CVSS: 10.0EPSS: 6%CPEs: 74EXPL: 0CVE-2010-1401 – Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1401
08 Jun 2010 — Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element. Vulnerabilidad de uso despues de liberacion en la implementación de las hojas de estilo en cascada (CSS) en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 6%CPEs: 74EXPL: 0CVE-2010-1402 – Apple Webkit ConditionEventListener Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1402
08 Jun 2010 — Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object. Una vulnerabilidad de doble liberación en WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 y ... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 8%CPEs: 74EXPL: 0CVE-2010-1403 – Apple Webkit ProcessInstruction Target Error Message Insertion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1403
08 Jun 2010 — WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction. WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 y Windows, y anterio... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 74EXPL: 0CVE-2010-1404 – Apple Webkit Recursive Use Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1404
08 Jun 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction. Una vulnerabilidad de uso de la memoria previamente liberada en WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 ... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 3%CPEs: 74EXPL: 0CVE-2010-1749 – Apple Webkit SVG RadialGradiant Run-in Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1749
08 Jun 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times. Una vulnerabilidad de uso de la memoria previamente liberada en WebKit en Safari de Apple anterio... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 13%CPEs: 73EXPL: 0CVE-2010-1770 – Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1770
08 Jun 2010 — WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." WebKit en Safari de Apple anterior a versión 5.0... • http://code.google.com/p/chromium/issues/detail?id=43487 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 43EXPL: 0CVE-2010-0531
https://notcve.org/view.php?id=CVE-2010-0531
31 Mar 2010 — Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file. Apple iTunes en versiones anteriores a la 9.1 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un fichero de podcast MP4 manipulado. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0063
https://notcve.org/view.php?id=CVE-2010-0063
30 Mar 2010 — Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions. Vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X anterior v10.6.3 hace que sea fácil para atacantes asistidos por us... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html •
CVSS: 7.8EPSS: 1%CPEs: 26EXPL: 0CVE-2010-0065
https://notcve.org/view.php?id=CVE-2010-0065
30 Mar 2010 — Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression. Disk Images de Apple Mac OS X anterior a v10.6.3 permite a atacantes remotos asistidos por el usuario ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) mediante una imagen de disco manipulada con compresión bzip2. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 26EXPL: 0CVE-2010-0497 – Apple OS X Internet Enabled Disk Image Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0497
30 Mar 2010 — Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type. Disk Images en Apple Mac OS X anteriores a v10.6.3 no proporciona la advertencia esperada de tipo de fichero inseguro en una imagen de disco habilitada para internet, lo cual facilita a atacantes remotos asistidos por usuarios ejecutar código a su elección a trav... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html •