CVSS: 9.3EPSS: 3%CPEs: 126EXPL: 0CVE-2010-3803
https://notcve.org/view.php?id=CVE-2010-3803
20 Nov 2010 — Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. Desbordamiento de entero en WebKit en Apple Safari anterior a v5.0.3 sobre Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 sobre Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caíd... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 1%CPEs: 126EXPL: 0CVE-2010-3826
https://notcve.org/view.php?id=CVE-2010-3826
20 Nov 2010 — WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, no realiza adecuadamente una conversión ... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html •
CVSS: 9.8EPSS: 6%CPEs: 126EXPL: 0CVE-2010-3811
https://notcve.org/view.php?id=CVE-2010-3811
20 Nov 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. Vulnerabilidad de uso después de la liberación en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 a la v10.6 y Windows en la v4.1.3 y anteriores y sobre Mac OS X v10.4, permite a atacantes remotos oejecutar código de su elec... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 8%CPEs: 126EXPL: 0CVE-2010-3812 – Apple Webkit WholeText Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3812
20 Nov 2010 — Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects. Un desbordamiento de enteros en el WebKit de Apple Safari v5.0.3 antes en Mac OS X v10.5 a v10.6 y Windows, y antes de v4.1.3 en Mac OS ... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 1%CPEs: 126EXPL: 0CVE-2010-3820
https://notcve.org/view.php?id=CVE-2010-3820
20 Nov 2010 — WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit de Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, accede a memoria sin iniciar durante el proceso de editar elementos, esto perm... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 6%CPEs: 126EXPL: 0CVE-2010-3818
https://notcve.org/view.php?id=CVE-2010-3818
20 Nov 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. Vulnerabilidad de uso después de liberación en WebKit en Apple Safari anterior a v5.0.3 sobre Mac OS X v10.5 hasta v10.6 y Windows, y before v4.1.3 sobre Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elecci... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 1%CPEs: 126EXPL: 2CVE-2010-3804 – WebKit - Insufficient Entropy Random Number Generator
https://notcve.org/view.php?id=CVE-2010-3804
20 Nov 2010 — The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. La implementación de JavaScript en WebKit en Apple Safari anteriores a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores a v4.1.3 en Mac OS X v10.4, usa un a... • https://www.exploit-db.com/exploits/35005 • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 126EXPL: 0CVE-2010-3810
https://notcve.org/view.php?id=CVE-2010-3810
20 Nov 2010 — WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack. WebKit en Apple Safari anteriores a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anteirores a v4.1.3 en Mac OS X v10.4, no maneja de forma adecuada el objeto History, lo que permite a atacantes remotos espiar la URL de la barra de l... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html •
CVSS: 9.3EPSS: 1%CPEs: 126EXPL: 0CVE-2010-3822
https://notcve.org/view.php?id=CVE-2010-3822
20 Nov 2010 — WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, accede a un puntero sin inicializar durante el p... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 126EXPL: 0CVE-2010-3813 – webkit: HTMLLinkElement ignores dnsPrefetchingEnabled setting
https://notcve.org/view.php?id=CVE-2010-3813
20 Nov 2010 — The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To ... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •