CVSS: 9.3EPSS: 18%CPEs: 74EXPL: 0CVE-2010-1419
https://notcve.org/view.php?id=CVE-2010-1419
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation. Vulnerabilidad de uso despues de liberacion en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mas OS X v10.4, permite a atacantes remotos ayudados por el usuario ejecutar código a su elección o causar una denegación de servicio (fallo de la aplicación) a través de vectores relacionado con ciertas acciones de ventana que ocurren durante las operaciones de "arrastrar y soltar". • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024067 http://support.apple.com/kb/HT4196 http://support.apple.com/kb/HT4220 http:/ • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 14%CPEs: 74EXPL: 1CVE-2010-1759 – Webkit Normalize Bug - Android 2.2
https://notcve.org/view.php?id=CVE-2010-1759
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method. Vulnerabilidad de uso despues de liberacion en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mas OS X v10.4, permite a los atacantes remotos ejecutar código a su elección o causar una denegación de servicio (fallo de la aplicaión) a través de vectores relacionados con el método Node.normalize. • https://www.exploit-db.com/exploits/18446 http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http:&#x • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 74EXPL: 0CVE-2010-1418
https://notcve.org/view.php?id=CVE-2010-1418
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mas OS X v10.4, permite a atacantes remotos inyectar código web o HTML a su elección a través de elementos FRAME con un atributo SRC formado de secuencias javascript: precedidas por espacios • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http://sec • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 74EXPL: 0CVE-2010-1421
https://notcve.org/view.php?id=CVE-2010-1421
The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document. La función JavaScript execCommand en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mas OS X v10.4, no restringe adecuadamente la ejecución remota de comandos del portapapeles, lo cual permite a los atacantes remotos modificar el portapapeles a tavés de documentos HTML manipulados. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http:/&#x •
CVSS: 4.3EPSS: 0%CPEs: 74EXPL: 0CVE-2010-2264
https://notcve.org/view.php?id=CVE-2010-2264
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. La implementación de las Hojas de estilo en cascada (CSS) en Webkit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior v4.1 en Mac OS X v10.4, no maneja adecuadamente las :visited pseudo-class, lo cual permite a los atacantes remotos obtener información sensible acerca de las webs visitadas a través de documentos HTML manipulados. • http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024067 http://support.apple.com/kb/HT4196 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.securityfocus.com/bid/40620 http://www.securityfocus.com/bid/40756 http://www&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •