CVSS: 9.3EPSS: 8%CPEs: 126EXPL: 0CVE-2010-3816
https://notcve.org/view.php?id=CVE-2010-3816
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. Vulnerabilidad de uso después de liberación en WebKit de Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de vectores que incluyen barras de desplazamiento (scrollbar). • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 https:// • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 8%CPEs: 126EXPL: 0CVE-2010-3818
https://notcve.org/view.php?id=CVE-2010-3818
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. Vulnerabilidad de uso después de liberación en WebKit en Apple Safari anterior a v5.0.3 sobre Mac OS X v10.5 hasta v10.6 y Windows, y before v4.1.3 sobre Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de vectores que involucran cajas de texto en línea. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 https:// • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 8%CPEs: 126EXPL: 0CVE-2010-3823
https://notcve.org/view.php?id=CVE-2010-3823
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415. Una vulnerabilidad de uso después de liberación en el WebKit de Apple Safari antes de v5.0.3 en Mac OS X v10.5 a v10.6 y Windows, y antes de v4.1.3 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caida de la aplicación) a través de vectores que implican objetos "Geolocation". NOTA: Este problema puede superponerse con CVE-2010-3415. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 https:// • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 8%CPEs: 126EXPL: 0CVE-2010-3824
https://notcve.org/view.php?id=CVE-2010-3824
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements. Vulnerabilidad de uso después de la liberación en WebKit en Apple Safari anteriores a v5.0.3 en Mac OS X 10.5 hasta v10.6 y Windows, y anteriores a v4.1.3 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o producir una denegación de servicio (caída de aplicación) a través de vectores que que implican el uso de elementos SVG. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 https:// • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 8%CPEs: 12EXPL: 0CVE-2010-3790 – Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3790
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary. QuickTime en Apple Mac OS X V10.6.x anterior v10.6.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída aplicación) a través de un archivo de película manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a Matrix structure within a particular opcode embedded within a .pict file. When using this Matrix structure to transform image data, the application will miscalculate an index to represent a row of an object. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://support.apple.com/kb/HT4435 http://support.apple.com/kb/HT4447 http://support.apple.com/kb/HT4723 http://www.securityfocus.com/bid/44794 http://www.securitytracker.com/id?1024729 http://www.zerodayinitiative.com/advisories/ZDI-11-038 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •