CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2010-1823
https://notcve.org/view.php?id=CVE-2010-1823
24 Sep 2010 — Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098. Vulnerabilidad de usar después de liberar en WebKit en versiones anteriores a la vr65958, como se utiliza en Google Chro... • http://code.google.com/p/chromium/issues/detail?id=50250 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 6%CPEs: 10EXPL: 0CVE-2010-1806 – Apple Safari Webkit Runin Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1806
10 Sep 2010 — Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers. Vulnerabilidad de uso después de la liberación en Apple Safari v4.x anteriores a v4.1.2 y v5.x anteriores a v5.0.2 , permite a atacantes remotos ejecutar código o provacar una denegación de servicio (caída de la aplicación) a través del acondicionamiento del estilo de... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 82%CPEs: 24EXPL: 2CVE-2010-1807 – Google Android 2.0 < 2.1 - Code Execution (Reverse Shell 10.0.2.2:2222/TCP)
https://notcve.org/view.php?id=CVE-2010-1807
10 Sep 2010 — WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. WebKit en Apple Safari v4.x anteriores a v4.1.2 y v5.x anteriores a v5.0.2 no valida de forma adecuada los datos con punto flotante, lo que permite a atacantes remotos ejecutar... • https://www.exploit-db.com/exploits/15423 • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 11EXPL: 0CVE-2010-1805
https://notcve.org/view.php?id=CVE-2010-1805
10 Sep 2010 — Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. Vulnerabilidad ruta de búsqueda no confiable en Apple Safari v4.x anteriores a v4.1.2 y v5.x anteriores a v5.0.2 en Windows, permite a usuarios locales obtener privilegios a través del troyano explorer.exe (también conocido como Windows Expl... • http://lists.apple.com/archives/security-announce/2010//Sep/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2010-3259 – webkit: cross-origin image theft
https://notcve.org/view.php?id=CVE-2010-3259
07 Sep 2010 — WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. Google Chrome anterior a v6.0.472.53 no restringe apropiadamente el acceso de lectura a las imágenes, lo que permite a atacantes remotos evitar la "Same Origin Policy" y ob... • http://code.google.com/p/chromium/issues/detail?id=53001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 13%CPEs: 8EXPL: 0CVE-2010-3257 – webkit: stale pointer issue with focusing
https://notcve.org/view.php?id=CVE-2010-3257
07 Sep 2010 — Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus. Google Chrome anterior a v6.0.472.53 no realiza apropiadamente el manejo del foco, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otros impactos sin especificar a través d... • http://code.google.com/p/chromium/issues/detail?id=52443 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 7%CPEs: 8EXPL: 0CVE-2010-3116 – webkit: memory corruption with MIME types
https://notcve.org/view.php?id=CVE-2010-3116
24 Aug 2010 — Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins. Google Chrome anterior a v5.0.375.127 no procesa correctamente los tipos MIME, lo que podría permitir a atacantes remotos provocar una denegación de servicio (corrupción de... • http://code.google.com/p/chromium/issues/detail?id=50515 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 7%CPEs: 78EXPL: 0CVE-2010-1793 – WebKit: multiple vulnerabilities in WebKitGTK
https://notcve.org/view.php?id=CVE-2010-1793
30 Jul 2010 — Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document. Múltiples vulnerabilidades de usar después de liberar en WebKit de Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores ... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 78EXPL: 0CVE-2010-1796
https://notcve.org/view.php?id=CVE-2010-1796
30 Jul 2010 — The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. La función autocompletar en Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta la v10.6 y Windows, y anteriores a la v4.1.1 en Mac OS X v10.4, permite a atacantes remotos obtener información confidencial del libreta de di... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 22%CPEs: 78EXPL: 0CVE-2010-1785 – Apple Webkit SVG First-Letter Style Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1785
30 Jul 2010 — WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. WebKit de Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta v10.6 y Windows, y anteri... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •