CVSS: 10.0EPSS: 13%CPEs: 74EXPL: 0CVE-2010-1404 – Apple Webkit Recursive Use Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1404
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction. Una vulnerabilidad de uso de la memoria previamente liberada en WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 y Windows, y anterior a versión 4.1 sobre Mac OS X versión 10.4, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un documento SVG que contiene elementos de uso recursivo, que no se manejan apropiadamente durante la deconstrucción de la página. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the WebKit library handles recursively defined Use elements. Upon expanding the target of the use element within the tree, the application will create a dual-reference of a Use element. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024067 http://supp • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 10%CPEs: 74EXPL: 0CVE-2010-1749 – Apple Webkit SVG RadialGradiant Run-in Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1749
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times. Una vulnerabilidad de uso de la memoria previamente liberada en WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 y Windows, y anterior a versión 4.1 sobre Mac OS X versión 10.4, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de vectores relacionados con la propiedad de ejecución de Cascading Style Sheets (CSS) y múltiples invocaciones de un destructor para un elemento hijo al que ha sido referenciado varias veces. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support of the run-in display property. On insertion of a specific element with the "run-in" display property, the application will create a duplicate reference of a child element used to support that attribute. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024067 http://support.apple.com/kb/HT4196 http://support.apple.com/kb/HT4220 http://www.securityfocus.com/archive/1/511725& • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 96%CPEs: 73EXPL: 0CVE-2010-1770 – Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1770
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 y Windows, Safari de Apple anterior a versión 4.1 sobre Mac OS X versión 10.4 y Chrome de Google anterior a versión 5.0.375.70, no maneja apropiadamente una transformación de un nodo de texto que tiene el conjunto de caracteres IBM1147, que permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) por medio de un documento HTML especialmente diseñado que contiene un elemento BR, relacionado con un "type checking issue." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Webkit's support of character sets. If the IBM1147 character set is applied to a particular element and that element has a text transformation applied to it, the application will attempt to access an object that doesn't exist in order to perform the transformation. • http://code.google.com/p/chromium/issues/detail?id=43487 http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2010-1940
https://notcve.org/view.php?id=CVE-2010-1940
Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Apple Safari 4.0.5 en Windows envía la cabecera "Authorization: Basic" necesaria para un sitio web a un sitio web diferente referenciado en una cabecera "Location" recibida desde el primer sitio, lo que permite a servidores web remotos obtener información sensible mediante el almacenamiento de peticiones HTTP. NOTA: la procedencia de esta información es desconocida; los detalles se han obtenido exclusivamente de información de terceros. • http://secunia.com/advisories/39670 https://exchange.xforce.ibmcloud.com/vulnerabilities/58620 • CWE-255: Credentials Management Errors •
CVSS: 7.6EPSS: 95%CPEs: 2EXPL: 4CVE-2010-1939 – Apple Safari 4.0.5 - 'parent.close()' Memory Corruption (ASLR + DEP Bypass)
https://notcve.org/view.php?id=CVE-2010-1939
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. Vulnerabilidad de uso despues de liberacion en Apple Safari 4.0.5 en Windows permite a atacantes remotos ejecutar código de su elección mediante el uso de window.open para crear una ventana emergente para un documento HTML manipulado y después llamando al método close de la ventana de origen, lo que dispara un manejo no apropiado de un objeto de ventana borrado. • https://www.exploit-db.com/exploits/12614 https://www.exploit-db.com/exploits/12573 http://h07.w.interia.pl/Safari.rar http://reviews.cnet.com/8301-13727_7-20004709-263.html http://secunia.com/advisories/39670 http://securitytracker.com/id?1023958 http://www.kb.cert.org/vuls/id/943165 http://www.osvdb.org/64482 http://www.securityfocus.com/bid/39990 http://www.vupen.com/english/advisories/2010/1097 https://oval.cisecurity.org/repository/search/definition/oval% • CWE-399: Resource Management Errors •