CVSS: 2.6EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1710
https://notcve.org/view.php?id=CVE-2009-1710
WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos suplantar en la pantalla del navegador el (1) nombre del equipo, (2) indicadores de seguridad, y otros elementos de la interface del usuario a través de un cursor personalizado junto a la propiedad hotspot de CSS3 modificada. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55014 http://secunia.com/advisories/35379 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://www.debian.org/security/2009/dsa-1950 http://www.securityfocus.com/bid/35260 http://www.securityfocus.com/bid/35340 http://www.vupen.com/english/advisories •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 1CVE-2009-1706
https://notcve.org/view.php?id=CVE-2009-1706
The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. La característica de Navegación Privada de Apple Safari anterior a v4.0 en Windows no elimina las cookies del almacenamiento de cookies alternativo en circunstancias no especificadas en relación con (1) la desactivación de la característica o (2) la salida de la aplicación, esto hace que sea más sencillo a los servidores Web remotos seguir a los usuarios mediante una cookie. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://osvdb.org/54997 http://secunia.com/advisories/35379 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/35260 http://www.securityfocus.com/bid/35346 http://www.vupen.com/english/advisories/2009/1522 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 1CVE-2009-1700
https://notcve.org/view.php?id=CVE-2009-1700
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. La implementación XSLT en WebKit en Apple Safari anteriores a 4.0 no trata apropiadamente las redirecciones, lo que permite a los atacantes remotos leer contenido XML desde páginas web arbitrarias a través de documentos manipudados. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54973 http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35260 http://www.vupen.com/english/advisories/2009/1522 http& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1715
https://notcve.org/view.php?id=CVE-2009-1715
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Web Inspector en WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos ayudados por por el usuario inyectar secuencias de comandos web o HTML, y leer ficheros locales, a través de vectores relacionados con la ejecución de secuencias de comandos con privilegios incorrectos. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54996 http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022344 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/35260 http://www.securityfocus.com/bid/35349 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english/adv • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1713
https://notcve.org/view.php?id=CVE-2009-1713
The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors. La funcionalidad XSLT en WebKit en Apple Safari anteriores a v4.0 no implementa adecuadamente la función "document", lo que permite a atacantes remotos leer (1) ficheros locales arbitrariamente (2) ficheros de diferentes zonas de seguridad a través de vectores inespecíficos. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54975 http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/35260 http://www.ubuntu.com/usn/USN-857-1 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english/advisories/2011/0212 https://exchange&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •