CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2010-3259 – webkit: cross-origin image theft
https://notcve.org/view.php?id=CVE-2010-3259
07 Sep 2010 — WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. Google Chrome anterior a v6.0.472.53 no restringe apropiadamente el acceso de lectura a las imágenes, lo que permite a atacantes remotos evitar la "Same Origin Policy" y ob... • http://code.google.com/p/chromium/issues/detail?id=53001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 7%CPEs: 8EXPL: 0CVE-2010-3116 – webkit: memory corruption with MIME types
https://notcve.org/view.php?id=CVE-2010-3116
24 Aug 2010 — Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins. Google Chrome anterior a v5.0.375.127 no procesa correctamente los tipos MIME, lo que podría permitir a atacantes remotos provocar una denegación de servicio (corrupción de... • http://code.google.com/p/chromium/issues/detail?id=50515 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 8%CPEs: 78EXPL: 0CVE-2010-1789
https://notcve.org/view.php?id=CVE-2010-1789
30 Jul 2010 — Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. Desbordamiento de búfer de memoria dinámica en WebKit de Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores a la v4.1.1 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 78EXPL: 0CVE-2010-1790 – WebKit: multiple vulnerabilities in WebKitGTK
https://notcve.org/view.php?id=CVE-2010-1790
30 Jul 2010 — WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue." WebKit de Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores a la v4.1.1 en Mac ... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html •
CVSS: 9.3EPSS: 2%CPEs: 78EXPL: 0CVE-2010-1791
https://notcve.org/view.php?id=CVE-2010-1791
30 Jul 2010 — Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. Error de entero sin signo en WebKit de Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores a la v4.1.1 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su ... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 3%CPEs: 78EXPL: 0CVE-2010-1792 – WebKit: multiple vulnerabilities in WebKitGTK
https://notcve.org/view.php?id=CVE-2010-1792
30 Jul 2010 — WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression. WebKit de Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores a la v4.1.1 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o provocar u... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 7%CPEs: 78EXPL: 0CVE-2010-1793 – WebKit: multiple vulnerabilities in WebKitGTK
https://notcve.org/view.php?id=CVE-2010-1793
30 Jul 2010 — Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document. Múltiples vulnerabilidades de usar después de liberar en WebKit de Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores ... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 78EXPL: 0CVE-2010-1796
https://notcve.org/view.php?id=CVE-2010-1796
30 Jul 2010 — The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. La función autocompletar en Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta la v10.6 y Windows, y anteriores a la v4.1.1 en Mac OS X v10.4, permite a atacantes remotos obtener información confidencial del libreta de di... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 78EXPL: 0CVE-2010-1778
https://notcve.org/view.php?id=CVE-2010-1778
30 Jul 2010 — Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta la v10.6 y en Windows, y anteriores a la v4.1.1 en Mac OS X 10.4, permiten a usuarios remotos inyectar codigo de script web o código HTML de s... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 9%CPEs: 78EXPL: 0CVE-2010-1780 – WebKit: multiple vulnerabilities in WebKitGTK
https://notcve.org/view.php?id=CVE-2010-1780
30 Jul 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus. Vulnerabilidad de usar después de liberar en WebKit de Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores a la v4.1.1 en Mac OS X v10.4, permite a at... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html • CWE-399: Resource Management Errors •