CVSS: 9.8EPSS: 6%CPEs: 126EXPL: 0CVE-2010-3811
https://notcve.org/view.php?id=CVE-2010-3811
20 Nov 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. Vulnerabilidad de uso después de la liberación en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 a la v10.6 y Windows en la v4.1.3 y anteriores y sobre Mac OS X v10.4, permite a atacantes remotos oejecutar código de su elec... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 6%CPEs: 126EXPL: 0CVE-2010-3816
https://notcve.org/view.php?id=CVE-2010-3816
20 Nov 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. Vulnerabilidad de uso después de liberación en WebKit de Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o prov... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 6%CPEs: 126EXPL: 0CVE-2010-3823
https://notcve.org/view.php?id=CVE-2010-3823
20 Nov 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415. Una vulnerabilidad de uso después de liberación en el WebKit de Apple Safari antes de v5.0.3 en Mac OS X v10.5 a v10.6 y Windows, y antes de v4.1.3 en Mac OS X v10.4, permite a atacant... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 25EXPL: 1CVE-2010-4008 – libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis
https://notcve.org/view.php?id=CVE-2010-4008
11 Nov 2010 — libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. libxml2 anterior v2.7.8, como el usado en Google Chrome anterior v7.0.517.44, Apple Safari v5.0.2 y anteriores, otros productos, ree desde localizaciones de memoria inválidas durante el proc... • http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 1CVE-2010-1822
https://notcve.org/view.php?id=CVE-2010-1822
04 Oct 2010 — WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document. WebKit, tal y como es usado en Safari de Apple anterior a versión 4.1.3 y versiones 5.0.x anteriores a 5.0.3 y Chrome de Google anterior a versión 6.0.472.62, no realiza apropiadamente una conversión... • http://code.google.com/p/chromium/issues/detail?id=55114 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2010-1823
https://notcve.org/view.php?id=CVE-2010-1823
24 Sep 2010 — Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098. Vulnerabilidad de usar después de liberar en WebKit en versiones anteriores a la vr65958, como se utiliza en Google Chro... • http://code.google.com/p/chromium/issues/detail?id=50250 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 11EXPL: 0CVE-2010-1805
https://notcve.org/view.php?id=CVE-2010-1805
10 Sep 2010 — Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. Vulnerabilidad ruta de búsqueda no confiable en Apple Safari v4.x anteriores a v4.1.2 y v5.x anteriores a v5.0.2 en Windows, permite a usuarios locales obtener privilegios a través del troyano explorer.exe (también conocido como Windows Expl... • http://lists.apple.com/archives/security-announce/2010//Sep/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 6%CPEs: 10EXPL: 0CVE-2010-1806 – Apple Safari Webkit Runin Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1806
10 Sep 2010 — Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers. Vulnerabilidad de uso después de la liberación en Apple Safari v4.x anteriores a v4.1.2 y v5.x anteriores a v5.0.2 , permite a atacantes remotos ejecutar código o provacar una denegación de servicio (caída de la aplicación) a través del acondicionamiento del estilo de... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 82%CPEs: 24EXPL: 2CVE-2010-1807 – Google Android 2.0 < 2.1 - Code Execution (Reverse Shell 10.0.2.2:2222/TCP)
https://notcve.org/view.php?id=CVE-2010-1807
10 Sep 2010 — WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. WebKit en Apple Safari v4.x anteriores a v4.1.2 y v5.x anteriores a v5.0.2 no valida de forma adecuada los datos con punto flotante, lo que permite a atacantes remotos ejecutar... • https://www.exploit-db.com/exploits/15423 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 13%CPEs: 8EXPL: 0CVE-2010-3257 – webkit: stale pointer issue with focusing
https://notcve.org/view.php?id=CVE-2010-3257
07 Sep 2010 — Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus. Google Chrome anterior a v6.0.472.53 no realiza apropiadamente el manejo del foco, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otros impactos sin especificar a través d... • http://code.google.com/p/chromium/issues/detail?id=52443 • CWE-416: Use After Free •