CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1691
https://notcve.org/view.php?id=CVE-2009-1691
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anterior a v4.0 permite a atacantes remotos inyectar secuencias de comandos web a su elección o HT... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1693
https://notcve.org/view.php?id=CVE-2009-1693
10 Jun 2009 — WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos leer imágenes desde sitios Web de su elección a través de un elemento CANVAS con una imagen SVG, relativo a "Característica de captura de imagen en sitio cruzado". • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html •
CVSS: 5.8EPSS: 0%CPEs: 34EXPL: 0CVE-2009-1694
https://notcve.org/view.php?id=CVE-2009-1694
10 Jun 2009 — WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." WebKit en Apple Safari anterior a v4.0 no redirecciona correctamente, lo que permite a atacantes remotos leer las imágenes de sitios web a su eleccion a traves de vectores relacionados al elem... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html •
CVSS: 7.5EPSS: 1%CPEs: 34EXPL: 1CVE-2009-1682
https://notcve.org/view.php?id=CVE-2009-1682
10 Jun 2009 — Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. Apple Safari antes de v4.0 no comprueba adecuadamente la revocación de certificados Extended Validation (EV), lo cual hace más fácil a atacantes remotos engañar a un usuario para aceptar un certificado no válido. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 44%CPEs: 34EXPL: 2CVE-2009-1684 – WebKit - JavaScript 'onload()' Event Cross Domain Scripting
https://notcve.org/view.php?id=CVE-2009-1684
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores a v4.0, permite a los atacantes remotos inyectar arbitrariamente una secuencia de ... • https://www.exploit-db.com/exploits/33033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 4%CPEs: 34EXPL: 0CVE-2009-1709 – Apple Safari SVG Set.targetElement() Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1709
08 Jun 2009 — Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches." Vulnerabilidad de uso después de la liberación en la implementación de la recolección de basura en WebCore en WebKit en Apple Safari anterior... • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.3EPSS: 7%CPEs: 62EXPL: 1CVE-2009-1698 – Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1698
08 Jun 2009 — WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. WebKit en Apple Safari anteriores a v4.0 no inicializa un puntero durante el proceso de llamada de función attr C... • http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 3%CPEs: 48EXPL: 1CVE-2009-1701 – Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2009-1701
08 Jun 2009 — Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute. Vulnerabilidad de uso después de la liberación en la implementación en WebKit en Apple Safari anteriores a v4.0... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 3%CPEs: 70EXPL: 1CVE-2009-0162 – Apple Safari 3.2.2 - 'feed:' URI Multiple Input Validation Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-0162
13 May 2009 — Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Safari v3.2.3 y v4 Beta Pública, en el Apple Mac OS X v10.5 y anteriores a v10.5.7 y Windows permite a atacantes remotos inyectar script web arbitrario o HTML a través de una suscripción manipulada: URL. • https://www.exploit-db.com/exploits/32994 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 9%CPEs: 72EXPL: 0CVE-2009-0945 – Apple Safari Malformed SVGList Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-0945
13 May 2009 — Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SV... • http://code.google.com/p/chromium/issues/detail?id=9019 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-476: NULL Pointer Dereference •