CVSS: 9.3EPSS: 4%CPEs: 10EXPL: 0CVE-2010-1806 – Apple Safari Webkit Runin Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1806
Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers. Vulnerabilidad de uso después de la liberación en Apple Safari v4.x anteriores a v4.1.2 y v5.x anteriores a v5.0.2 , permite a atacantes remotos ejecutar código o provacar una denegación de servicio (caída de la aplicación) a través del acondicionamiento del estilo de un elemento, relacionado con objeto de punteros. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's support of an element containing the run-in property. When a block box is appended as the sibling of a run-in box, the run-in box will be promoted to the first inline box. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010//Sep/msg00001.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4333 http://support.apple.com/kb/HT4456 http://www.securityfocus.com/bid/43049 http://www.vupen.com/english/advisories/2010/3046 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11729 • CWE-399: Resource Management Errors •
CVSS: 6.9EPSS: 0%CPEs: 11EXPL: 0CVE-2010-1805
https://notcve.org/view.php?id=CVE-2010-1805
Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. Vulnerabilidad ruta de búsqueda no confiable en Apple Safari v4.x anteriores a v4.1.2 y v5.x anteriores a v5.0.2 en Windows, permite a usuarios locales obtener privilegios a través del troyano explorer.exe (también conocido como Windows Explorer), programa que en un directorio contiene un fichero que puede ser descargado por Safari. • http://lists.apple.com/archives/security-announce/2010//Sep/msg00001.html http://support.apple.com/kb/HT4333 http://www.securityfocus.com/bid/43048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11956 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 92%CPEs: 24EXPL: 2CVE-2010-1807 – Google Android 2.0 < 2.1 - Code Execution (Reverse Shell 10.0.2.2:2222/TCP)
https://notcve.org/view.php?id=CVE-2010-1807
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. WebKit en Apple Safari v4.x anteriores a v4.1.2 y v5.x anteriores a v5.0.2 no valida de forma adecuada los datos con punto flotante, lo que permite a atacantes remotos ejecutar código o provocar una denegación de servicio (caída de la aplicación) a través de un documento HTML manipulado. • https://www.exploit-db.com/exploits/15423 https://www.exploit-db.com/exploits/15548 http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010//Sep/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://secunia.com/advisories/43086 http://support.apple.com/kb&# • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2010-3259 – webkit: cross-origin image theft
https://notcve.org/view.php?id=CVE-2010-3259
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. Google Chrome anterior a v6.0.472.53 no restringe apropiadamente el acceso de lectura a las imágenes, lo que permite a atacantes remotos evitar la "Same Origin Policy" y obtener información potencialmente sensible a través de vectores sin especificar • http://code.google.com/p/chromium/issues/detail?id=53001 http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://secunia&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 4%CPEs: 8EXPL: 0CVE-2010-3257 – webkit: stale pointer issue with focusing
https://notcve.org/view.php?id=CVE-2010-3257
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus. Google Chrome anterior a v6.0.472.53 no realiza apropiadamente el manejo del foco, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otros impactos sin especificar a través de vectores desconocidos. Relacionado con un problema "stale pointer" • http://code.google.com/p/chromium/issues/detail?id=52443 http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://secunia&# • CWE-416: Use After Free •