "CVE-2011-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0217"
    },
    {
      "name": "CVE-2011-0219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0219"
    },
    {
      "name": "CVE-2011-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0215"
    },
    {
      "name": "CVE-2011-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1797"
    },
    {
      "name": "CVE-2011-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0206"
    },
    {
      "name": "CVE-2011-1451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1451"
    },
    {
      "name": "CVE-2010-3829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3829"
    },
    {
      "name": "CVE-2011-0232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0232"
    },
    {
      "name": "CVE-2011-0214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0214"
    },
    {
      "name": "CVE-2011-1288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1288"
    },
    {
      "name": "CVE-2011-0241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0241"
    },
    {
      "name": "CVE-2011-1203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1203"
    },
    {
      "name": "CVE-2010-1420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1420"
    },
    {
      "name": "CVE-2011-0242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0242"
    },
    {
      "name": "CVE-2011-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0204"
    },
    {
      "name": "CVE-2011-1293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1293"
    },
    {
      "name": "CVE-2011-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0234"
    },
    {
      "name": "CVE-2011-1449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1449"
    },
    {
      "name": "CVE-2011-0201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0201"
    },
    {
      "name": "CVE-2011-1457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1457"
    },
    {
      "name": "CVE-2011-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0235"
    },
    {
      "name": "CVE-2011-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0225"
    },
    {
      "name": "CVE-2011-1114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1114"
    },
    {
      "name": "CVE-2011-1109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1109"
    },
    {
      "name": "CVE-2011-0221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0221"
    },
    {
      "name": "CVE-2011-0223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0223"
    },
    {
      "name": "CVE-2011-1462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1462"
    },
    {
      "name": "CVE-2011-1453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1453"
    },
    {
      "name": "CVE-2011-0218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0218"
    },
    {
      "name": "CVE-2011-1107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1107"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-403",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-07-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Safari. Ces\nvuln\u00e9rabilit\u00e9s peuvent notamment \u00eatre utilis\u00e9es par une personne\nmalveillante distante afin d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4808 du 20 juillet 2011",
      "url": "http://support.apple.com/kb/HT4808"
    }
  ]
}

CERTA-2011-AVI-569

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités ont été corrigées dans la version 10.5 d'iTunes pour plateforme Microsoft Windows. La plupart d'entre elles permettent l'exécution de code arbitraire à distance.

