CVSS: 4.3EPSS: 0%CPEs: 59EXPL: 0CVE-2009-2842
https://notcve.org/view.php?id=CVE-2009-2842
13 Nov 2009 — Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. Apple Safari en versiones anteriores a la 4.0.4 no implementa de manera apropiada las opciones de menu (1) Open Image y (2) Open Link, lo que permite a atacantes remotos leer ficheros HTML locales mediante un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html •
CVSS: 7.5EPSS: 0%CPEs: 48EXPL: 0CVE-2009-3455
https://notcve.org/view.php?id=CVE-2009-3455
29 Sep 2009 — Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Apple Safari, posiblemente anterior a v4.0.3, en Mac OS X no maneja adecuadamente un carácter '\0' en un nombre de dominio de sujeto en el campo Common Name (C... • http://www.networkworld.com/news/2009/091709-microsoft-ie-security-hole.html • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 62%CPEs: 6EXPL: 2CVE-2009-3272 – Apple Safari 3.2.3 (Windows x86) - JavaScript 'eval' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-3272
21 Sep 2009 — Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences. Vulnerabilidad de agotamiento de pila en WebKit.dll en WebKit en Apple Safari v3.2.3, y posiblemente otras versiones anteriores a v4.1.2, permite a atacantes remotos provocar una denegación de servicio (fin de la aplicación) mediante códig... • https://www.exploit-db.com/exploits/9606 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 2%CPEs: 73EXPL: 0CVE-2009-2804
https://notcve.org/view.php?id=CVE-2009-2804
14 Sep 2009 — Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow. Un desbordamiento enteros en ColorSync en Mac OS X versiones 10.4.11 y 10.5.8, y Safari anterior a versión 4.0.4, de Apple, en Windows, permite a los atacantes remotos ejecutar código arbitrario o causar una denega... • http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2009-3016
https://notcve.org/view.php?id=CVE-2009-3016
31 Aug 2009 — Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when sp... • http://websecurity.com.ua/3386 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 74EXPL: 0CVE-2009-2199
https://notcve.org/view.php?id=CVE-2009-2199
12 Aug 2009 — Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. Una vulnerabilidad de lista negra incompleta en WebKit en Safari de Apple anterior a versión 4.0.3, como es usado en iPhone OS anterior a versión 3.1, iPhone OS anterior a versión 3.1.1, para iPod touch y otras plataformas... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html •
CVSS: 7.1EPSS: 0%CPEs: 81EXPL: 0CVE-2009-2200
https://notcve.org/view.php?id=CVE-2009-2200
12 Aug 2009 — WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. WebKit en Apple Safari anteriores a v4.0.3 no restringe apropiadamente el esquema URL del atributo pluginspage de un elemento EMBED, lo que permite a los atacantes remotos asistidos por usuarios lanzar un archivo arbitrario: URLs y obtener informa... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 2%CPEs: 11EXPL: 0CVE-2009-2196
https://notcve.org/view.php?id=CVE-2009-2196
12 Aug 2009 — Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. Vulnerabilidad no especificada en Apple Safari 4 anteriores a v4.0.3 que permite a los servidores web remotos colocar un sitio web arbitrario en la vista "Top Sites", y posiblemente conducir un ataque de phishing, a través de vectores desconocidos. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html •
CVSS: 9.3EPSS: 80%CPEs: 81EXPL: 1CVE-2009-2195 – WebKit - Floating Point Number Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-2195
12 Aug 2009 — Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers. Desbordamiento de búfer en WebKit en Apple Safari anteriores a v4.0.3, permite a los atacantes remotos ejecutar arbitrariamente código o causar una denegación de servicio (caída de la aplicación) a través de un número punto-flotante manipulado. • https://www.exploit-db.com/exploits/33164 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-2416 – mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
https://notcve.org/view.php?id=CVE-2009-2416
11 Aug 2009 — Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Múltiples vulnerabilidades de uso anterior a la liberación en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto p... • http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html • CWE-416: Use After Free •