CVSS: 9.3EPSS: 0%CPEs: 126EXPL: 0CVE-2010-3819
https://notcve.org/view.php?id=CVE-2010-3819
20 Nov 2010 — WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, no realiza adecuadamente una co... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 126EXPL: 0CVE-2010-3808
https://notcve.org/view.php?id=CVE-2010-3808
20 Nov 2010 — WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, no realiza correctamente la conversión de una var... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 1%CPEs: 126EXPL: 0CVE-2010-3821
https://notcve.org/view.php?id=CVE-2010-3821
20 Nov 2010 — WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit en Apple Safari anteriores a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anteirores a v4.1.3 en Mac OS X v10.4, no maneja de f... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 126EXPL: 0CVE-2010-3823
https://notcve.org/view.php?id=CVE-2010-3823
20 Nov 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415. Una vulnerabilidad de uso después de liberación en el WebKit de Apple Safari antes de v5.0.3 en Mac OS X v10.5 a v10.6 y Windows, y antes de v4.1.3 en Mac OS X v10.4, permite a atacant... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 25EXPL: 1CVE-2010-4008 – libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis
https://notcve.org/view.php?id=CVE-2010-4008
16 Nov 2010 — libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. libxml2 anterior v2.7.8, como el usado en Google Chrome anterior v7.0.517.44, Apple Safari v5.0.2 y anteriores, otros productos, ree desde localizaciones de memoria inválidas durante el proc... • http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2010-4010
https://notcve.org/view.php?id=CVE-2010-4010
16 Nov 2010 — Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document. Error de presencia de signo (signedness) de entero en Apple Type Services (ATS) en Apple Mac OS X v10.5.8, permite a atacantes remotos ejecutar código de su elección a través de una fuente Compact Font Format (CFF) manipulada embebida en un documento. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-1847
https://notcve.org/view.php?id=CVE-2010-1847
16 Nov 2010 — The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors. El kernel en Apple Mac OS X v10.6.x anteriores a v10.6.5 no realiza de forma adecuada la gestión de memoria asociada con dispositivos terminales, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de vectores no especificos. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 8%CPEs: 12EXPL: 0CVE-2010-3790 – Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3790
16 Nov 2010 — QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary. QuickTime en Apple Mac OS X V10.6.x anterior v10.6.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída aplicación) a través de un archivo de película man... • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 12EXPL: 0CVE-2010-3785
https://notcve.org/view.php?id=CVE-2010-3785
16 Nov 2010 — Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document. Desbordamiento de búfer en QuickLook en Apple Mac OS X v10.5.8 y v10.6.x anterior v10.6.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída aplicación) a través de un documento Microsoft Office manipulado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 12EXPL: 0CVE-2010-1845
https://notcve.org/view.php?id=CVE-2010-1845
16 Nov 2010 — ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image. ImageIO en Apple Mac OS X v10.5.8 y v10.6.x anterior v10.6.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de una imagen PSD manipulada. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html • CWE-20: Improper Input Validation •