CVSS: 9.3EPSS: 58%CPEs: 3EXPL: 0CVE-2007-3944
https://notcve.org/view.php?id=CVE-2007-3944
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier. Múltiples desbordamientos de búfer en la región heap de la memoria en la biblioteca de Perl Compatible Regular Expressions (PCRE) en el motor de JavaScript en WebKit en Apple Safari versión 3 Beta anterior al Update 3.0.3 y iPhone versiones anteriores a 1.0.1, permiten a atacantes remotos ejecutar código arbitrario por medio de cierto expresiones regulares de JavaScript. NOTA: este problema se reportó originalmente solo para MobileSafari en el iPhone. • http://docs.info.apple.com/article.html?artnum=306173 http://docs.info.apple.com/article.html?artnum=306174 http://secunia.com/advisories/26287 http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin http://www.securityevaluators.com/iphone http://www.securityevaluators.com/iphone/exploitingiphone.pdf http://www.securityfocus.com/bid/25002 http://www.securitytracker.com/id?1018439 http://www.vupen.com/english/advisories/2007& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3718
https://notcve.org/view.php?id=CVE-2007-3718
Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher. Múltiples vulnerabilidades no especificadas en el motor de análisis SVG de Apple Safari 3 Beta para Windows tienen vectores de ataque remotos e impacto no especificados. NOTA: esta notificación no contiene información concreta, pero ha sido divulgado por un investigador fiable. • http://osvdb.org/38858 http://security-protocols.com/2007/06/12/safari-3-beta-released-on-windows http://www.securityfocus.com/bid/24446 •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3514
https://notcve.org/view.php?id=CVE-2007-3514
Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. Vulnerabilidad de dominio cruzado en Apple Safari para Windows 3.0.2 permite a atacantes remotos evitar la Política de Mismo Origen y acceder a información restringida de otros dominios mediante JavaScript que sobrescribe la variable document y establece el atributo document.domain estadísticamente a unalocalización file://, un vector diferente de CVE-2007-3482. • http://osvdb.org/38861 http://www.0x000000.com/?i=371 •
CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 1CVE-2007-3376
https://notcve.org/view.php?id=CVE-2007-3376
Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark. Desbordamiento de búfer en Apple Safari 3.0.2 en Windows XP SP2 permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante un valor largo en una etiqueta title de HTML, lo cual provoca el desbordamiento cuando el usuario añade la página a los marcadores. • http://marc.info/?l=full-disclosure&m=118278848816602&w=2 http://osvdb.org/40882 http://www.securityfocus.com/archive/1/472209 http://www.securityfocus.com/bid/24619 http://www.vupen.com/english/advisories/2007/2340 https://exchange.xforce.ibmcloud.com/vulnerabilities/35030 •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0CVE-2007-2400
https://notcve.org/view.php?id=CVE-2007-2400
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. Una condición de carrera en Apple Safari versiones 3 Beta anteriores a 3.0.2 en Mac OS X, Windows XP, Windows Vista, y iPhone versiones anteriores a 1.0.1, permite a atacantes remotos omitir el modelo de seguridad de Java y modificar páginas fuera del dominio de seguridad y conducir ataques de tipo cross-site scripting (XSS) por medio de vectores relacionados con la actualización de páginas y redireccionamientos de HTTP. • http://docs.info.apple.com/article.html?artnum=306173 http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html http://osvdb.org/36452 http://secunia.com/advisories/26287 http://www.kb.cert.org/vuls/id/289988 http://www.securityfocus.com/bid/24599 http://www.securitytracker.com/id?1018282 http://www.vupen.com/english/advisories/2007/2316 http://www.vupen.com/english/advisories/2007/2731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •