Jason Hullinger

Pesquisador deHP
#15718de 53,633
17.2CVSS total
Vulnerabilidades · 4
Média
4
PT-2014-5345
4.3
2014-07-09
Openstack · Openstack Dashboard · CVE-2014-3473
**Name of the Vulnerable Software and Affected Versions** OpenStack Dashboard (Horizon) versions prior to 2013.2.4 OpenStack Dashboard (Horizon) versions 2014.1 prior to 2014.1.2 OpenStack Dashboard (Horizon) Juno versions prior to Juno-2 **Description** A cross-site scripting (XSS) issue exists in the Orchestration/Stack section of the Horizon Orchestration dashboard. This allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template when used with Heat. **Recommendations** For versions prior to 2013.2.4, update to version 2013.2.4 or later. For versions 2014.1 prior to 2014.1.2, update to version 2014.1.2 or later. For Juno versions prior to Juno-2, update to Juno-2 or later.
PT-2012-2238
4.3
2012-02-14
Microsoft · Internet Explorer · CVE-2012-0012
**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 9 **Description** The issue allows remote attackers to read data from arbitrary process-memory locations via a crafted web site. An information disclosure vulnerability exists, which can be exploited by constructing a specially crafted web page disguised as legitimate content, potentially allowing an attacker to view content from the Internet Explorer process memory. **Recommendations** For Microsoft Internet Explorer version 9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2011-2218
4.3
2011-07-21
Apple · Safari · CVE-2011-0244
**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0.6 **Description** The issue allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds. **Recommendations** For versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue.
PT-2010-5083
4.3
2010-11-16
Apple · Safari · CVE-2010-3796
**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 10.6.5 in Mac OS X 10.5.8 and 10.6.x **Description** The issue allows remote attackers to obtain sensitive information by using a feed: URL containing a Java applet that performs DOM modifications, as Safari does not block Java applets in an RSS feed. **Recommendations** For Safari in Mac OS X 10.5.8 and 10.6.x before 10.6.5, consider disabling Java applets in RSS feeds until a patch is available. Restrict access to RSS feeds that may contain malicious Java applets to minimize the risk of exploitation.