CVSS: 9.3EPSS: 1%CPEs: 70EXPL: 0CVE-2011-0216 – libxml2: Off-by-one error leading to heap-based buffer overflow in encoding
https://notcve.org/view.php?id=CVE-2011-0216
Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. Error Off-by-one en libxml en Apple Safari v5.0.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de la aplicación) a través de un sitio web manipulado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://rhn.redhat.com/errata/RHSA-2013-0217.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5001 http://www.debian.org/security/2012/dsa-2394 http://www.mandriva.com/security/advisories?name&# • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 0%CPEs: 71EXPL: 0CVE-2010-1420
https://notcve.org/view.php?id=CVE-2010-1420
Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en CFNetwork en Apple Safari anterior a v5.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un fichero en texto plano manipulado • http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 71EXPL: 0CVE-2011-0214
https://notcve.org/view.php?id=CVE-2011-0214
CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority. CFNetwork en Apple Safari v5.0.6 y anteriores en Windows que no controla correctamente un atributo, no es de confianza un certificado de raíz del sistema, y permite a los servidores Web remotos eludir las restricciones destinadas SSL a través de un certificado firmado por una autoridad de certificación de la lista negra (no autorizada). • http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 • CWE-310: Cryptographic Issues •
CVSS: 5.8EPSS: 0%CPEs: 79EXPL: 0CVE-2011-0219
https://notcve.org/view.php?id=CVE-2011-0219
Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts. Apple Safari anterior a v5.0.6 permite a atacantes remotos evitar el Same Origin Policy, y modificar el renderizado de texto de sitios web de su elección, a través de un applet Java que carga fuentes. • http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 71EXPL: 0CVE-2011-0215
https://notcve.org/view.php?id=CVE-2011-0215
ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file. ImageIO en Safari de Apple antes de v5.0.6 en Windows no soluciona adecuadamente los problemas de reentrada , que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación ) a través de un archivo TIFF manipulado . • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 • CWE-20: Improper Input Validation •