CVSS: 10.0EPSS: 7%CPEs: 74EXPL: 0CVE-2010-1404 – Apple Webkit Recursive Use Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1404
08 Jun 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction. Una vulnerabilidad de uso de la memoria previamente liberada en WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 ... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 7%CPEs: 74EXPL: 0CVE-2010-1396 – Apple Webkit Option Element ContentEditable Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1396
08 Jun 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements. Vulnerabilidad de uso despues de liberacion en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a los atacantes r... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2010-1940
https://notcve.org/view.php?id=CVE-2010-1940
14 May 2010 — Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Apple Safari 4.0.5 en Windows envía la cabecera "Authorization: Basic" necesaria para un sitio web a un sitio web diferente ref... • http://secunia.com/advisories/39670 • CWE-255: Credentials Management Errors •
CVSS: 8.8EPSS: 91%CPEs: 2EXPL: 4CVE-2010-1939 – Apple Safari 4.0.5 - 'parent.close()' Memory Corruption (ASLR + DEP Bypass)
https://notcve.org/view.php?id=CVE-2010-1939
13 May 2010 — Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. Vulnerabilidad de uso despues de liberacion en Apple Safari 4.0.5 en Windows permite a atacantes remotos ejecutar código de su elección mediante el uso de window.open para crear una ventana emergente para un docum... • https://www.exploit-db.com/exploits/12614 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 3CVE-2010-1131 – Apple Safari 4.0.5 - 'JavaScriptCore.dll' Stack Exhaustion
https://notcve.org/view.php?id=CVE-2010-1131
26 Mar 2010 — JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring. JavaScriptCore.dll, como el utilizado en Apple Safari v4.0.5 en Windows XP SP3, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un documento compuesto por muchos ocurrencias sucesivas de la subcadena <object>. • https://www.exploit-db.com/exploits/12487 •
CVSS: 10.0EPSS: 6%CPEs: 2EXPL: 0CVE-2010-1120 – Apple Preview libFontParser SpecialEncoding Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1120
25 Mar 2010 — Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010. Vulnerabilidad sin especificar en Safari 4 sobre Apple Mac Os X v10.6, permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, como ha demostrado Charlie Miller durante la competición Pwn2Own en CanSecWest 2010. This vulnerability allows remote attackers to e... • http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 87%CPEs: 108EXPL: 1CVE-2010-1119 – Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1119
25 Mar 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. Una vulnerabilidad de uso de memoria pr... • https://www.exploit-db.com/exploits/16974 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 89%CPEs: 54EXPL: 5CVE-2010-1029 – iPhone - 'WebCore::CSSSelector()' Remote Crash
https://notcve.org/view.php?id=CVE-2010-1029
19 Mar 2010 — Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. Vulnerabilidad de consumo en la pila en la función WebCore:: CSSSelector en WebKit, utilizado en Apple Safari v4.0.4, Apple Safari en iPhone OS y ... • https://www.exploit-db.com/exploits/11574 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0051
https://notcve.org/view.php?id=CVE-2010-0051
12 Mar 2010 — WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. WebKit en Apple Safari anterior v4.0.5 no valida adecuadamente la carga de hojas de estilo CSS de origen cruzado , lo que permite a atacantes remotos obtener información sensible a través de un documento HTML manipulado. NOTA: Esta vulnerabilidad se solapa con CVE-2010-0651. • http://code.google.com/p/chromium/issues/detail?id=9877 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 90%CPEs: 7EXPL: 1CVE-2010-0049 – Apple WebKit RTL LineBox Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0049
12 Mar 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality. Vulnerabilidad de uso después de liberacion en WebKit de Apple Safari en versiones anteriores a la v4.0.5 permite a usuarios remotos ejecutar comandos de su elección o provocar una denegación de servicio (caida de la aplicación) a través de elementos HTML con direccionalidad de te... • https://www.exploit-db.com/exploits/33752 • CWE-399: Resource Management Errors •