CVSS: 9.3EPSS: 20%CPEs: 79EXPL: 0CVE-2011-0232 – WebKit ContentEditable Inline Style Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0232
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit, empleado en Safari anterior a v5.0.6, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria o caída de aplicación) a través de un sitio web manipulado. Vulnerabilidad distinta de APPLE-SA-2011-07-20-1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit as utilized by either Apple Safari, or Google's Chrome browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the library handles implicitly defined styles. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 79EXPL: 0CVE-2011-0223
https://notcve.org/view.php?id=CVE-2011-0223
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit, como se usa en el navegaodor Safari de Apple antes de v5.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio ( corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit que figuran en APPLE-SA-2011-07-20-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 70EXPL: 0CVE-2011-0216 – libxml2: Off-by-one error leading to heap-based buffer overflow in encoding
https://notcve.org/view.php?id=CVE-2011-0216
Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. Error Off-by-one en libxml en Apple Safari v5.0.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de la aplicación) a través de un sitio web manipulado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://rhn.redhat.com/errata/RHSA-2013-0217.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5001 http://www.debian.org/security/2012/dsa-2394 http://www.mandriva.com/security/advisories?name&# • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 0%CPEs: 71EXPL: 0CVE-2010-1420
https://notcve.org/view.php?id=CVE-2010-1420
Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en CFNetwork en Apple Safari anterior a v5.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un fichero en texto plano manipulado • http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 71EXPL: 0CVE-2011-0214
https://notcve.org/view.php?id=CVE-2011-0214
CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority. CFNetwork en Apple Safari v5.0.6 y anteriores en Windows que no controla correctamente un atributo, no es de confianza un certificado de raíz del sistema, y permite a los servidores Web remotos eludir las restricciones destinadas SSL a través de un certificado firmado por una autoridad de certificación de la lista negra (no autorizada). • http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 • CWE-310: Cryptographic Issues •