CVSS: 8.1EPSS: 1%CPEs: 72EXPL: 0CVE-2010-1384
https://notcve.org/view.php?id=CVE-2010-1384
11 Jun 2010 — Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, no proporciona una advertencia acerca de URL (1) http o (2) https que contienen un usuario y contraseña, lo cual hace m... • http://jvn.jp/en/jp/JVN46026251/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 2%CPEs: 72EXPL: 0CVE-2010-1385
https://notcve.org/view.php?id=CVE-2010-1385
11 Jun 2010 — Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Vulnerabilidad de uso despues de liberacion en Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior v4.1 en Mac OS X v10.4, permite a los atacantes remotos ejecutar código a su elección o causar una denegación de servicio (fallo ... • http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 74EXPL: 0CVE-2010-1388
https://notcve.org/view.php?id=CVE-2010-1388
11 Jun 2010 — WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document. WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, no maneja adecuadamente las operaciones del portapapeles (1) arrastrar y (2) pegar para URLs, lo cual permite a atacantes rem... • http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 74EXPL: 0CVE-2010-1389
https://notcve.org/view.php?id=CVE-2010-1389
11 Jun 2010 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a atacant... • http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 74EXPL: 0CVE-2010-1390
https://notcve.org/view.php?id=CVE-2010-1390
11 Jun 2010 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 74EXPL: 0CVE-2010-1391
https://notcve.org/view.php?id=CVE-2010-1391
11 Jun 2010 — Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL. Múltiples vulnerabilidades de salto de directorio en el (a) Almacenamiento local y (b) la implementación web de la base de datos SQL en WebKit ... • http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 74EXPL: 0CVE-2010-1393
https://notcve.org/view.php?id=CVE-2010-1393
11 Jun 2010 — The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. La implementación de hojas de estilo en cascada (CSS) en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a los atacantes remotos descubrir URLs sensibles a través del atr... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 74EXPL: 0CVE-2010-1394
https://notcve.org/view.php?id=CVE-2010-1394
11 Jun 2010 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) in WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a los atacantes remotos inyectar a su lección código web o... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 74EXPL: 0CVE-2010-1395
https://notcve.org/view.php?id=CVE-2010-1395
11 Jun 2010 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a los atacantes rem... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 9%CPEs: 74EXPL: 0CVE-2010-1400
https://notcve.org/view.php?id=CVE-2010-1400
11 Jun 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements. Vulnerabilidad de uso despues de liberacion en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a los atacantes remotos ejecutar código a su elección o causar ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=870 • CWE-399: Resource Management Errors •