CVSS: 9.8EPSS: 3%CPEs: 34EXPL: 1CVE-2009-1712
https://notcve.org/view.php?id=CVE-2009-1712
10 Jun 2009 — WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. WebKit de Apple Safari anterior a v4.0 no previene la carga remota de los applets de Java locales, esto permite a atacante remotos ejecutar código de su elección, aumentar sus privilegios u obtener información sensible a través de un APPLET o elemento OBJECT. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 1%CPEs: 34EXPL: 1CVE-2009-1715
https://notcve.org/view.php?id=CVE-2009-1715
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Web Inspector en WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos ayudados por por el usuario inyectar secuencias de comandos web o HTML, y leer ficheros locales... • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1688
https://notcve.org/view.php?id=CVE-2009-1688
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores a v4.0 permite a los atacantes remotos inyectar arbitrariament... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1693
https://notcve.org/view.php?id=CVE-2009-1693
10 Jun 2009 — WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos leer imágenes desde sitios Web de su elección a través de un elemento CANVAS con una imagen SVG, relativo a "Característica de captura de imagen en sitio cruzado". • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1691
https://notcve.org/view.php?id=CVE-2009-1691
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anterior a v4.0 permite a atacantes remotos inyectar secuencias de comandos web a su elección o HT... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 34EXPL: 1CVE-2009-1682
https://notcve.org/view.php?id=CVE-2009-1682
10 Jun 2009 — Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. Apple Safari antes de v4.0 no comprueba adecuadamente la revocación de certificados Extended Validation (EV), lo cual hace más fácil a atacantes remotos engañar a un usuario para aceptar un certificado no válido. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-255: Credentials Management Errors •
CVSS: 5.8EPSS: 0%CPEs: 34EXPL: 0CVE-2009-1694
https://notcve.org/view.php?id=CVE-2009-1694
10 Jun 2009 — WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." WebKit en Apple Safari anterior a v4.0 no redirecciona correctamente, lo que permite a atacantes remotos leer las imágenes de sitios web a su eleccion a traves de vectores relacionados al elem... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html •
CVSS: 6.1EPSS: 44%CPEs: 34EXPL: 2CVE-2009-1684 – WebKit - JavaScript 'onload()' Event Cross Domain Scripting
https://notcve.org/view.php?id=CVE-2009-1684
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores a v4.0, permite a los atacantes remotos inyectar arbitrariamente una secuencia de ... • https://www.exploit-db.com/exploits/33033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1689
https://notcve.org/view.php?id=CVE-2009-1689
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores v4.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su e... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1685
https://notcve.org/view.php?id=CVE-2009-1685
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari antes de v4.0 permite a atacantes remotos inyectar HTML o secuencias de comandos web arbitrarios... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •