CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2010-0041
https://notcve.org/view.php?id=CVE-2010-0041
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. ImageIO de Apple Safari en versiones anteriores a la v4.0.5 en Windows no valida que el acceso a memoria esté asociado a la memoria inicializada, lo que permite, a atacantes remotos, obtener información confidencial de los procesos en memoria a través de una imagen BMP. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://secunia.com/advisories/39135 http://support.apple.com/kb/HT4070 http://support.apple.com/kb/HT4077 http://support.apple.com/kb/HT4105 http://support.apple.com/kb/HT4225 http: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0044
https://notcve.org/view.php?id=CVE-2010-0044
PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. PubSub en Apple Safari anterior a v 4.0.5 no implementa adecuadamente las preferencias de uso para aceptar y rechazar cookies, lo que facilita a servidores web remotos seguir las preferencias de usuario (tracking) estableciendo una cookie en un (1) RSS o (2) Atom feed. • http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://osvdb.org/62937 http://support.apple.com/kb/HT4070 http://www.securityfocus.com/bid/38671 http://www.securityfocus.com/bid/38675 https://exchange.xforce.ibmcloud.com/vulnerabilities/56830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7051 • CWE-16: Configuration •
CVSS: 9.3EPSS: 3%CPEs: 7EXPL: 0CVE-2010-0043
https://notcve.org/view.php?id=CVE-2010-0043
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. ImageIO en Apple Safari en versiones anteriores a la v4.0.5 en Windows permite a usuarios remotos ejecutar comandos de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de una imagen TIFF modificada. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://secunia.com/advisories/39135 http://support.apple.com/kb/HT4070 http://support.apple.com/kb/HT4077 http://support.apple.com/kb/HT4105 http://support.apple.com/kb/HT4225 http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 2%CPEs: 7EXPL: 0CVE-2010-0040
https://notcve.org/view.php?id=CVE-2010-0040
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. Desbordamiento de entero en ColorSync en Apple Safari anterior a 4.0.5 sobre Windows, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una imagen con un perfil de color manipulado que provoca un desbordamiento de búfer basado en memoria dinámica (heap). • http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://secunia.com/advisories/39135 http://support.apple.com/kb/HT4070 http://support.apple.com/kb/HT4105 http://www.securityfocus.com/bid/38671 http://www.securityfocus.com/bid/38674 http://www.securitytracker.com/id?1023706 https://exchange.xforce.ibmcloud.com/vulnerabilities/56826 https://oval.cisecurity.org/repository/search/definition& • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2010-0925
https://notcve.org/view.php?id=CVE-2010-0925
cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element. cfnetwork.dll 1.450.5.0 en CFNetwork, tal como se usa en safari.exe 531.21.10 en Apple Safari 4.0.4 en Windows, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante una cadena larga en el atributo SRC de un elemento (1) IMG o (2) IFRAME. • http://nobytes.com/exploits/Safari_4.0.4_background_DoS_pl.txt •