CVSS: 9.3EPSS: 2%CPEs: 34EXPL: 1CVE-2009-1704
https://notcve.org/view.php?id=CVE-2009-1704
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file. CFNetwork en Apple Safari anteriores a v4.0 malinterpreta los ficheros de imagen descargados como ficheros locales HTML en circunstancias sin especificar, lo que permite a atacantes remotos ejecutar código JavaScript de forma arbitraria incluyendo este en un fichero de imagen. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://osvdb.org/55010 http://secunia.com/advisories/35379 http://securitytracker.com/id?1022343 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/35260 http://www.securityfocus.com/bid/35344 http://www.vupen.com/english/advisories/2009/1522 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1697
https://notcve.org/view.php?id=CVE-2009-1697
CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. Vulnerabilidad de inyección CRLF (se refiere a CR (retorno de carro) y LF (salto de línea)) en WebKit en Apple Safari anterior a v4.0. Permite a atacantes remotos inyectar cabeceras HTTP y saltarse la política "Same Origin" a través de un documento HTML manipulado, relativo a ataques de secuencias de comandos en sitios cruzados (XSS) que dependen de la comunicación con sitios Web arbitrarios dentro del mismo servidor Web, mediante el uso de XMLHttpRequest sin la cabecera Host. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54992 http://secunia.com/advisories/35379 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022344 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.debian. • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 2%CPEs: 34EXPL: 1CVE-2009-1711
https://notcve.org/view.php?id=CVE-2009-1711
WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. WebKit en Apple Safari anterior a v4.0 no inicializa correctamente memoria para los objetos Attr DOM, lo cual permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de la aplicación) a través de un documento HTML elaborado. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55015 http://secunia.com/advisories/35379 http://secunia.com/advisories/36790 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022345 http://support.apple.com/kb/HT3613 http://www.debian.org/security/2009/dsa-1950 http://www.securityfocus.com/bid/35260 http: • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1715
https://notcve.org/view.php?id=CVE-2009-1715
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Web Inspector en WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos ayudados por por el usuario inyectar secuencias de comandos web o HTML, y leer ficheros locales, a través de vectores relacionados con la ejecución de secuencias de comandos con privilegios incorrectos. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54996 http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022344 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/35260 http://www.securityfocus.com/bid/35349 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english/adv • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1716
https://notcve.org/view.php?id=CVE-2009-1716
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. CFNetwork en Apple Safari anterior a v4.0 sobre Windows, no protege adecuadamente los ficheros temporales de las descargas que crea, lo que permite a usuarios locales obtener información sensible leyendo éstos archivos. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://secunia.com/advisories/35379 http://securitytracker.com/id?1022342 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/35260 http://www.securityfocus.com/bid/35347 http://www.vupen.com/english/advisories/2009/1522 • CWE-264: Permissions, Privileges, and Access Controls •