CVSS: 9.3EPSS: 2%CPEs: 34EXPL: 1CVE-2009-1711
https://notcve.org/view.php?id=CVE-2009-1711
10 Jun 2009 — WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. WebKit en Apple Safari anterior a v4.0 no inicializa correctamente memoria para los objetos Attr DOM, lo cual permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de la aplicación) a través de un documento HTML elaborado. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 4%CPEs: 34EXPL: 1CVE-2009-1708
https://notcve.org/view.php?id=CVE-2009-1708
10 Jun 2009 — Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call. Apple Safari anterior a v4.0 no previene las llamadas al manejador URL open-help-anchor por los sitios web, lo que permite a atacantes remotos abrir archivos de ayuda locales, ejecutar código de su elección u obtener información sensible a través de una llamada manipul... • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html •
CVSS: 9.3EPSS: 3%CPEs: 34EXPL: 1CVE-2009-1704
https://notcve.org/view.php?id=CVE-2009-1704
10 Jun 2009 — CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file. CFNetwork en Apple Safari anteriores a v4.0 malinterpreta los ficheros de imagen descargados como ficheros locales HTML en circunstancias sin especificar, lo que permite a atacantes remotos ejecutar código JavaScript de forma arbitraria incluyendo este en un fichero de imagen. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 48EXPL: 1CVE-2009-1702
https://notcve.org/view.php?id=CVE-2009-1702
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos inyectar secuencias de comandos web i HTML a traves de vctores relacionados con la... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1695
https://notcve.org/view.php?id=CVE-2009-1695
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit de Apple Safari anterior a v4.0, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de v... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 1CVE-2009-1706
https://notcve.org/view.php?id=CVE-2009-1706
10 Jun 2009 — The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. La característica de Navegación Privada de Apple Safari anterior a v4.0 en Windows no elimina las cookies del almacenamiento de cookies alternativo en circunstancias no especificadas en relación con (1) la desactivación ... • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 34EXPL: 1CVE-2009-1697
https://notcve.org/view.php?id=CVE-2009-1697
10 Jun 2009 — CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. Vulnerabilidad de inyección CRLF (se refiere a CR (retorno de carro) y LF (salto de lín... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 12%CPEs: 6EXPL: 5CVE-2009-1699 – WebKit - XML External Entity Information Disclosure
https://notcve.org/view.php?id=CVE-2009-1699
10 Jun 2009 — The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack." La implementación de la hoja de estilo XSL en WebKit en Apple Safari anterior a v4.0 no maneja adecuadamente las entidades externas XML, lo cual ... • https://www.exploit-db.com/exploits/33034 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.1EPSS: 1%CPEs: 34EXPL: 1CVE-2009-1718
https://notcve.org/view.php?id=CVE-2009-1718
10 Jun 2009 — WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. Webkit de Apple Safari anterior a v4.0, permite a atacantes remotos con la ayuda del usuario obtener información sensible a través de vectores que utilizan eventos drag -arrastrar- y el arrastre de contenidos a través de una página Web manipulada. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 2%CPEs: 34EXPL: 2CVE-2009-1703
https://notcve.org/view.php?id=CVE-2009-1703
10 Jun 2009 — WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document. WebKit en Apple Safari anterior a v4.0 no prevé las referencias a archivos; URLs con elementos de (1) audio y (2) vídeo, lo que permite a atacantes remotos determinar la existencia de archivos de su elección a través de un documento HTML manipulado. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •