CVSS: 10.0EPSS: 13%CPEs: 74EXPL: 0CVE-2010-1404 – Apple Webkit Recursive Use Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1404
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction. Una vulnerabilidad de uso de la memoria previamente liberada en WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 y Windows, y anterior a versión 4.1 sobre Mac OS X versión 10.4, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un documento SVG que contiene elementos de uso recursivo, que no se manejan apropiadamente durante la deconstrucción de la página. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the WebKit library handles recursively defined Use elements. Upon expanding the target of the use element within the tree, the application will create a dual-reference of a Use element. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024067 http://supp • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 10%CPEs: 74EXPL: 0CVE-2010-1749 – Apple Webkit SVG RadialGradiant Run-in Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1749
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times. Una vulnerabilidad de uso de la memoria previamente liberada en WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 y Windows, y anterior a versión 4.1 sobre Mac OS X versión 10.4, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de vectores relacionados con la propiedad de ejecución de Cascading Style Sheets (CSS) y múltiples invocaciones de un destructor para un elemento hijo al que ha sido referenciado varias veces. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support of the run-in display property. On insertion of a specific element with the "run-in" display property, the application will create a duplicate reference of a child element used to support that attribute. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024067 http://support.apple.com/kb/HT4196 http://support.apple.com/kb/HT4220 http://www.securityfocus.com/archive/1/511725& • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 43EXPL: 0CVE-2010-0531
https://notcve.org/view.php?id=CVE-2010-0531
Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file. Apple iTunes en versiones anteriores a la 9.1 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un fichero de podcast MP4 manipulado. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html http://secunia.com/advisories/39135 http://support.apple.com/kb/HT4105 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7427 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 1%CPEs: 26EXPL: 0CVE-2010-0513
https://notcve.org/view.php?id=CVE-2010-0513
Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document. Desbordamiento de búfer basado en pila PS Normalizer en Apple Mac OS X anterior v10.6.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de programa) a través de un documento PostScript manipulado. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://osvdb.org/63409 http://support.apple.com/kb/HT4077 http://www.securityfocus.com/bid/39151 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 26EXPL: 0CVE-2010-0505 – Apple Mac OS X ImageIO Framework JPEG2000 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0505
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function. Un desbordamiento de búfer en la región heap de la memoria en ImageIO en Mac OS X de Apple anterior a versión 10.6.3, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de una imagen JP2 (JPEG2000) diseñada, relacionada con un cálculo incorrecto y la función CGImageReadGetBytesAtOffset. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Apple ImageIO framework during the parsing of malformed JPEG2000 files. The function CGImageReadGetBytesAtOffset can utilize miscalculated values during a memmove operation that will result in an exploitable heap corruption allowing attackers to execute arbitrary code under the context of the current user. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 http://www.securityfocus.com/archive/1/510539/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-058 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •