CVSS: 9.3EPSS: 0%CPEs: 126EXPL: 0CVE-2010-3819
https://notcve.org/view.php?id=CVE-2010-3819
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, no realiza adecuadamente una conversión de una variable no especificada durante el procesado de las cajas de una hoja de estilo en cascada (CSS), lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 https:// • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 1%CPEs: 126EXPL: 0CVE-2010-3826
https://notcve.org/view.php?id=CVE-2010-3826
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, no realiza adecuadamente una conversión de una variable no especificada durante el procesado de colores en un documento SVG, lo que permite a atacantes remotos pvovocar una denegación de servicio (caída de la aplicación) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 https:// •
CVSS: 9.3EPSS: 1%CPEs: 126EXPL: 0CVE-2010-3817
https://notcve.org/view.php?id=CVE-2010-3817
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, no realiza adecuadamente una conversión de una variable no especificada durante el procesado de transformados 3D de una hoja de estilo en cascada (CSS), lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 https:// •
CVSS: 9.3EPSS: 11%CPEs: 126EXPL: 0CVE-2010-3823
https://notcve.org/view.php?id=CVE-2010-3823
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415. Una vulnerabilidad de uso después de liberación en el WebKit de Apple Safari antes de v5.0.3 en Mac OS X v10.5 a v10.6 y Windows, y antes de v4.1.3 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caida de la aplicación) a través de vectores que implican objetos "Geolocation". NOTA: Este problema puede superponerse con CVE-2010-3415. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 https:// • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 3%CPEs: 126EXPL: 0CVE-2010-3805
https://notcve.org/view.php?id=CVE-2010-3805
Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. Un desbordamiento de enteros en el WebKit de Apple Safari v5.0.3 antes en Mac OS X v10.5 a v10.6 y Windows, y antes de v4.1.3 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de vectores que implican el uso de WebSockets. NOTA: Este problema puede superponerse a CVE-2010-3254. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 https:// • CWE-189: Numeric Errors •