CVSS: 4.3EPSS: 0%CPEs: 79EXPL: 0CVE-2011-0242
https://notcve.org/view.php?id=CVE-2011-0242
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Webkit en Safari de Apple antes de v5.0.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que incluyen una URL que contiene un nombre de usuario. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4999 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 96%CPEs: 79EXPL: 2CVE-2011-1774 – Apple Safari Webkit libxslt Arbitrary File Creation
https://notcve.org/view.php?id=CVE-2011-1774
WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425. WebKit de Apple Safari v5.0.6 anteriores de que se ha inadecuada configuración de seguridad libxslt, que permite a atacantes remotos crear archivos, y por lo tanto ejecutar código, a través de un sitio web manipulado. NOTA: esto puede solaparse con CVE-2011-1425. • https://www.exploit-db.com/exploits/17993 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://securityreason.com/securityalert/8481 http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://lists.apple.com/archives/Security-announce/2011/Jul/msg0 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 20%CPEs: 79EXPL: 0CVE-2011-0232 – WebKit ContentEditable Inline Style Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0232
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit, empleado en Safari anterior a v5.0.6, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria o caída de aplicación) a través de un sitio web manipulado. Vulnerabilidad distinta de APPLE-SA-2011-07-20-1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit as utilized by either Apple Safari, or Google's Chrome browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the library handles implicitly defined styles. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 79EXPL: 0CVE-2011-0223
https://notcve.org/view.php?id=CVE-2011-0223
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit, como se usa en el navegaodor Safari de Apple antes de v5.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio ( corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit que figuran en APPLE-SA-2011-07-20-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 70EXPL: 0CVE-2011-0216 – libxml2: Off-by-one error leading to heap-based buffer overflow in encoding
https://notcve.org/view.php?id=CVE-2011-0216
Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. Error Off-by-one en libxml en Apple Safari v5.0.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de la aplicación) a través de un sitio web manipulado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://rhn.redhat.com/errata/RHSA-2013-0217.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5001 http://www.debian.org/security/2012/dsa-2394 http://www.mandriva.com/security/advisories?name&# • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •