CVSS: 7.5EPSS: 2%CPEs: 34EXPL: 1CVE-2009-1713
https://notcve.org/view.php?id=CVE-2009-1713
10 Jun 2009 — The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors. La funcionalidad XSLT en WebKit en Apple Safari anteriores a v4.0 no implementa adecuadamente la función "document", lo que permite a atacantes remotos leer (1) ficheros locales arbitrariamente (2) ficheros de diferentes zonas de seguridad a través de vectores inespec... • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1714
https://notcve.org/view.php?id=CVE-2009-1714
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Web Inspector en WebKit in Apple Safari anterior a v4.0, permite a atacantes asistidos por el usuario, inyectar secuencias comandos web o HTML de su elección y leer archivos lo... • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 34EXPL: 1CVE-2009-1715
https://notcve.org/view.php?id=CVE-2009-1715
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Web Inspector en WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos ayudados por por el usuario inyectar secuencias de comandos web o HTML, y leer ficheros locales... • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1716
https://notcve.org/view.php?id=CVE-2009-1716
10 Jun 2009 — CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. CFNetwork en Apple Safari anterior a v4.0 sobre Windows, no protege adecuadamente los ficheros temporales de las descargas que crea, lo que permite a usuarios locales obtener información sensible leyendo éstos archivos. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 1%CPEs: 34EXPL: 1CVE-2009-1718
https://notcve.org/view.php?id=CVE-2009-1718
10 Jun 2009 — WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. Webkit de Apple Safari anterior a v4.0, permite a atacantes remotos con la ayuda del usuario obtener información sensible a través de vectores que utilizan eventos drag -arrastrar- y el arrastre de contenidos a través de una página Web manipulada. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 34EXPL: 1CVE-2009-1681
https://notcve.org/view.php?id=CVE-2009-1681
10 Jun 2009 — WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. WebKit en Apple Safari anteriores a v4.0 no previene que páginas web sean cargadas en contenidos de terceros dentro de un "submarco", lo que permite a los atacantes remotos evitar la Política Origi... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1685
https://notcve.org/view.php?id=CVE-2009-1685
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari antes de v4.0 permite a atacantes remotos inyectar HTML o secuencias de comandos web arbitrarios... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 34EXPL: 1CVE-2009-1686
https://notcve.org/view.php?id=CVE-2009-1686
10 Jun 2009 — WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. WebKit en Apple Safari antes de v4.0 no maneja adecuadamente constantes (alias const) declaradas en una operación de ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 4%CPEs: 34EXPL: 1CVE-2009-1687 – kdelibs: Integer overflow in KJS JavaScript garbage collector
https://notcve.org/view.php?id=CVE-2009-1687
10 Jun 2009 — The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." El JavaScript garbage collector en WebKit en Apple Safari anteriores a v4.0 no maneja adecuadamente la ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-190: Integer Overflow or Wraparound CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1688
https://notcve.org/view.php?id=CVE-2009-1688
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores a v4.0 permite a los atacantes remotos inyectar arbitrariament... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •