CVSS: 9.3EPSS: 2%CPEs: 34EXPL: 1CVE-2009-1711
https://notcve.org/view.php?id=CVE-2009-1711
WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. WebKit en Apple Safari anterior a v4.0 no inicializa correctamente memoria para los objetos Attr DOM, lo cual permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de la aplicación) a través de un documento HTML elaborado. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55015 http://secunia.com/advisories/35379 http://secunia.com/advisories/36790 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022345 http://support.apple.com/kb/HT3613 http://www.debian.org/security/2009/dsa-1950 http://www.securityfocus.com/bid/35260 http: • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1696
https://notcve.org/view.php?id=CVE-2009-1696
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session. WebKit en Apple Safari anterior a v4.0 emplea números aleatorios predecibles en las aplicaciones JavaScript, esto simplifica a los servidores Web remotos seguir el comportamiento de un usuario de Safari en una sesión. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55027 http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35260 http://www.vupen.com/english/advisories/2009/1522 http& • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1697
https://notcve.org/view.php?id=CVE-2009-1697
CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. Vulnerabilidad de inyección CRLF (se refiere a CR (retorno de carro) y LF (salto de línea)) en WebKit en Apple Safari anterior a v4.0. Permite a atacantes remotos inyectar cabeceras HTTP y saltarse la política "Same Origin" a través de un documento HTML manipulado, relativo a ataques de secuencias de comandos en sitios cruzados (XSS) que dependen de la comunicación con sitios Web arbitrarios dentro del mismo servidor Web, mediante el uso de XMLHttpRequest sin la cabecera Host. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54992 http://secunia.com/advisories/35379 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022344 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.debian. • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 3%CPEs: 34EXPL: 1CVE-2009-1712
https://notcve.org/view.php?id=CVE-2009-1712
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. WebKit de Apple Safari anterior a v4.0 no previene la carga remota de los applets de Java locales, esto permite a atacante remotos ejecutar código de su elección, aumentar sus privilegios u obtener información sensible a través de un APPLET o elemento OBJECT. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55022 http://secunia.com/advisories/35379 http://secunia.com/advisories/36790 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022345 http://support.apple.com/kb/HT3613 http://www.debian.org/security/2009/dsa-1950 http://www.securityfocus.com/bid/35260 http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1718
https://notcve.org/view.php?id=CVE-2009-1718
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. Webkit de Apple Safari anterior a v4.0, permite a atacantes remotos con la ayuda del usuario obtener información sensible a través de vectores que utilizan eventos drag -arrastrar- y el arrastre de contenidos a través de una página Web manipulada. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/35260 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english/advisories/2011/0212 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •