CVSS: 1.2EPSS: 0%CPEs: 12EXPL: 1CVE-2009-1707
https://notcve.org/view.php?id=CVE-2009-1707
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. Condición de carrera en la implementación de "Reset Safari" en Apple Safari anteriores a la v4.0 en Windows permitiría a usuarios locales leer contraseñas web a través de vectores sin especificar. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://osvdb.org/55012 http://secunia.com/advisories/35379 http://secunia.com/advisories/42314 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT4456 http://www.securityfocus.com/bid/35260 http://www.securityfocus.com/bid/35352 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 2%CPEs: 34EXPL: 1CVE-2009-1711
https://notcve.org/view.php?id=CVE-2009-1711
WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. WebKit en Apple Safari anterior a v4.0 no inicializa correctamente memoria para los objetos Attr DOM, lo cual permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de la aplicación) a través de un documento HTML elaborado. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55015 http://secunia.com/advisories/35379 http://secunia.com/advisories/36790 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022345 http://support.apple.com/kb/HT3613 http://www.debian.org/security/2009/dsa-1950 http://www.securityfocus.com/bid/35260 http: • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1696
https://notcve.org/view.php?id=CVE-2009-1696
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session. WebKit en Apple Safari anterior a v4.0 emplea números aleatorios predecibles en las aplicaciones JavaScript, esto simplifica a los servidores Web remotos seguir el comportamiento de un usuario de Safari en una sesión. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55027 http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35260 http://www.vupen.com/english/advisories/2009/1522 http& • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 3%CPEs: 34EXPL: 1CVE-2009-1712
https://notcve.org/view.php?id=CVE-2009-1712
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. WebKit de Apple Safari anterior a v4.0 no previene la carga remota de los applets de Java locales, esto permite a atacante remotos ejecutar código de su elección, aumentar sus privilegios u obtener información sensible a través de un APPLET o elemento OBJECT. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55022 http://secunia.com/advisories/35379 http://secunia.com/advisories/36790 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022345 http://support.apple.com/kb/HT3613 http://www.debian.org/security/2009/dsa-1950 http://www.securityfocus.com/bid/35260 http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 34EXPL: 1CVE-2009-1718
https://notcve.org/view.php?id=CVE-2009-1718
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. Webkit de Apple Safari anterior a v4.0, permite a atacantes remotos con la ayuda del usuario obtener información sensible a través de vectores que utilizan eventos drag -arrastrar- y el arrastre de contenidos a través de una página Web manipulada. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/35260 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english/advisories/2011/0212 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •