CVSS: 6.1EPSS: 1%CPEs: 34EXPL: 1CVE-2009-1697
https://notcve.org/view.php?id=CVE-2009-1697
10 Jun 2009 — CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. Vulnerabilidad de inyección CRLF (se refiere a CR (retorno de carro) y LF (salto de lín... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 2%CPEs: 48EXPL: 1CVE-2009-1700
https://notcve.org/view.php?id=CVE-2009-1700
10 Jun 2009 — The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. La implementación XSLT en WebKit en Apple Safari anteriores a 4.0 no trata apropiadamente las redirecciones, lo que permite a los atacantes remotos leer contenido XML desde páginas web arbitrarias a través de documentos manipudados. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 48EXPL: 1CVE-2009-1702
https://notcve.org/view.php?id=CVE-2009-1702
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos inyectar secuencias de comandos web i HTML a traves de vctores relacionados con la... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 2%CPEs: 34EXPL: 2CVE-2009-1703
https://notcve.org/view.php?id=CVE-2009-1703
10 Jun 2009 — WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document. WebKit en Apple Safari anterior a v4.0 no prevé las referencias a archivos; URLs con elementos de (1) audio y (2) vídeo, lo que permite a atacantes remotos determinar la existencia de archivos de su elección a través de un documento HTML manipulado. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 4%CPEs: 12EXPL: 1CVE-2009-1705
https://notcve.org/view.php?id=CVE-2009-1705
10 Jun 2009 — CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data. CoreGraphics en Apple Safari anteriores a v4.0 en Windows no utiliza adecuadamente la aritmética durante la inicialización automática de las fuentes TrueType, lo que permite a atacantes remotos ejecutar código de su elección o provoca... • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-189: Numeric Errors •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 1CVE-2009-1706
https://notcve.org/view.php?id=CVE-2009-1706
10 Jun 2009 — The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. La característica de Navegación Privada de Apple Safari anterior a v4.0 en Windows no elimina las cookies del almacenamiento de cookies alternativo en circunstancias no especificadas en relación con (1) la desactivación ... • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 1CVE-2009-1707
https://notcve.org/view.php?id=CVE-2009-1707
10 Jun 2009 — Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. Condición de carrera en la implementación de "Reset Safari" en Apple Safari anteriores a la v4.0 en Windows permitiría a usuarios locales leer contraseñas web a través de vectores sin especificar. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 1%CPEs: 34EXPL: 1CVE-2009-1710
https://notcve.org/view.php?id=CVE-2009-1710
10 Jun 2009 — WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos suplantar en la pantalla del navegador el (1) nombre del equipo, (2) indicadores de seguridad, y otros elementos de la interface del usuario a través de un cursor personalizado junto a la propiedad h... • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html •
CVSS: 9.3EPSS: 2%CPEs: 34EXPL: 1CVE-2009-1711
https://notcve.org/view.php?id=CVE-2009-1711
10 Jun 2009 — WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. WebKit en Apple Safari anterior a v4.0 no inicializa correctamente memoria para los objetos Attr DOM, lo cual permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de la aplicación) a través de un documento HTML elaborado. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 3%CPEs: 34EXPL: 1CVE-2009-1712
https://notcve.org/view.php?id=CVE-2009-1712
10 Jun 2009 — WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. WebKit de Apple Safari anterior a v4.0 no previene la carga remota de los applets de Java locales, esto permite a atacante remotos ejecutar código de su elección, aumentar sus privilegios u obtener información sensible a través de un APPLET o elemento OBJECT. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •