CVSS: 9.3EPSS: 7%CPEs: 76EXPL: 1CVE-2009-1690 – kdelibs: KHTML Incorrect handling <head> element content once the <head> element was removed (DoS, ACE)
https://notcve.org/view.php?id=CVE-2009-1690
10 Jun 2009 — Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers.... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=803 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 4%CPEs: 34EXPL: 1CVE-2009-1687 – kdelibs: Integer overflow in KJS JavaScript garbage collector
https://notcve.org/view.php?id=CVE-2009-1687
10 Jun 2009 — The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." El JavaScript garbage collector en WebKit en Apple Safari anteriores a v4.0 no maneja adecuadamente la ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-190: Integer Overflow or Wraparound CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 44%CPEs: 34EXPL: 2CVE-2009-1684 – WebKit - JavaScript 'onload()' Event Cross Domain Scripting
https://notcve.org/view.php?id=CVE-2009-1684
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores a v4.0, permite a los atacantes remotos inyectar arbitrariamente una secuencia de ... • https://www.exploit-db.com/exploits/33033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1689
https://notcve.org/view.php?id=CVE-2009-1689
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores v4.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su e... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1685
https://notcve.org/view.php?id=CVE-2009-1685
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari antes de v4.0 permite a atacantes remotos inyectar HTML o secuencias de comandos web arbitrarios... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1688
https://notcve.org/view.php?id=CVE-2009-1688
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores a v4.0 permite a los atacantes remotos inyectar arbitrariament... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 34EXPL: 1CVE-2009-1681
https://notcve.org/view.php?id=CVE-2009-1681
10 Jun 2009 — WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. WebKit en Apple Safari anteriores a v4.0 no previene que páginas web sean cargadas en contenidos de terceros dentro de un "submarco", lo que permite a los atacantes remotos evitar la Política Origi... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html •
CVSS: 9.3EPSS: 1%CPEs: 34EXPL: 1CVE-2009-1686
https://notcve.org/view.php?id=CVE-2009-1686
10 Jun 2009 — WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. WebKit en Apple Safari antes de v4.0 no maneja adecuadamente constantes (alias const) declaradas en una operación de ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1691
https://notcve.org/view.php?id=CVE-2009-1691
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anterior a v4.0 permite a atacantes remotos inyectar secuencias de comandos web a su elección o HT... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 34EXPL: 1CVE-2009-1682
https://notcve.org/view.php?id=CVE-2009-1682
10 Jun 2009 — Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. Apple Safari antes de v4.0 no comprueba adecuadamente la revocación de certificados Extended Validation (EV), lo cual hace más fácil a atacantes remotos engañar a un usuario para aceptar un certificado no válido. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-255: Credentials Management Errors •