CVSS: 9.8EPSS: 6%CPEs: 126EXPL: 0CVE-2010-3811
https://notcve.org/view.php?id=CVE-2010-3811
20 Nov 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. Vulnerabilidad de uso después de la liberación en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 a la v10.6 y Windows en la v4.1.3 y anteriores y sobre Mac OS X v10.4, permite a atacantes remotos oejecutar código de su elec... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 6%CPEs: 126EXPL: 0CVE-2010-3818
https://notcve.org/view.php?id=CVE-2010-3818
20 Nov 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. Vulnerabilidad de uso después de liberación en WebKit en Apple Safari anterior a v5.0.3 sobre Mac OS X v10.5 hasta v10.6 y Windows, y before v4.1.3 sobre Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elecci... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 1%CPEs: 126EXPL: 2CVE-2010-3804 – WebKit - Insufficient Entropy Random Number Generator
https://notcve.org/view.php?id=CVE-2010-3804
20 Nov 2010 — The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. La implementación de JavaScript en WebKit en Apple Safari anteriores a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores a v4.1.3 en Mac OS X v10.4, usa un a... • https://www.exploit-db.com/exploits/35005 • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 126EXPL: 0CVE-2010-3810
https://notcve.org/view.php?id=CVE-2010-3810
20 Nov 2010 — WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack. WebKit en Apple Safari anteriores a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anteirores a v4.1.3 en Mac OS X v10.4, no maneja de forma adecuada el objeto History, lo que permite a atacantes remotos espiar la URL de la barra de l... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html •
CVSS: 9.3EPSS: 3%CPEs: 126EXPL: 0CVE-2010-3803
https://notcve.org/view.php?id=CVE-2010-3803
20 Nov 2010 — Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. Desbordamiento de entero en WebKit en Apple Safari anterior a v5.0.3 sobre Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 sobre Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caíd... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 1%CPEs: 126EXPL: 0CVE-2010-3826
https://notcve.org/view.php?id=CVE-2010-3826
20 Nov 2010 — WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, no realiza adecuadamente una conversión ... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4011
https://notcve.org/view.php?id=CVE-2010-4011
16 Nov 2010 — Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue." Dovecot para Apple Mac OS X v10.6.5 10H574 no maneja adecuadamente la memoria para nombres de usuario, lo que permite a usuarios autenticados remotamente leer correos electrónicos privados de otras personas en c... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2010-4010
https://notcve.org/view.php?id=CVE-2010-4010
16 Nov 2010 — Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document. Error de presencia de signo (signedness) de entero en Apple Type Services (ATS) en Apple Mac OS X v10.5.8, permite a atacantes remotos ejecutar código de su elección a través de una fuente Compact Font Format (CFF) manipulada embebida en un documento. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html • CWE-189: Numeric Errors •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2010-3796
https://notcve.org/view.php?id=CVE-2010-3796
16 Nov 2010 — Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications. Safari RSS en Apple Mac OS X v10.5.8 y v10.6.x anterior v10.6.5 no bloquea las applets de Java en los feed RSS, lo que permite a atacantes remotos obtener información sensible a través del feedo: URL contiene un applet que realiza modificaciones DOM. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2010-1844
https://notcve.org/view.php?id=CVE-2010-1844
16 Nov 2010 — Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image. Vulnerabilidad no específica en Image Capture en Apple Mac OS X v10.6.x anteriores a v10.6.5 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del sistema) a través de una imagen manipulada. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html • CWE-20: Improper Input Validation •