Description

Une nouvelle version d'iTunes, disponible pour les plateformes Microsoft Windows, corrige un grand nombre de vulnérabilités affectant plusieurs de ses modules internes, comme ImageIO ou WebKit.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iTunes pour Microsoft Windows, versions inférieures à 10.5.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4981 du 11 Octobre 2011	None	vendor-advisory
Bulletin de sécurité Apple HT4981 du 11 octobre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eApple iTunes pour Microsoft Windows,  versions inf\u00e9rieures \u00e0 10.5.\u003c/p\u003e",
  "content": "## Description\n\nUne nouvelle version d\u0027iTunes, disponible pour les plateformes Microsoft\nWindows, corrige un grand nombre de vuln\u00e9rabilit\u00e9s affectant plusieurs\nde ses modules internes, comme ImageIO ou WebKit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1204"
    },
    {
      "name": "CVE-2011-1117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1117"
    },
    {
      "name": "CVE-2011-0237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0237"
    },
    {
      "name": "CVE-2011-2811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2811"
    },
    {
      "name": "CVE-2011-0983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0983"
    },
    {
      "name": "CVE-2011-3238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3238"
    },
    {
      "name": "CVE-2011-0259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0259"
    },
    {
      "name": "CVE-2011-0200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0200"
    },
    {
      "name": "CVE-2011-2814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2814"
    },
    {
      "name": "CVE-2011-2815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2815"
    },
    {
      "name": "CVE-2011-2823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2823"
    },
    {
      "name": "CVE-2010-1823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1823"
    },
    {
      "name": "CVE-2011-2813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2813"
    },
    {
      "name": "CVE-2011-2359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2359"
    },
    {
      "name": "CVE-2011-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3219"
    },
    {
      "name": "CVE-2011-2788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2788"
    },
    {
      "name": "CVE-2011-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1774"
    },
    {
      "name": "CVE-2011-2799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2799"
    },
    {
      "name": "CVE-2011-0240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0240"
    },
    {
      "name": "CVE-2011-2341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2341"
    },
    {
      "name": "CVE-2011-0255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0255"
    },
    {
      "name": "CVE-2011-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1188"
    },
    {
      "name": "CVE-2011-0253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0253"
    },
    {
      "name": "CVE-2011-0233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0233"
    },
    {
      "name": "CVE-2011-3233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3233"
    },
    {
      "name": "CVE-2011-1115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1115"
    },
    {
      "name": "CVE-2011-1296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1296"
    },
    {
      "name": "CVE-2011-2351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2351"
    },
    {
      "name": "CVE-2011-2827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2827"
    },
    {
      "name": "CVE-2011-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0164"
    },
    {
      "name": "CVE-2011-0981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0981"
    },
    {
      "name": "CVE-2011-0254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0254"
    },
    {
      "name": "CVE-2011-2831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2831"
    },
    {
      "name": "CVE-2011-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0238"
    },
    {
      "name": "CVE-2011-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0222"
    },
    {
      "name": "CVE-2011-1121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1121"
    },
    {
      "name": "CVE-2011-3241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3241"
    },
    {
      "name": "CVE-2011-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0215"
    },
    {
      "name": "CVE-2011-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1797"
    },
    {
      "name": "CVE-2011-2817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2817"
    },
    {
      "name": "CVE-2011-1451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1451"
    },
    {
      "name": "CVE-2011-2790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2790"
    },
    {
      "name": "CVE-2011-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3235"
    },
    {
      "name": "CVE-2011-3237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3237"
    },
    {
      "name": "CVE-2011-0232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0232"
    },
    {
      "name": "CVE-2011-2356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2356"
    },
    {
      "name": "CVE-2011-2797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2797"
    },
    {
      "name": "CVE-2011-2339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2339"
    },
    {
      "name": "CVE-2011-1288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1288"
    },
    {
      "name": "CVE-2011-1203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1203"
    },
    {
      "name": "CVE-2011-2809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2809"
    },
    {
      "name": "CVE-2011-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0204"
    },
    {
      "name": "CVE-2011-1293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1293"
    },
    {
      "name": "CVE-2011-3234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3234"
    },
    {
      "name": "CVE-2011-2338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2338"
    },
    {
      "name": "CVE-2011-2792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2792"
    },
    {
      "name": "CVE-2011-3252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3252"
    },
    {
      "name": "CVE-2011-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0234"
    },
    {
      "name": "CVE-2011-1449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1449"
    },
    {
      "name": "CVE-2011-2818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2818"
    },
    {
      "name": "CVE-2011-1457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1457"
    },
    {
      "name": "CVE-2011-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0235"
    },
    {
      "name": "CVE-2011-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0225"
    },
    {
      "name": "CVE-2011-3236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3236"
    },
    {
      "name": "CVE-2011-1114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1114"
    },
    {
      "name": "CVE-2011-2820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2820"
    },
    {
      "name": "CVE-2011-1109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1109"
    },
    {
      "name": "CVE-2011-0221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0221"
    },
    {
      "name": "CVE-2011-2354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2354"
    },
    {
      "name": "CVE-2011-3239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3239"
    },
    {
      "name": "CVE-2011-2816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2816"
    },
    {
      "name": "CVE-2011-2352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2352"
    },
    {
      "name": "CVE-2011-0223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0223"
    },
    {
      "name": "CVE-2011-1462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1462"
    },
    {
      "name": "CVE-2011-1453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1453"
    },
    {
      "name": "CVE-2011-0218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0218"
    },
    {
      "name": "CVE-2011-3244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3244"
    },
    {
      "name": "CVE-2011-1440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1440"
    },
    {
      "name": "CVE-2011-3232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3232"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4981 du 11 octobre 2011 :",
      "url": "https://support.apple.com/kb/HT4981"
    }
  ],
  "reference": "CERTA-2011-AVI-569",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-10-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans la version 10.5\nd\u0027iTunes pour plateforme Microsoft Windows. La plupart d\u0027entre elles\npermettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iTunes",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4981 du 11 Octobre 2011",
      "url": null
    }
  ]
}

GHSA-29QV-H4J6-WVJ9

Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-1823"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-09-24T19:00:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.",
  "id": "GHSA-29qv-h4j6-wvj9",
  "modified": "2022-05-13T01:24:50Z",
  "published": "2022-05-13T01:24:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1823"
    },
    {
      "type": "WEB",
      "url": "https://bugs.webkit.org/show_bug.cgi?id=43055"
    },
    {
      "type": "WEB",
      "url": "https://bugs.webkit.org/show_bug.cgi?id=44533"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=50250"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4808"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4981"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201009-0259

Vulnerability from variot - Updated: 2023-12-18 11:02

Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098. Google Chrome Used in Webkit There is a service disruption (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks are also possible. Versions prior to Chrome 6.0.472.59 are vulnerable. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The vulnerability has been demonstrated in Cascading Style Sheet (CSS) files that reference invalid SVG fonts. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6

Safari 5.1 and Safari 5.0.6 are now available and address the following:

CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: In certain situations, Safari may treat a file as HTML, even if it is served with the 'text/plain' content type. This may lead to a cross-site scripting attack on sites that allow untrusted users to post text files. This issue is addressed through improved handling of 'text/plain' content. CVE-ID CVE-2010-1420 : Hidetake Jo working with Microsoft Vulnerability Research (MSVR), Neal Poole of Matasano Security

CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Authenticating to a maliciously crafted website may lead to arbitrary code execution Description: The NTLM authentication protocol is susceptible to a replay attack referred to as credential reflection. Authenticating to a maliciously crafted website may lead to arbitrary code execution. To mitigate this issue, Safari has been updated to utilize protection mechanisms recently added to Windows. This issue does not affect Mac OS X systems. CVE-ID CVE-2010-1383 : Takehiro Takahashi of IBM X-Force Research

CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: A root certificate that is disabled may still be trusted Description: CFNetwork did not properly validate that a certificate was trusted for use by a SSL server. As a result, if the user had marked a system root certificate as not trusted, Safari would still accept certificates signed by that root. This issue is addressed through improved certificate validation. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0214 : An anonymous reporter

ColorSync Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative

CoreFoundation Available for: Windows 7, Vista, XP SP2 or later Impact: Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution Description: An off-by-one buffer overflow issue existed in the handling of CFStrings. Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. CVE-ID CVE-2011-0201 : Harry Sintonen

CoreGraphics Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in the handling of Type 1 fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert of the Google Security Team

International Components for Unicode Available for: Windows 7, Vista, XP SP2 or later Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in ICU's handling of uppercase strings. Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. CVE-ID CVE-2011-0206 : David Bienvenu of Mozilla

ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0204 : Dominic Chell of NGS Secure

ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies

ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A reentrancy issue existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP

libxslt Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap Description: libxslt's implementation of the generate-id() XPath function disclosed the address of a heap buffer. Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap. This issue is addressed by generating an ID based on the difference between the addresses of two heap buffers. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0195 : Chris Evans of the Google Chrome Security Team

libxml Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A one-byte heap buffer overflow existed in libxml's handling of XML data. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0216 : Billy Rios of the Google Security Team

Safari Available for: Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: If the "AutoFill web forms" feature is enabled, visiting a maliciously crafted website and typing may lead to the disclosure of information from the user's Address Book Description: Safari's "AutoFill web forms" feature filled in non- visible form fields, and the information was accessible by scripts on the site before the user submitted the form. This issue is addressed by displaying all fields that will be filled, and requiring the user's consent before AutoFill information is available to the form. CVE-ID CVE-2011-0217 : Florian Rienhardt of BSI, Alex Lambert, [Jeremiah Grossman]

Safari Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: With a certain Java configuration, visiting a malicious website may lead to unexpected text being displayed on other sites Description: A cross origin issue existed in the handling of Java Applets. This applies when Java is enabled in Safari, and Java is configured to run within the browser process. Fonts loaded by a Java applet could affect the display of text content from other sites. This issue is addressed by running Java applets in a separate process. CVE-ID CVE-2011-0219 : Joshua Smith of Kaon Interactive

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability Research (MSVR), wushi of team509, and Yong Li of Research In Motion Ltd CVE-2011-0164 : Apple CVE-2011-0218 : SkyLined of Google Chrome Security Team CVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS Research Team, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative CVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-0234 : Rob King working with TippingPoint's Zero Day Initiative, wushi of team509 working with TippingPoint's Zero Day Initiative, wushi of team509 working with iDefense VCP CVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0237 : wushi of team509 working with iDefense VCP CVE-2011-0238 : Adam Barth of Google Chrome Security Team CVE-2011-0240 : wushi of team509 working with iDefense VCP CVE-2011-0253 : Richard Keen CVE-2011-0254 : An anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0255 : An anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc CVE-2011-0983 : Martin Barbella CVE-2011-1109 : Sergey Glazunov CVE-2011-1114 : Martin Barbella CVE-2011-1115 : Martin Barbella CVE-2011-1117 : wushi of team509 CVE-2011-1121 : miaubiz CVE-2011-1188 : Martin Barbella CVE-2011-1203 : Sergey Glazunov CVE-2011-1204 : Sergey Glazunov CVE-2011-1288 : Andreas Kling of Nokia CVE-2011-1293 : Sergey Glazunov CVE-2011-1296 : Sergey Glazunov CVE-2011-1449 : Marek Majkowski, wushi of team 509 working with iDefense VCP CVE-2011-1451 : Sergey Glazunov CVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-1457 : John Knottenbelt of Google CVE-2011-1462 : wushi of team509 CVE-2011-1797 : wushi of team509

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A configuration issue existed in WebKit's use of libxslt. Visiting a maliciously crafted website may lead to arbitrary files being created with the privileges of the user, which may lead to arbitrary code execution. This issue is addressed through improved libxslt security settings. CVE-ID CVE-2011-1774 : Nicolas Gregoire of Agarri

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an information disclosure Description: A cross-origin issue existed in the handling of Web Workers. Visiting a maliciously crafted website may lead to an information disclosure. CVE-ID CVE-2011-1190 : Daniel Divricean of divricean.ro

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of URLs with an embedded username. Visiting a maliciously crafted website may lead to a cross-site scripting attack. This issue is addressed through improved handling of URLs with an embedded username. CVE-ID CVE-2011-0242 : Jobert Abma of Online24

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of DOM nodes. Visiting a maliciously crafted website may lead to a cross- site scripting attack. CVE-ID CVE-2011-1295 : Sergey Glazunov

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: A maliciously crafted website may be able to cause a different URL to be shown in the address bar Description: A URL spoofing issue existed in the handling of the DOM history object. A maliciously crafted website may have been able to cause a different URL to be shown in the address bar. CVE-ID CVE-2011-1107 : Jordi Chancel

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Subscribing to a maliciously crafted RSS feed and clicking on a link within it may lead to an information disclosure Description: A canonicalization issue existed in the handling of URLs. Subscribing to a maliciously crafted RSS feed and clicking on a link within it may lead to arbitrary files being sent from the user's system to a remote server. This update addresses the issue through improved handling of URLs. CVE-ID CVE-2011-0244 : Jason Hullinger

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Applications that use WebKit, such as mail clients, may connect to an arbitrary DNS server upon processing HTML content Description: DNS prefetching was enabled by default in WebKit. Applications that use WebKit, such a s mail clients, may connect to an arbitrary DNS server upon processing HTML content. This update addresses the issue by requiring applications to opt in to DNS prefetching. CVE-ID CVE-2010-3829 : Mike Cardwell of Cardwell IT Ltd.

Note: Safari 5.1 is included with OS X Lion.

Safari 5.1 and Safari 5.0.6 address the same set of security issues. Safari 5.1 is provided for Mac OS X v10.6, and Windows systems. Safari 5.0.6 is provided for Mac OS X v10.5 systems.

Safari 5.1 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/

Safari 5.0.6 is available via the Apple Software Update application, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Safari for Mac OS X v10.6.8 and later The download file is named: Safari5.1SnowLeopard.dmg Its SHA-1 digest is: 2c3cef8e06c5aa586379b1a5fd5cf7b54e8acc24

Safari for Mac OS X v10.5.8 The download file is named: Safari5.0.6Leopard.dmg Its SHA-1 digest is: ea970375d2116a7b74094a2a7669bebc306b6e6f

Safari for Windows 7, Vista or XP The download file is named: SafariSetup.exe Its SHA-1 digest is: d00b791c694b1ecfc22d6a1ec9aa21cc14fd8e36

Safari for Windows 7, Vista or XP from the Microsoft Choice Screen The download file is named: Safari_Setup.exe Its SHA-1 digest is: ccb3bb6b06468a430171d9f62708a1a6d917f45b

Safari+QuickTime for Windows 7, Vista or XP The file is named: SafariQuickTimeSetup.exe Its SHA-1 digest is: 1273e0ee742a294d65e4f25a9b3e36f79fb517c9

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJOJI45AAoJEGnF2JsdZQeezHQIALKZms5tzYgYxUSdxmo+DmYw up9gAmEVcltZvCeVS1lUxfjqnRiGRSWyuou8Ynt9PfGQCz9GfLvzlrCHc5rsnKaD MeYY1IH7lQc6aqmV0hwb4nUL5qJntP6G5Ai0E/0UiRQNC/ummS+qnmdsiFo78ODY nKaB5cAWhqGHgOAPnUG0JwmxpYgR2HEtGYJSqlYykMwt1vnlAr5hHVNaUJcJ3Hlb vesN6fB7zQMiJVo8+iJBixCvIYlbII5HnVAmD1ToyKgENg4Iguo46YBMVr8DPgF/ KD2s0+VF/O4utYVX0GiRGReVyq1PMvz/HI23ym8U3LjbezXD/AALQET0Q2hUEYQ= =fOfF -----END PGP SIGNATURE----- . Description: Multiple memory corruption issues existed in WebKit. ----------------------------------------------------------------------

Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).

Request a free trial: http://secunia.com/products/corporate/vim/

TITLE: SUSE update for Multiple Packages

SECUNIA ADVISORY ID: SA43068

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43068

RELEASE DATE: 2011-01-25

DISCUSS ADVISORY: http://secunia.com/advisories/43068/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/43068/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=43068

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities.

For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053

SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server.

ORIGINAL ADVISORY: SUSE-SR:2011:002: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201009-0259",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "chrome",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "google",
        "version": "6.0.472.59"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "5.0.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "6.0.423.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "6.0.428.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "6.0.427.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "6.0.418.9"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "6.0.425.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "6.0.421.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "6.0.430.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "6.0.426.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "6.0.419.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "6.0.424.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.47255"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.375.55"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.2491064"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.2491059"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.2491036"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1045"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.1.249.1042"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.249.89"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "4.0.249.78"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.53"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.398.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.397.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.396.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.395.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.394.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.393.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.392.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.391.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.390.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.387.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.386.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.385.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.384.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.383.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.382.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.381.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.380.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.379.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.378.0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5.0.376.0"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.5"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2.20"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "model": "chrome",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0.472.59"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.6"
      },
      {
        "model": "safari for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.6"
      },
      {
        "model": "safari for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "itunes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "43228"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002836"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-253"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.472.59",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-1823"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Weston of Microsoft + Microsoft Vulnerability Research (MSVR) and wushi of team 509 (independent discoveries).\n\u003cbr\u003ekuzzcc.\n\u003cbr\u003emagnusmorton.\n\u003cbr\u003eSergey Glazunov and remy.saissy.\n\u003cbr\u003eGoogle Chrome Security Team (Chris Evans).\n\u003cbr\u003eadriennefelt.",
    "sources": [
      {
        "db": "BID",
        "id": "43228"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-1823",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2010-1823",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-44428",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-1823",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201009-253",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-44428",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-44428"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002836"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-253"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098. Google Chrome Used in Webkit There is a service disruption (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks are also possible. \nVersions prior to Chrome 6.0.472.59 are vulnerable. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The vulnerability has been demonstrated in Cascading Style Sheet (CSS) files that reference invalid SVG fonts. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6\n\nSafari 5.1 and Safari 5.0.6 are now available and address the\nfollowing:\n\nCFNetwork\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription:  In certain situations, Safari may treat a file as HTML,\neven if it is served with the \u0027text/plain\u0027 content type. This may\nlead to a cross-site scripting attack on sites that allow untrusted\nusers to post text files. This issue is addressed through improved\nhandling of \u0027text/plain\u0027 content. \nCVE-ID\nCVE-2010-1420 : Hidetake Jo working with Microsoft Vulnerability\nResearch (MSVR), Neal Poole of Matasano Security\n\nCFNetwork\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Authenticating to a maliciously crafted website may lead to\narbitrary code execution\nDescription:  The NTLM authentication protocol is susceptible to a\nreplay attack referred to as credential reflection. Authenticating to\na maliciously crafted website may lead to arbitrary code execution. \nTo mitigate this issue, Safari has been updated to utilize protection\nmechanisms recently added to Windows. This issue does not affect Mac\nOS X systems. \nCVE-ID\nCVE-2010-1383 : Takehiro Takahashi of IBM X-Force Research\n\nCFNetwork\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  A root certificate that is disabled may still be trusted\nDescription:  CFNetwork did not properly validate that a certificate\nwas trusted for use by a SSL server. As a result, if the user had\nmarked a system root certificate as not trusted, Safari would still\naccept certificates signed by that root. This issue is addressed\nthrough improved certificate validation. This issue does not affect\nMac OS X systems. \nCVE-ID\nCVE-2011-0214 : An anonymous reporter\n\nColorSync\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Viewing a maliciously crafted image with an embedded\nColorSync profile may lead to an unexpected application termination\nor arbitrary code execution\nDescription:  An integer overflow existed in the handling of images\nwith an embedded ColorSync profile, which may lead to a heap buffer\noverflow. Opening a maliciously crafted image with an embedded\nColorSync profile may lead to an unexpected application termination\nor arbitrary code execution. For Mac OS X v10.5 systems, this issue\nis addressed in Security Update 2011-004. \nCVE-ID\nCVE-2011-0200 : binaryproof working with TippingPoint\u0027s Zero Day\nInitiative\n\nCoreFoundation\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Applications that use the CoreFoundation framework may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription:  An off-by-one buffer overflow issue existed in the\nhandling of CFStrings. Applications that use the CoreFoundation\nframework may be vulnerable to an unexpected application termination\nor arbitrary code execution. For Mac OS X v10.6 systems, this issue\nis addressed in Mac OS X v10.6.8. \nCVE-ID\nCVE-2011-0201 : Harry Sintonen\n\nCoreGraphics\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An integer overflow issue existed in the handling of\nType 1 fonts. Viewing or downloading a document containing a\nmaliciously crafted embedded font may lead to arbitrary code\nexecution. For Mac OS X v10.6 systems, this issue is addressed in Mac\nOS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in\nSecurity Update 2011-004. \nCVE-ID\nCVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert\nof the Google Security Team\n\nInternational Components for Unicode\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Applications that use ICU may be vulnerable to an unexpected\napplication termination or arbitrary code execution\nDescription:  A buffer overflow issue existed in ICU\u0027s handling of\nuppercase strings. Applications that use ICU may be vulnerable to an\nunexpected application termination or arbitrary code execution. For\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. \nCVE-ID\nCVE-2011-0206 : David Bienvenu of Mozilla\n\nImageIO\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A heap buffer overflow existed in ImageIO\u0027s handling of\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution. For\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. \nFor Mac OS X v10.5 systems, this issue is addressed in Security\nUpdate 2011-004. \nCVE-ID\nCVE-2011-0204 : Dominic Chell of NGS Secure\n\nImageIO\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A heap buffer overflow existed in ImageIO\u0027s handling of\nCCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF\nimage may lead to an unexpected application termination or arbitrary\ncode execution. \nCVE-ID\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\n\nImageIO\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A reentrancy issue existed in ImageIO\u0027s handling of\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution. This\nissue does not affect Mac OS X systems. \nCVE-ID\nCVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP\n\nImageIO\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A heap buffer overflow existed in ImageIO\u0027s handling of\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution. For\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. \nFor Mac OS X v10.5 systems, this issue is addressed in Security\nUpdate 2011-004. \nCVE-ID\nCVE-2011-0204 : Dominic Chell of NGS Secure\n\nlibxslt\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to the\ndisclosure of addresses on the heap\nDescription:  libxslt\u0027s implementation of the generate-id() XPath\nfunction disclosed the address of a heap buffer. Visiting a\nmaliciously crafted website may lead to the disclosure of addresses\non the heap. This issue is addressed by generating an ID based on the\ndifference between the addresses of two heap buffers. For Mac OS X\nv10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac\nOS X v10.5 systems, this issue is addressed in Security Update\n2011-004. \nCVE-ID\nCVE-2011-0195 : Chris Evans of the Google Chrome Security Team\n\nlibxml\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A one-byte heap buffer overflow existed in libxml\u0027s\nhandling of XML data. Visiting a maliciously crafted website may lead\nto an unexpected application termination or arbitrary code execution. \nCVE-ID\nCVE-2011-0216 : Billy Rios of the Google Security Team\n\nSafari\nAvailable for:  Mac OS X v10.6.8 or later,\nMac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later\nImpact:  If the \"AutoFill web forms\" feature is enabled, visiting a\nmaliciously crafted website and typing may lead to the disclosure of\ninformation from the user\u0027s Address Book\nDescription:  Safari\u0027s \"AutoFill web forms\" feature filled in non-\nvisible form fields, and the information was accessible by scripts on\nthe site before the user submitted the form. This issue is addressed\nby displaying all fields that will be filled, and requiring the\nuser\u0027s consent before AutoFill information is available to the form. \nCVE-ID\nCVE-2011-0217 : Florian Rienhardt of BSI, Alex Lambert, [Jeremiah\nGrossman]\n\nSafari\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  With a certain Java configuration, visiting a malicious\nwebsite may lead to unexpected text being displayed on other sites\nDescription:  A cross origin issue existed in the handling of Java\nApplets. This applies when Java is enabled in Safari, and Java is\nconfigured to run within the browser process. Fonts loaded by a Java\napplet could affect the display of text content from other sites. \nThis issue is addressed by running Java applets in a separate\nprocess. \nCVE-ID\nCVE-2011-0219 : Joshua Smith of Kaon Interactive\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in WebKit. \nVisiting a maliciously crafted website may lead to an unexpected\napplication termination or arbitrary code execution. \nCVE-ID\nCVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability\nResearch (MSVR), wushi of team509, and Yong Li of Research In Motion\nLtd\nCVE-2011-0164 : Apple\nCVE-2011-0218 : SkyLined of Google Chrome Security Team\nCVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS\nResearch Team, and Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with\niDefense VCP\nCVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0232 : J23 working with TippingPoint\u0027s Zero Day Initiative\nCVE-2011-0233 : wushi of team509 working with TippingPoint\u0027s Zero Day\nInitiative\nCVE-2011-0234 : Rob King working with TippingPoint\u0027s Zero Day\nInitiative, wushi of team509 working with TippingPoint\u0027s Zero Day\nInitiative, wushi of team509 working with iDefense VCP\nCVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0237 : wushi of team509 working with iDefense VCP\nCVE-2011-0238 : Adam Barth of Google Chrome Security Team\nCVE-2011-0240 : wushi of team509 working with iDefense VCP\nCVE-2011-0253 : Richard Keen\nCVE-2011-0254 : An anonymous researcher working with TippingPoint\u0027s\nZero Day Initiative\nCVE-2011-0255 : An anonymous researcher working with TippingPoint\u0027s\nZero Day Initiative\nCVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc\nCVE-2011-0983 : Martin Barbella\nCVE-2011-1109 : Sergey Glazunov\nCVE-2011-1114 : Martin Barbella\nCVE-2011-1115 : Martin Barbella\nCVE-2011-1117 : wushi of team509\nCVE-2011-1121 : miaubiz\nCVE-2011-1188 : Martin Barbella\nCVE-2011-1203 : Sergey Glazunov\nCVE-2011-1204 : Sergey Glazunov\nCVE-2011-1288 : Andreas Kling of Nokia\nCVE-2011-1293 : Sergey Glazunov\nCVE-2011-1296 : Sergey Glazunov\nCVE-2011-1449 : Marek Majkowski, wushi of team 509 working with\niDefense VCP\nCVE-2011-1451 : Sergey Glazunov\nCVE-2011-1453 : wushi of team509 working with TippingPoint\u0027s Zero Day\nInitiative\nCVE-2011-1457 : John Knottenbelt of Google\nCVE-2011-1462 : wushi of team509\nCVE-2011-1797 : wushi of team509\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A configuration issue existed in WebKit\u0027s use of\nlibxslt. Visiting a maliciously crafted website may lead to arbitrary\nfiles being created with the privileges of the user, which may lead\nto arbitrary code execution. This issue is addressed through improved\nlibxslt security settings. \nCVE-ID\nCVE-2011-1774 : Nicolas Gregoire of Agarri\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to an\ninformation disclosure\nDescription:  A cross-origin issue existed in the handling of Web\nWorkers. Visiting a maliciously crafted website may lead to an\ninformation disclosure. \nCVE-ID\nCVE-2011-1190 : Daniel Divricean of divricean.ro\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription:  A cross-origin issue existed in the handling of URLs\nwith an embedded username. Visiting a maliciously crafted website may\nlead to a cross-site scripting attack. This issue is addressed\nthrough improved handling of URLs with an embedded username. \nCVE-ID\nCVE-2011-0242 : Jobert Abma of Online24\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription:  A cross-origin issue existed in the handling of DOM\nnodes. Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack. \nCVE-ID\nCVE-2011-1295 : Sergey Glazunov\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  A maliciously crafted website may be able to cause a\ndifferent URL to be shown in the address bar\nDescription:  A URL spoofing issue existed in the handling of the DOM\nhistory object. A maliciously crafted website may have been able to\ncause a different URL to be shown in the address bar. \nCVE-ID\nCVE-2011-1107 : Jordi Chancel\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  Subscribing to a maliciously crafted RSS feed and clicking\non a link within it may lead to an information disclosure\nDescription:  A canonicalization issue existed in the handling of\nURLs. Subscribing to a maliciously crafted RSS feed and clicking on a\nlink within it may lead to arbitrary files being sent from the user\u0027s\nsystem to a remote server. This update addresses the issue through\nimproved handling of URLs. \nCVE-ID\nCVE-2011-0244 : Jason Hullinger\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  Applications that use WebKit, such as mail clients, may\nconnect to an arbitrary DNS server upon processing HTML content\nDescription:  DNS prefetching was enabled by default in WebKit. \nApplications that use WebKit, such a s mail clients, may connect to\nan arbitrary DNS server upon processing HTML content. This update\naddresses the issue by requiring applications to opt in to DNS\nprefetching. \nCVE-ID\nCVE-2010-3829 : Mike Cardwell of Cardwell IT Ltd. \n\n\nNote: Safari 5.1 is included with OS X Lion. \n\n\nSafari 5.1 and Safari 5.0.6 address the same set of security\nissues. Safari 5.1 is provided for Mac OS X v10.6,\nand Windows systems. Safari 5.0.6 is provided for\nMac OS X v10.5 systems. \n\nSafari 5.1 is available via the Apple Software Update\napplication, or Apple\u0027s Safari download site at:\nhttp://www.apple.com/safari/download/\n\nSafari 5.0.6 is available via the Apple Software Update\napplication, or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nSafari for Mac OS X v10.6.8 and later\nThe download file is named: Safari5.1SnowLeopard.dmg\nIts SHA-1 digest is: 2c3cef8e06c5aa586379b1a5fd5cf7b54e8acc24\n\nSafari for Mac OS X v10.5.8\nThe download file is named: Safari5.0.6Leopard.dmg\nIts SHA-1 digest is: ea970375d2116a7b74094a2a7669bebc306b6e6f\n\nSafari for Windows 7, Vista or XP\nThe download file is named: SafariSetup.exe\nIts SHA-1 digest is: d00b791c694b1ecfc22d6a1ec9aa21cc14fd8e36\n\nSafari for Windows 7, Vista or XP from the Microsoft Choice Screen\nThe download file is named: Safari_Setup.exe\nIts SHA-1 digest is: ccb3bb6b06468a430171d9f62708a1a6d917f45b\n\nSafari+QuickTime for Windows 7, Vista or XP\nThe file is named: SafariQuickTimeSetup.exe\nIts SHA-1 digest is: 1273e0ee742a294d65e4f25a9b3e36f79fb517c9\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (Darwin)\n\niQEcBAEBAgAGBQJOJI45AAoJEGnF2JsdZQeezHQIALKZms5tzYgYxUSdxmo+DmYw\nup9gAmEVcltZvCeVS1lUxfjqnRiGRSWyuou8Ynt9PfGQCz9GfLvzlrCHc5rsnKaD\nMeYY1IH7lQc6aqmV0hwb4nUL5qJntP6G5Ai0E/0UiRQNC/ummS+qnmdsiFo78ODY\nnKaB5cAWhqGHgOAPnUG0JwmxpYgR2HEtGYJSqlYykMwt1vnlAr5hHVNaUJcJ3Hlb\nvesN6fB7zQMiJVo8+iJBixCvIYlbII5HnVAmD1ToyKgENg4Iguo46YBMVr8DPgF/\nKD2s0+VF/O4utYVX0GiRGReVyq1PMvz/HI23ym8U3LjbezXD/AALQET0Q2hUEYQ=\n=fOfF\n-----END PGP SIGNATURE-----\n. \nDescription:  Multiple memory corruption issues existed in WebKit. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nSUSE update for Multiple Packages\n\nSECUNIA ADVISORY ID:\nSA43068\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43068/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43068\n\nRELEASE DATE:\n2011-01-25\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43068/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43068/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43068\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSUSE has issued an update for multiple packages, which fixes multiple\nvulnerabilities. \n\nFor more information:\nSA32349\nSA33495\nSA35095\nSA35379\nSA35411\nSA35449\nSA35758\nSA36269\nSA36677\nSA37273\nSA37346\nSA37769\nSA38061\nSA38545\nSA38932\nSA39029\nSA39091\nSA39384\nSA39661\nSA39937\nSA40002\nSA40072\nSA40105\nSA40112\nSA40148\nSA40196\nSA40257\nSA40664\nSA40783\nSA41014\nSA41085\nSA41242\nSA41328\nSA41390\nSA41443\nSA41535\nSA41841\nSA41888\nSA41968\nSA42151\nSA42264\nSA42290\nSA42312\nSA42443\nSA42461\nSA42658\nSA42769\nSA42886\nSA42956\nSA43053\n\nSOLUTION:\nApply updated packages via YaST Online Update or the SUSE FTP server. \n\nORIGINAL ADVISORY:\nSUSE-SR:2011:002:\nhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-1823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002836"
      },
      {
        "db": "BID",
        "id": "43228"
      },
      {
        "db": "VULHUB",
        "id": "VHN-44428"
      },
      {
        "db": "PACKETSTORM",
        "id": "103216"
      },
      {
        "db": "PACKETSTORM",
        "id": "105708"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-1823",
        "trust": 3.0
      },
      {
        "db": "SECUNIA",
        "id": "43068",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0212",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002836",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-253",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "43228",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "105708",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-44428",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "103216",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "97846",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-44428"
      },
      {
        "db": "BID",
        "id": "43228"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002836"
      },
      {
        "db": "PACKETSTORM",
        "id": "103216"
      },
      {
        "db": "PACKETSTORM",
        "id": "105708"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-253"
      }
    ]
  },
  "id": "VAR-201009-0259",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-44428"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:02:22.221000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4808",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4808"
      },
      {
        "title": "Google Chrome",
        "trust": 0.8,
        "url": "http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja\u0026hl=ja"
      },
      {
        "title": "stable-beta-channel-updates_14",
        "trust": 0.8,
        "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002836"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-416",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-399",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-44428"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002836"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1823"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2011//jul/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://code.google.com/p/chromium/issues/detail?id=50250"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht4808"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht4981"
      },
      {
        "trust": 1.7,
        "url": "https://bugs.webkit.org/show_bug.cgi?id=43055"
      },
      {
        "trust": 1.7,
        "url": "https://bugs.webkit.org/show_bug.cgi?id=44533"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7405"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/43068"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2011/0212"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1823"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu781747"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1823"
      },
      {
        "trust": 0.3,
        "url": "http://www.google.com/chrome"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/520068"
      },
      {
        "trust": 0.3,
        "url": "http://lists.apple.com/archives/security-announce/2011/jul/msg00002.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/technet/security/advisory/msvr11-001.mspx"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0235"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0240"
      },
      {
        "trust": 0.2,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0237"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0200"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0238"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0233"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0234"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0223"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0215"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0204"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0164"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0221"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0218"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0225"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0232"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1823"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1420"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0206"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0214"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0201"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0219"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0202"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/safari/download/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0217"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1383"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3829"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0259"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0253"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0254"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0983"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1117"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1115"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1121"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0255"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1114"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/itunes/download/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43068"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/vim/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43068/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43068/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-44428"
      },
      {
        "db": "BID",
        "id": "43228"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002836"
      },
      {
        "db": "PACKETSTORM",
        "id": "103216"
      },
      {
        "db": "PACKETSTORM",
        "id": "105708"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-253"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-44428"
      },
      {
        "db": "BID",
        "id": "43228"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002836"
      },
      {
        "db": "PACKETSTORM",
        "id": "103216"
      },
      {
        "db": "PACKETSTORM",
        "id": "105708"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-253"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-09-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-44428"
      },
      {
        "date": "2010-09-14T00:00:00",
        "db": "BID",
        "id": "43228"
      },
      {
        "date": "2011-06-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002836"
      },
      {
        "date": "2011-07-21T14:16:35",
        "db": "PACKETSTORM",
        "id": "103216"
      },
      {
        "date": "2011-10-12T02:01:36",
        "db": "PACKETSTORM",
        "id": "105708"
      },
      {
        "date": "2011-01-25T03:59:20",
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "date": "2010-09-24T19:00:04.357000",
        "db": "NVD",
        "id": "CVE-2010-1823"
      },
      {
        "date": "2010-09-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201009-253"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-44428"
      },
      {
        "date": "2011-10-11T21:40:00",
        "db": "BID",
        "id": "43228"
      },
      {
        "date": "2011-07-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002836"
      },
      {
        "date": "2020-07-31T19:20:46.327000",
        "db": "NVD",
        "id": "CVE-2010-1823"
      },
      {
        "date": "2020-08-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201009-253"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-253"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Google Chrome Used in  Webkit Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002836"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-253"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2010-1823

Vulnerability from fkie_nvd - Published: 2010-09-24 19:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://code.google.com/p/chromium/issues/detail?id=50250	Issue Tracking, Patch, Vendor Advisory
product-security@apple.com	http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html	Mailing List, Third Party Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html	Mailing List, Third Party Advisory
product-security@apple.com	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	Mailing List, Third Party Advisory
product-security@apple.com	http://secunia.com/advisories/43068	Third Party Advisory
product-security@apple.com	http://support.apple.com/kb/HT4808	Third Party Advisory
product-security@apple.com	http://support.apple.com/kb/HT4981	Third Party Advisory
product-security@apple.com	http://www.vupen.com/english/advisories/2011/0212	Third Party Advisory
product-security@apple.com	https://bugs.webkit.org/show_bug.cgi?id=43055	Permissions Required
product-security@apple.com	https://bugs.webkit.org/show_bug.cgi?id=44533	Issue Tracking, Patch, Third Party Advisory
product-security@apple.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://code.google.com/p/chromium/issues/detail?id=50250	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43068	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4808	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4981	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0212	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.webkit.org/show_bug.cgi?id=43055	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://bugs.webkit.org/show_bug.cgi?id=44533	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405	Third Party Advisory

Impacted products

Vendor	Product	Version
google	chrome	*
apple	itunes	*
apple	safari	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "083D2BC1-C013-4B03-B295-F8131B5AB162",
              "versionEndExcluding": "6.0.472.59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFDEF0C6-55A8-4240-AFFC-D3FC70F82F1D",
              "versionEndExcluding": "10.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA42DFF0-41FC-4ADA-8F10-F18B32BA66C0",
              "versionEndExcluding": "5.0.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de usar despu\u00e9s de liberar en WebKit en versiones anteriores a la vr65958, como se utiliza en Google Chrome en versiones anteriores a la v6.0.472.59, permite a atacantes remotos provocar una denegaci\u00f3n de servicio y posiblemente provocar otros da\u00f1os a trav\u00e9s de vectores de ataque que provocan el uso de las APIs document tal como document.close durante el parseo, como se ha demostrado por un fichero de hojas de estilo en cascada (CSS) referenciando un \"font\" SVG, tambi\u00e9n conocido como problema rdar 8442098."
    }
  ],
  "id": "CVE-2010-1823",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-09-24T19:00:04.357",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://code.google.com/p/chromium/issues/detail?id=50250"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4808"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4981"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://bugs.webkit.org/show_bug.cgi?id=43055"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.webkit.org/show_bug.cgi?id=44533"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://code.google.com/p/chromium/issues/detail?id=50250"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://bugs.webkit.org/show_bug.cgi?id=43055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.webkit.org/show_bug.cgi?id=44533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-1823 (GCVE-0-2010-1823)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature