CVSS: 4.3EPSS: 15%CPEs: 1EXPL: 1CVE-2008-2000
https://notcve.org/view.php?id=CVE-2008-2000
Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. Vulnerabilidad no especificada en Apple Safari 3.1.1 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante un código JavaScript que llama a document.write en un bucle infinito. • http://es.geocities.com/jplopezy/pruebasafari3.html http://securityreason.com/securityalert/3833 http://www.securityfocus.com/archive/1/491192/100/0/threaded http://www.vupen.com/english/advisories/2008/1347 https://exchange.xforce.ibmcloud.com/vulnerabilities/41985 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0CVE-2008-1999
https://notcve.org/view.php?id=CVE-2008-1999
Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences. Apple Safari 3.1.1 permite a atacantes remotos falsificar la barra de direcciones colocando varios caracteres "invisibles" en el subcomponente userinfo del componente authority de la URL -también conocido como el fichero del usuario (user file)-; como se ha demostrado con las secuencias %E3%80%80. • http://es.geocities.com/jplopezy/pruebasafari3.html http://secunia.com/advisories/29900 http://securityreason.com/securityalert/3833 http://www.securityfocus.com/archive/1/491192/100/0/threaded http://www.vupen.com/english/advisories/2008/1347 https://exchange.xforce.ibmcloud.com/vulnerabilities/41981 •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2008-1025
https://notcve.org/view.php?id=CVE-2008-1025
Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apple WebKit, como el que se utiliza en Safari anterior a 3.1.1, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección mediante una URL manipulada con una coma en la sección del nombre de máquina (hostname). • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html http://secunia.com/advisories/29846 http://secunia.com/advisories/31074 http://support.apple.com/kb/HT1467 http://www.kb.cert.org/vuls/id/705529 http://www.securityfocus.com/bid/28814 http://www.securitytracker.com/id?1019869 http://www.vupen.com/english/advisories/2008/1250/references http://www.vupen.com/english/advisories/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 3%CPEs: 4EXPL: 0CVE-2008-1024
https://notcve.org/view.php?id=CVE-2008-1024
Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. Apple Safari versiones anteriores a 3.1.1, cuando se está ejecutando en Windows XP o Vista, permite a atacantes remotos provocar una denegación de servicio (caída) y posíblemente ejecutar código de su elección a través de un fichero descargado con un nombre de fichero manipulado, lo cual dispara una corrupción de memoria. • http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html http://support.apple.com/kb/HT1467 http://www.kb.cert.org/vuls/id/529441 http://www.securityfocus.com/bid/28813 http://www.securitytracker.com/id?1019868 http://www.vupen.com/english/advisories/2008/0979/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41864 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 8%CPEs: 8EXPL: 0CVE-2008-1026 – Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1026
Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. Desbordamiento de entero en el compilador de expresiones regulares PCRE (JavaScriptCore/pcre/pcre_compile.cpp) en Apple WebKit, como se utiliza en Safari en versiones anteriores a 3.1.1, permite a atacantes remotos ejecutar código arbitrario a través de expresiones regulares con grandes conteos de repetición anidados, lo que desencadena un desbordamiento de búfer basado en memoria dinámica. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in WebKit. When nesting regular expressions with large repetitions, a heap overflow occurs resulting in a condition allowing the execution of arbitrary code. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html http://secunia.com/advisories/29846 http://secunia.com/advisories/31074 http://securityreason.com/securityalert/3815 http://support.apple.com/kb/HT1467 http://www.securityfocus.com/archive/1/490990/100/0/threaded http://www.securityfocus.com/bid/28815 http://www.securitytracker.com/id?1019870 http://www.vupen.com/english/advisories/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •