Nirankush Panchbhai

Pesquisador deMicrosoft Vulnerability Research (MSVR)
#10428de 53,638
26.5CVSS total
Vulnerabilidades · 5
Média
4
Alta
1
PT-2011-2168
4.3
2011-03-22
Apple · Macos X · CVE-2011-0187
**Name of the Vulnerable Software and Affected Versions** QuickTime in Apple Mac OS X versions prior to 10.6.7 **Description** The issue allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect. **Recommendations** For versions prior to 10.6.7, update to version 10.6.7 or later to resolve the issue.
PT-2010-5493
4.3
2010-12-07
Google · Google Chrome · CVE-2010-4483
**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 8.0.552.215 **Description** The issue allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site, due to improper restriction of read access to videos derived from CANVAS elements. **Recommendations** For versions prior to 8.0.552.215, update to version 8.0.552.215 or later to resolve the issue.
PT-2010-5262
4.3
2010-10-21
Opera · Opera · CVE-2010-4046
**Name of the Vulnerable Software and Affected Versions** Opera versions prior to 10.63 **Description** The issue allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content, due to improper verification of the origin of video content. **Recommendations** For Opera versions prior to 10.63, update to version 10.63 or later to resolve the issue.
PT-2010-4695
4.3
2010-09-07
Google · Google Chrome · CVE-2010-3259
**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 4.1.3 Apple Safari versions 5.0.x prior to 5.0.3 Google Chrome versions prior to 6.0.472.53 webkitgtk versions prior to 1.2.6 **Description** The issue allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site, due to improper restriction of read access to images derived from CANVAS elements. **Recommendations** For Apple Safari versions prior to 4.1.3, update to version 4.1.3 or later. For Apple Safari versions 5.0.x prior to 5.0.3, update to version 5.0.3 or later. For Google Chrome versions prior to 6.0.472.53, update to version 6.0.472.53 or later. For webkitgtk versions prior to 1.2.6, update to version 1.2.6 or later.
PT-2011-5221
9.3
1970-01-01
Freetype · Freetype2 · CVE-2011-3256
**Name of the Vulnerable Software and Affected Versions** freetype2 versions prior to 2.4.8 freetype2-devel versions prior to 2.4.8 freetype2-devel-32bit versions prior to 2.4.8 freetype2-devel-64bit versions prior to 2.4.8 freetype2-32bit versions prior to 2.4.8 freetype2-64bit versions prior to 2.4.8 **Description** The issue concerns multiple vulnerabilities in the freetype2 package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially allowing attackers to execute arbitrary code or cause a denial of service due to memory corruption. This can be achieved via a crafted font. **Recommendations** For freetype2 versions prior to 2.4.8, update to version 2.4.8 or later. For freetype2-devel versions prior to 2.4.8, update to version 2.4.8 or later. For freetype2-devel-32bit versions prior to 2.4.8, update to version 2.4.8 or later. For freetype2-devel-64bit versions prior to 2.4.8, update to version 2.4.8 or later. For freetype2-32bit versions prior to 2.4.8, update to version 2.4.8 or later. For freetype2-64bit versions prior to 2.4.8, update to version 2.4.8 or later.