Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68823
Category:FreeBSD Local Security Checks
Title:FreeBSD Ports: webkit-gtk2
Summary:The remote host is missing an update to the system; as announced in the referenced advisory.
Description:Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: webkit-gtk2

CVE-2010-1791
Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac
OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4,
allows remote attackers to execute arbitrary code or cause a denial of
service via vectors involving a JavaScript array index.

CVE-2010-3812
Integer overflow in the Text::wholeText method in dom/Text.cpp in
WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, webkitgtk before
1.2.6, and possibly other products allows remote attackers to execute
arbitrary code or cause a denial of service via vectors involving Text objects.

CVE-2010-3813
The WebCore::HTMLLinkElement::process function in
WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari
before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before
4.1.3 on Mac OS X 10.4, webkitgtk before 1.2.6, and possibly other
products does not verify whether DNS prefetching is enabled when
processing an HTML LINK element, which allows remote attackers to
bypass intended access restrictions, as demonstrated by an HTML e-mail
message that uses a LINK element for X-Confirm-Reading-To
functionality.

CVE-2010-4197
Use-after-free vulnerability in WebKit, as used in Google Chrome
before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors involving text editing.

CVE-2010-4198
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before
1.2.6, and other products, does not properly handle large text areas,
which allows remote attackers to cause a denial of service or possibly
have unspecified other impact via a crafted HTML document.

CVE-2010-4204
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before
1.2.6, and other products, accesses a frame object after this object
has been destroyed, which allows remote attackers to cause a denial of
service or possibly have unspecified other impact via unknown vectors.

CVE-2010-4206
Array index error in the FEBlend::apply function in
WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in
Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other
products, allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a crafted SVG document, related to
effects in the application of filters.

CVE-2010-4577
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp
in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS
before 8.0.552.343, webkitgtk before 1.2.6, and other products does
not properly parse Cascading Style Sheets (CSS) token sequences, which
allows remote attackers to cause a denial of service via a crafted local
font, related to 'Type Confusion.'

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-1791
http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
BugTraq ID: 42020
http://www.securityfocus.com/bid/42020
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11802
http://secunia.com/advisories/42314
http://secunia.com/advisories/43068
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0552
Common Vulnerability Exposure (CVE) ID: CVE-2010-3812
http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html
BugTraq ID: 44960
http://www.securityfocus.com/bid/44960
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html
http://trac.webkit.org/changeset/68705
http://www.zerodayinitiative.com/advisories/ZDI-10-257/
https://bugs.webkit.org/show_bug.cgi?id=46848
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11689
http://www.redhat.com/support/errata/RHSA-2011-0177.html
http://secunia.com/advisories/43086
http://www.vupen.com/english/advisories/2010/3046
http://www.vupen.com/english/advisories/2011/0216
XForce ISS Database: safari-text-objects-code-execution(63350)
https://exchange.xforce.ibmcloud.com/vulnerabilities/63350
Common Vulnerability Exposure (CVE) ID: CVE-2010-3813
http://trac.webkit.org/changeset/63622
https://bugs.webkit.org/show_bug.cgi?id=42500
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12293
Common Vulnerability Exposure (CVE) ID: CVE-2010-4197
BugTraq ID: 45720
http://www.securityfocus.com/bid/45720
http://trac.webkit.org/changeset/70594
https://bugs.webkit.org/show_bug.cgi?id=48349
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12266
http://secunia.com/advisories/42109
Common Vulnerability Exposure (CVE) ID: CVE-2010-4198
BugTraq ID: 45719
http://www.securityfocus.com/bid/45719
https://bugs.webkit.org/show_bug.cgi?id=45611
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12157
Common Vulnerability Exposure (CVE) ID: CVE-2010-4204
BugTraq ID: 45718
http://www.securityfocus.com/bid/45718
http://trac.webkit.org/changeset/70517
https://bugs.webkit.org/show_bug.cgi?id=48281
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12174
Common Vulnerability Exposure (CVE) ID: CVE-2010-4206
BugTraq ID: 45721
http://www.securityfocus.com/bid/45721
http://trac.webkit.org/changeset/70652
https://bugs.webkit.org/show_bug.cgi?id=48371
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11949
Common Vulnerability Exposure (CVE) ID: CVE-2010-4577
BugTraq ID: 45722
http://www.securityfocus.com/bid/45722
Debian Security Information: DSA-2188 (Google Search)
http://www.debian.org/security/2011/dsa-2188
http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml
http://trac.webkit.org/changeset/72685
http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp
https://bugs.webkit.org/show_bug.cgi?id=49883
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13953
http://secunia.com/advisories/42648
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.