CVSS: 4.3EPSS: 1%CPEs: 74EXPL: 0CVE-2010-1422
https://notcve.org/view.php?id=CVE-2010-1422
11 Jun 2010 — WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document. WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mas OS X v10.4, no maneja apropiadamente cambios en el foco del teclado que se producen durante el procesamiento d... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html •
CVSS: 6.1EPSS: 1%CPEs: 74EXPL: 0CVE-2010-1389
https://notcve.org/view.php?id=CVE-2010-1389
11 Jun 2010 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a atacant... • http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 74EXPL: 0CVE-2010-1390
https://notcve.org/view.php?id=CVE-2010-1390
11 Jun 2010 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 74EXPL: 0CVE-2010-1394
https://notcve.org/view.php?id=CVE-2010-1394
11 Jun 2010 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) in WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a los atacantes remotos inyectar a su lección código web o... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 1%CPEs: 74EXPL: 0CVE-2010-1393
https://notcve.org/view.php?id=CVE-2010-1393
11 Jun 2010 — The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. La implementación de hojas de estilo en cascada (CSS) en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a los atacantes remotos descubrir URLs sensibles a través del atr... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 74EXPL: 0CVE-2010-1406
https://notcve.org/view.php?id=CVE-2010-1406
11 Jun 2010 — WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660. WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, envía una URL https en la cab... • http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 4%CPEs: 74EXPL: 0CVE-2010-1397 – Apple Webkit DOCUMENT_POSITION_DISCONNECTED Attribute Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1397
08 Jun 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type. Una vulnerabilidad de uso de la memoria previamente liberada en WebKit en Safari de Apple anterior a versión 5.0 sobr... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 3%CPEs: 74EXPL: 0CVE-2010-1398 – Apple Webkit ContentEditable moveParagraphs Uninitialized Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1398
08 Jun 2010 — WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element. WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 74EXPL: 0CVE-2010-1399 – Apple Webkit SelectionController via Marquee Event Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1399
08 Jun 2010 — WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, accede a memoria no inicializada durante un cambio de selección en un elem... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 74EXPL: 0CVE-2010-1401 – Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1401
08 Jun 2010 — Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element. Vulnerabilidad de uso despues de liberacion en la implementación de las hojas de estilo en cascada (CSS) en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-399: Resource Management Errors •