CVSS: 9.7EPSS: 3%CPEs: 2EXPL: 1CVE-2010-1824 – Apple Webkit Error Message Mutation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1824
Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages. Vulnerabilidad de usar después de liberar en WebKit, como se utiliza en Google Chrome en versiones anteriores a la v6.0.472.59, permiten a atacantes remotos provocar una denegación de servicio y posiblemente provocar otros daños a través de vectores de ataque relacionados con estilos SVG. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the methodology the application takes to inform a user about an error while parsing a malformed document. When displaying the error message, the application will append the message to the current instance of the DOM tree causing another element to be removed which will lead to the styles being recalculated. • http://code.google.com/p/chromium/issues/detail?id=50712 http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4554 http://support.apple.com/kb/HT4566 http://www.vupen.com/english/advisories/2011/0212 http://www.zerodayinitiative.com/advisories&#x • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2010-3414
https://notcve.org/view.php?id=CVE-2010-3414
Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X. Google Chrome anterior a v6.0.472.59 en Mac OS X no aplicar adecuadamente diálogos de archivo, lo cual permite a atacantes provocar una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto no especificado a través de vectores desconocidos. NOTA: este problema existe debido a una corrección incorrecta para CVE-2010-3112 en Mac OS X. • http://code.google.com/p/chromium/issues/detail?id=45400 http://code.google.com/p/chromium/issues/detail?id=53361 http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13941 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3412
https://notcve.org/view.php?id=CVE-2010-3412
Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors. Condición de carrera en la implementación de consola en Google Chrome anterior a v6.0.472.59 tiene un impacto y vectores de ataque no especificados. • http://code.google.com/p/chromium/issues/detail?id=51919 http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7354 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3416
https://notcve.org/view.php?id=CVE-2010-3416
Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Google Chrome anterior a v6.0.472.59 en Linux no aplica adecuadamente la localización de Khmer, lo cual permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=53930 http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14307 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3415
https://notcve.org/view.php?id=CVE-2010-3415
Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Google Chrome anterior a v6.0.472.59 no implementa adecuadamente Geolocation, lo cual permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=53394 http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7620 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •