CVE-2010-1406
https://notcve.org/view.php?id=CVE-2010-1406
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660. WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, envía una URL https en la cabecera Referer de una solicitud http en determinadas circunstancias conteniendo https a redirecciones http, lo cual permite a servidores HTTP remotos obtener información potencialmente sensible a través de un acceso HTTP estándar, un proplema relacionado con CVE-2010-0660. • http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024067 http://support.apple.com/kb/HT4196 http://support.apple.com/kb/HT4225 http://www.mandriva.com/security/advisories?name= • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-1413
https://notcve.org/view.php?id=CVE-2010-1413
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, envía las credenciales NTLM sin cifrar en circunstancias sin especificar, lo cual permite a atacantes "hombre-en-el-medio" (man-in-the-middle) obtener información sensible a través de vectores sin especificar. • http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024067 http://support.apple.com/kb/HT4196 http://support.apple.com/kb/HT4225 http://www.securityfocus.com/bid/40620 http://www.securityfocus.com/bid/40733 http • CWE-310: Cryptographic Issues •
CVE-2010-1385
https://notcve.org/view.php?id=CVE-2010-1385
Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Vulnerabilidad de uso despues de liberacion en Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior v4.1 en Mac OS X v10.4, permite a los atacantes remotos ejecutar código a su elección o causar una denegación de servicio (fallo de la aplicación) a través de documentos PDF manipulados. • http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://secunia.com/advisories/40105 http://securitytracker.com/id?1024067 http://support.apple.com/kb/HT4196 http://www.securityfocus.com/bid/40620 http://www.vupen.com/english/advisories/2010/1373 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7199 • CWE-399: Resource Management Errors •
CVE-2010-1400
https://notcve.org/view.php?id=CVE-2010-1400
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements. Vulnerabilidad de uso despues de liberacion en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a los atacantes remotos ejecutar código a su elección o causar una denegación de servicio (fallo de la aplicación) a través de vectores que implican elementos caption. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=870 http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http://secunia.com • CWE-399: Resource Management Errors •
CVE-2010-1405
https://notcve.org/view.php?id=CVE-2010-1405
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning. Vulnerabilidad de uso despues de liberacion en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a los atacantes remotos ejecutar código a su elección o causar una denegación de servicio (fallo de la aplicación) a través de elementos HTML que tiene la posición vertical a medida. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http://sec • CWE-399: Resource Management Errors •