CVSS: 4.3EPSS: 0%CPEs: 74EXPL: 0CVE-2010-1408
https://notcve.org/view.php?id=CVE-2010-1408
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099. WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a los atacantes remotos eludir restricciones en conexiones salientes a puertos TCP no por defecto a través de números de puerto manipulados, relativo a una vulnerabilidad de truncado de enteros. Esta vulnerabilidad se solapa con CVE-2010-1099. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http://sec • CWE-189: Numeric Errors CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 74EXPL: 0CVE-2010-1409
https://notcve.org/view.php?id=CVE-2010-1409
Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port. Vulnerabilidad de lista negra incompleta en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a los atacantes remotos provocar revelación de datos sobre IRC a través de vectores involucrados en el puerto del servicio IRC. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024067 http://supp •
CVSS: 4.3EPSS: 0%CPEs: 74EXPL: 0CVE-2010-1422
https://notcve.org/view.php?id=CVE-2010-1422
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document. WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mas OS X v10.4, no maneja apropiadamente cambios en el foco del teclado que se producen durante el procesamiento del evento "pulsar una tecla", lo cual permite a atacantes remotos forzar el pulsado de teclas a su elección a través de documentos HTML manipulados. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http:/&#x •
CVSS: 9.3EPSS: 2%CPEs: 11EXPL: 0CVE-2010-1750
https://notcve.org/view.php?id=CVE-2010-1750
Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management. Vulnerabilidad de uso despues de liberacion en WebKit de Apple Safari anterior a v5.0 en Windows permite a los atacantes remotos ejecutar código a su elección o causar una denegación de servicio (fallo de la aplicación) a través de vectores relacionados con la inadecuada gestión de ventanas. • http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://secunia.com/advisories/40105 http://securitytracker.com/id?1024067 http://support.apple.com/kb/HT4196 http://www.securityfocus.com/bid/40620 http://www.vupen.com/english/advisories/2010/1373 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7143 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 74EXPL: 0CVE-2010-1389
https://notcve.org/view.php?id=CVE-2010-1389
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a atacantes remotos asistidos por el usuario inyectar a su elección código web o HTML a través de vectores involucrando una operación de (1) pegar o (2) arrastrar y soltar para una selección. • http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024067 http://support.apple.com/kb/HT4196 http://support.apple.com/kb/HT4225 http://www.mandriva.com/security/advisories?name= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •