CVSS: 9.3EPSS: 3%CPEs: 78EXPL: 0CVE-2010-1790 – WebKit: multiple vulnerabilities in WebKitGTK
https://notcve.org/view.php?id=CVE-2010-1790
30 Jul 2010 — WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue." WebKit de Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores a la v4.1.1 en Mac ... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html •
CVSS: 9.3EPSS: 6%CPEs: 78EXPL: 0CVE-2010-1780 – WebKit: multiple vulnerabilities in WebKitGTK
https://notcve.org/view.php?id=CVE-2010-1780
30 Jul 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus. Vulnerabilidad de usar después de liberar en WebKit de Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores a la v4.1.1 en Mac OS X v10.4, permite a at... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 78EXPL: 0CVE-2010-1796
https://notcve.org/view.php?id=CVE-2010-1796
30 Jul 2010 — The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. La función autocompletar en Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta la v10.6 y Windows, y anteriores a la v4.1.1 en Mac OS X v10.4, permite a atacantes remotos obtener información confidencial del libreta de di... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 4%CPEs: 78EXPL: 0CVE-2010-1784 – Apple Webkit Rendering Counter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1784
30 Jul 2010 — The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. La función "counters" (contadores) en la implementación de hojs de estilo (CSS) de WebKit de Apple Safari en versiones anteriores a la v5.0... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 6%CPEs: 78EXPL: 0CVE-2010-1787 – Apple Webkit SVG Floating Text Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1787
30 Jul 2010 — WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document. WebKit de Apple Safari en versiones anteriores a la v5.0.1 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores a la v4.1.1 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o p... • http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 42%CPEs: 6EXPL: 3CVE-2010-0211 – OpenLDAP 2.4.22 - 'modrdn' Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0211
27 Jul 2010 — The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. La función slap_modrdn2mods en modrdn.c e... • https://www.exploit-db.com/exploits/34348 • CWE-252: Unchecked Return Value •
CVSS: 9.8EPSS: 17%CPEs: 31EXPL: 4CVE-2010-1205 – libpng 1.4.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-1205
30 Jun 2010 — Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Desbordamiento de buffer en el fichero pngpread.c en libpng anteriores a 1.2.44 y 1.4.x anteriroes a 1.4.3, como se utiliza en aplicaciones progresivas, podría permitir a atacantes remotos ejecutar código arbitrario mediante una imagen PNG que desencadena una serie de datos adicionales. ... • https://www.exploit-db.com/exploits/14422 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1637 – SquirrelMail: Mail Fetch plugin -- port-scans via non-standard POP3 server ports
https://notcve.org/view.php?id=CVE-2010-1637
22 Jun 2010 — The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. El plugin Mail Fetch en SquirrelMail 1.4.20 y versiones anteriores, permite a atacantes remotos autenticados eludir las restricciones del firewall y usar SquirrelMail como un proxy para escanear redes internas mediante un número de puerto POP3 modificado. • http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2010-0545
https://notcve.org/view.php?id=CVE-2010-0545
17 Jun 2010 — The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations. El buscador de DesktopServices en Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.4, no asigna un propietario a los archivos durante una acción "Aplicar a los elementos incluidos", lo que permite eludir las restricciones de acceso a usuarios locales ... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 0CVE-2010-0543
https://notcve.org/view.php?id=CVE-2010-0543
17 Jun 2010 — ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding. ImageIO en Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.2 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (por corrupción de memoria y caída de la aplicación) a través de un archivo de película debidamente modificado con codificación MPEG2... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •