CVE-2010-0046
published 2010-03-15CVE-2010-0046: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of…
PriorityP347critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.93%
92.3th percentile
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | safari | <= 4.0.4 | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
webkitgtk: multiple security vulnerabilities in WebKit
vendor_redhat·2010-03-11·CVSS 9.3
CVE-2010-0046 [CRITICAL] webkitgtk: multiple security vulnerabilities in WebKit
webkitgtk: multiple security vulnerabilities in WebKit
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.
Red Hat
kernel: use flag in do_coredump()
vendor_redhat·2009-11-12·CVSS 7.5
CVE-2006-6304 [HIGH] kernel: use flag in do_coredump()
kernel: use flag in do_coredump()
The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit d025c9db that introduced the problem.
This upstream commit was backported in Red Hat Enterprise Linux 5 via RHSA-2009:0225. It was later reported and addressed in Red Hat Enterprise Linux 5 via RHSA-2010:0046.
GHSA
GHSA-crvv-782p-52cr: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4
ghsa_unreviewed·2022-05-02
CVE-2010-0046 [HIGH] CWE-94 GHSA-crvv-782p-52cr: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.
No detection rules found.
Bugzilla
CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054 qt, webkitgtk: multiple security vulnerabilities in WebKit
bugzilla·2010-03-03·CVSS 9.3
CVE-2010-0046 [CRITICAL] CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054 qt, webkitgtk: multiple security vulnerabilities in WebKit
CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054 qt, webkitgtk: multiple security vulnerabilities in WebKit
A number of security vulnerabilities were reported in WebKit:
CVE-2010-0046: CSS format() argument memory corruption
https://bugs.webkit.org/show_bug.cgi?id=31815
http://trac.webkit.org/changeset/51727
CSS format() arguments were always treated as strings, which could result
in a crash or arbitrary code execution if an integer or other unexpected
type was used instead.
CVE-2010-0047: Call-after-free in HTMLObjectElement::renderFallBackContent (ZDI-CAN-579)
https://bugs.webkit.org/show_bug.cgi?id=31277
http://trac.webkit.org/changeset/50698
Changes to the style of an OBJECT element resulted in the creation of
Bugzilla
CVE-2009-4141 kernel: create_elf_tables can leave urandom in a bad state
bugzilla·2009-12-15·CVSS 7.2
CVE-2009-4141 [HIGH] CVE-2009-4141 kernel: create_elf_tables can leave urandom in a bad state
CVE-2009-4141 kernel: create_elf_tables can leave urandom in a bad state
Reported by Tavis Ormandy of Google Security Team. The root cause was determined to be a use-after-free of locked async file descriptors, and it is believed to have been introduced here: http://git.kernel.org/linus/233e70f4228e78eb2f80dc6650f65d3ae3dbf17c
Acknowledgements:
Red Hat would like to thank Tavis Ormandy of Google Security Team for reporting this issue.
Discussion:
Upstream commit:
http://git.kernel.org/linus/53281b6d3
---
This only affected Red Hat Enterprise Linux 5.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2010:0046 https://rhn.redhat.com/errata/RHSA-2010-0046.html
---
Patch present on the latest RHEL6 git tree.
---
Fixed in 2.6.31.12 and
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2010/Mar/msg00000.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/41856http://secunia.com/advisories/43068http://support.apple.com/kb/HT4070http://support.apple.com/kb/HT4225http://www.mandriva.com/security/advisories?name=MDVSA-2011:039http://www.securityfocus.com/bid/38671http://www.securitytracker.com/id?1023708http://www.ubuntu.com/usn/USN-1006-1http://www.vupen.com/english/advisories/2010/2722http://www.vupen.com/english/advisories/2011/0212http://www.vupen.com/english/advisories/2011/0552https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7053http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2010/Mar/msg00000.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/41856http://secunia.com/advisories/43068http://support.apple.com/kb/HT4070http://support.apple.com/kb/HT4225http://www.mandriva.com/security/advisories?name=MDVSA-2011:039http://www.securityfocus.com/bid/38671http://www.securitytracker.com/id?1023708http://www.ubuntu.com/usn/USN-1006-1http://www.vupen.com/english/advisories/2010/2722http://www.vupen.com/english/advisories/2011/0212http://www.vupen.com/english/advisories/2011/0552https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7053
2010-03-15
Published