CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 2CVE-2009-0744 – Apple Safari 4 - 'feeds:' URI Null Pointer Dereference Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0744
Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character. Apple Safari v4 beta Build 528,16 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída de la aplicación) a través de los canales: URI que comienzen con (1)% (por ciento), (2) ((abrir paréntesis), (3) ) (Cerrar paréntesis), (4) ^ (acento doble), (5) '(comilla), o (6) | (entubamiento), seguido de un & carácter (ampersand). • https://www.exploit-db.com/exploits/32817 http://www.securityfocus.com/archive/1/501229/100/0/threaded http://www.securityfocus.com/bid/33909 https://exchange.xforce.ibmcloud.com/vulnerabilities/48943 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6066 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2009-0321 – Apple Safari For Windows 3.2.1 - URI Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0321
Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence. Apple Safari v3.2.1 (también conocido como AppVer 3.525.27.1) sobre Windows, permite a atacantes remotos provocar una denegación de servicio (bucle infinito o violación de acceso) a través de un enlace a una URI http en la que la "porción de autoridad" (también conocido como hostname) es cualquier secuencia (1) . (punto) o (2) .. • https://www.exploit-db.com/exploits/32761 http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html http://www.securityfocus.com/bid/33481 https://exchange.xforce.ibmcloud.com/vulnerabilities/48284 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6091 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.0EPSS: 19%CPEs: 2EXPL: 5CVE-2008-5821 – Apple Safari 3.2 WebKit - 'alink' Property Memory Leak Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-5821
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. Fuga de memoria en WebKit.dll en Webkit, como el utilizado en Safari v3.2 en Windows Vista SP1, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y cuelgue del navegador) a través de un atributo ALINK largo en un elemento BODY en un documento HTML. • https://www.exploit-db.com/exploits/32694 https://www.exploit-db.com/exploits/32695 https://www.exploit-db.com/exploits/12408 http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html http://packetstormsecurity.org/0812-exploits/safari_webkit_ml.txt http://www.securityfocus.com/bid/33080 https://exchange.xforce.ibmcloud.com/vulnerabilities/47724 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 7%CPEs: 45EXPL: 0CVE-2008-3623
https://notcve.org/view.php?id=CVE-2008-3623
Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces. Desbordamiento de búfer basado en montículo en CoreGraphics en Apple Safari antes de v3.2 en Windows permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) mediante una imagen manipulada, relacionado con el manejo inadecuado de espacios de color. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://secunia.com/advisories/32706 http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3298 http://support.apple.com/kb/HT3338 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/32291 http://www.securitytracker.com/id&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 1.9EPSS: 0%CPEs: 42EXPL: 0CVE-2008-3644
https://notcve.org/view.php?id=CVE-2008-3644
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache. Apple Safari anterior a v3.2. no previene de forma adecuada el cambio de los datos del formulario para campos de formulario que tienen autocompletar desactivado; esto permite a usuarios locales obtener información sensible al leer la página cacheada en el navegador. • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://secunia.com/advisories/32706 http://secunia.com/advisories/32756 http://support.apple.com/kb/HT3298 http://support.apple.com/kb/HT3318 http://www.securityfocus.com/bid/32291 http://www.securitytracker.com/id?1021226 http://www.vupen.com/english/advisories/2008/3232 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •