CVSS: 9.3EPSS: 8%CPEs: 126EXPL: 0CVE-2010-3823
https://notcve.org/view.php?id=CVE-2010-3823
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415. Una vulnerabilidad de uso después de liberación en el WebKit de Apple Safari antes de v5.0.3 en Mac OS X v10.5 a v10.6 y Windows, y antes de v4.1.3 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caida de la aplicación) a través de vectores que implican objetos "Geolocation". NOTA: Este problema puede superponerse con CVE-2010-3415. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 https:// • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 8%CPEs: 126EXPL: 0CVE-2010-3824
https://notcve.org/view.php?id=CVE-2010-3824
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements. Vulnerabilidad de uso después de la liberación en WebKit en Apple Safari anteriores a v5.0.3 en Mac OS X 10.5 hasta v10.6 y Windows, y anteriores a v4.1.3 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o producir una denegación de servicio (caída de aplicación) a través de vectores que que implican el uso de elementos SVG. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 https:// • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0CVE-2010-1374
https://notcve.org/view.php?id=CVE-2010-1374
Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation. Vulnerabilidad de salto de directorio en iChat en Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.4, cuando el objetivo se utiliza, permite a atacantes remotos crear ficheros arbitrarios mediante secuencias de salto de directorio en una operación de transferencia de un archivo de imagen. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://secunia.com/advisories/40220 http://securitytracker.com/id?1024103 http://support.apple.com/kb/HT4188 http://www.securityfocus.com/bid/40871 http://www.vupen.com/english/advisories/2010/1481 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 93%CPEs: 108EXPL: 1CVE-2010-1119 – Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1119
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. Una vulnerabilidad de uso de memoria previamente liberada en WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 y Windows, Safari anterior a versión 4.1 sobre Mac OS X versión 10.4, y Safari en iPhone OS de Apple, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación), o leer la base de datos SMS u otros datos, por medio de vectores relacionados con "attribute manipulation", como es demostrado por Vincenzo Iozzo y Ralf Philipp Weinmann durante una competición Pwn2Own en CanSecWest 2010. This vulnerability allows remote attackers to execute remote code on vulnerable installations of Apple Webkit. User interaction is required in that a target must be coerced into visiting a malicious page. The specific flaw exists within Webkit's process for destructing attribute objects via the removeChild method. If an attribute's child object is accessed after the attribute was removed from the document, an invalid pointer is referenced. • https://www.exploit-db.com/exploits/16974 http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://news.cnet.com/8301-27080_3-20001126-245.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://securityreason.com/securityalert • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 3%CPEs: 73EXPL: 0CVE-2009-2804
https://notcve.org/view.php?id=CVE-2009-2804
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow. Un desbordamiento enteros en ColorSync en Mac OS X versiones 10.4.11 y 10.5.8, y Safari anterior a versión 4.0.4, de Apple, en Windows, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un bloqueo de un perfil ColorSync diseñado insertado en una imagen, conllevando a un desbordamiento de búfer en la región heap de la memoria. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://osvdb.org/57949 http://secunia.com/advisories/36701 http://secunia.com/advisories/37346 http://support.apple.com/kb/HT3865 http://support.apple.com/kb/HT3949 http://www.securityfocus.com/bid/36357 http://www.vupen.com/english/advisories/2009/3217 https://exchange.xforce.ibmcloud.com/vulnerabilities/53166 • CWE-189: Numeric Errors •