CVSS: 6.5EPSS: 1%CPEs: 74EXPL: 0CVE-2009-2199
https://notcve.org/view.php?id=CVE-2009-2199
12 Aug 2009 — Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. Una vulnerabilidad de lista negra incompleta en WebKit en Safari de Apple anterior a versión 4.0.3, como es usado en iPhone OS anterior a versión 3.1, iPhone OS anterior a versión 3.1.1, para iPod touch y otras plataformas... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html •
CVSS: 7.1EPSS: 2%CPEs: 11EXPL: 0CVE-2009-2196
https://notcve.org/view.php?id=CVE-2009-2196
12 Aug 2009 — Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. Vulnerabilidad no especificada en Apple Safari 4 anteriores a v4.0.3 que permite a los servidores web remotos colocar un sitio web arbitrario en la vista "Top Sites", y posiblemente conducir un ataque de phishing, a través de vectores desconocidos. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html •
CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-2416 – mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
https://notcve.org/view.php?id=CVE-2009-2416
11 Aug 2009 — Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Múltiples vulnerabilidades de uso anterior a la liberación en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto p... • http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html • CWE-416: Use After Free •
CVSS: 6.1EPSS: 1%CPEs: 73EXPL: 2CVE-2009-1724 – WebKit - 'parent/top' Cross Domain Scripting
https://notcve.org/view.php?id=CVE-2009-1724
09 Jul 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. Una vulnerabilidad de tipo cross-site scripting (XSS) en WebKit en Safari de Apple anterior a versión 4.0.2, tal y como es usado en iPhone OS anterior a versión 3.1, iPhone OS anterior a versión 3.1.1 para iPod touch, y otras pl... • https://www.exploit-db.com/exploits/33047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 3%CPEs: 73EXPL: 0CVE-2009-1725
https://notcve.org/view.php?id=CVE-2009-1725
09 Jul 2009 — WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. WebKit en Apple Safari anterior a v4.0.2, no maneja adecuadamente las referencias de caracter... • http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html • CWE-189: Numeric Errors •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2420
https://notcve.org/view.php?id=CVE-2009-2420
09 Jul 2009 — Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703. Apple Safari v3.2.3 no implementa correctamente el manejador de protocolo file: , lo cual permite a atacantes remotos leer ficheros arbitrarios o provocar una denegación de servicio (lanzar múltiples instancias del E... • http://www.securityfocus.com/archive/1/504480/100/0/threaded • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2421
https://notcve.org/view.php?id=CVE-2009-2421
09 Jul 2009 — The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol. El método CFCharacterSetInitInlineBuffer en CoreFoundation.dll en Apple Safari v3.2.3 permite a atacantes remotos causar una denegación de servicio (desreferencia a puntero nulo y cuelgue de la aplicación) o posible... • http://www.securityfocus.com/archive/1/504479/100/0/threaded • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 33%CPEs: 2EXPL: 3CVE-2009-2419 – Apple Safari 4 - 'reload()' Denial of Service
https://notcve.org/view.php?id=CVE-2009-2419
09 Jul 2009 — Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload function. NOTE: some of these details are obtained from third party information. Vulnerabilidad de uso-después-de-liberación en la función servePendingRequests en WebCore en WebKit en Apple Safa... • https://www.exploit-db.com/exploits/33062 • CWE-399: Resource Management Errors •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2058
https://notcve.org/view.php?id=CVE-2009-2058
15 Jun 2009 — Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. Apple Safari anteriores a v3.2.2 utiliza una cabecera HTTP Host para determinar el contexto de un documento proporcionado por una respuesta de CONEXIÓN (1) 4xx o (2) 5xx desde un servidor proxy, lo que permite ... • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 66EXPL: 0CVE-2009-2062
https://notcve.org/view.php?id=CVE-2009-2062
15 Jun 2009 — Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. Apple Safari anteriores a v3.2.2 procesa una respuesta de CONEXIÓN HTTP anterior a una negociación SSL con éxito, lo que permite a los atacantes "hombre en el medio" ejecutar arbitrariamente una secuencia de comandos w... • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 • CWE-287: Improper Authentication •