CVSS: 5.8EPSS: 0%CPEs: 126EXPL: 0CVE-2010-3813 – webkit: HTMLLinkElement ignores dnsPrefetchingEnabled setting
https://notcve.org/view.php?id=CVE-2010-3813
The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality. WebKit en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4,permite a atacantes remotos evitar el ajuste de obtención previa de DNS a través de un mensaje de correo electrónico en formato HTML que usa un elemento LINK para la funcionalidad X-Confirm-Reading-To • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://secunia.com/advisories/43086 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 11%CPEs: 126EXPL: 0CVE-2010-3818
https://notcve.org/view.php?id=CVE-2010-3818
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. Vulnerabilidad de uso después de liberación en WebKit en Apple Safari anterior a v5.0.3 sobre Mac OS X v10.5 hasta v10.6 y Windows, y before v4.1.3 sobre Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de vectores que involucran cajas de texto en línea. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 https:// • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2010-4010
https://notcve.org/view.php?id=CVE-2010-4010
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document. Error de presencia de signo (signedness) de entero en Apple Type Services (ATS) en Apple Mac OS X v10.5.8, permite a atacantes remotos ejecutar código de su elección a través de una fuente Compact Font Format (CFF) manipulada embebida en un documento. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 https://exchange.xforce.ibmcloud.com/vulnerabilities/63170 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 8%CPEs: 12EXPL: 0CVE-2010-3790 – Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3790
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary. QuickTime en Apple Mac OS X V10.6.x anterior v10.6.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída aplicación) a través de un archivo de película manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a Matrix structure within a particular opcode embedded within a .pict file. When using this Matrix structure to transform image data, the application will miscalculate an index to represent a row of an object. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://support.apple.com/kb/HT4435 http://support.apple.com/kb/HT4447 http://support.apple.com/kb/HT4723 http://www.securityfocus.com/bid/44794 http://www.securitytracker.com/id?1024729 http://www.zerodayinitiative.com/advisories/ZDI-11-038 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 2%CPEs: 10EXPL: 0CVE-2010-3798
https://notcve.org/view.php?id=CVE-2010-3798
Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive. Desbordamiento de búfer basado en memoria dinámica en xar en Apple Mac OS X v10.6.x anterior v10.6.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída aplicación) a través de un archivo xar manipulado. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 http://www.securitytracker.com/id?1024723 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2S2KRIILUKBJHXDNYJQQX74TFUQRG5ND https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YV6RF6VWM7AFYFTTS7VY5TNH26QUEEFC • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •