CVSS: 10.0EPSS: 96%CPEs: 73EXPL: 0CVE-2010-1770 – Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1770
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 y Windows, Safari de Apple anterior a versión 4.1 sobre Mac OS X versión 10.4 y Chrome de Google anterior a versión 5.0.375.70, no maneja apropiadamente una transformación de un nodo de texto que tiene el conjunto de caracteres IBM1147, que permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) por medio de un documento HTML especialmente diseñado que contiene un elemento BR, relacionado con un "type checking issue." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Webkit's support of character sets. If the IBM1147 character set is applied to a particular element and that element has a text transformation applied to it, the application will attempt to access an object that doesn't exist in order to perform the transformation. • http://code.google.com/p/chromium/issues/detail?id=43487 http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2010-2120
https://notcve.org/view.php?id=CVE-2010-2120
Google Chrome 1.0.154.48 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. Vulnerabilidad en Google Chrome v1.0.154.48 permite a atacantes remotos causar una denegación de servicio (agotamiento de recursos) a través de código JavaScript que contenga un bucle infinito que crea elementos IFRAME para URls no válidas de tipo news:// • http://websecurity.com.ua/4238 http://www.securityfocus.com/archive/1/511509/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11966 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2109
https://notcve.org/view.php?id=CVE-2010-2109
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality. Vulnerabilidad sin especificar en Google Chrome anterior a v5.0.375.55 permite a atacantes asistidos por el usuario provocar una denegación de servicio (error de memoria) o posiblemente tener otro impacto no especificado a través de vectores relacionados con la funcionalidad "drag + drop" • http://code.google.com/p/chromium/issues/detail?id=41469 http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12083 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2105
https://notcve.org/view.php?id=CVE-2010-2105
Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors. Google Chrome anterior a v5.0.375.55 no aplica correctamente los requisitos de las especificaciones de navegación segura para la canonización de URLs, lo que tiene un impacto y vectores de ataque remotos no especificados. • http://code.google.com/p/chromium/issues/detail?id=7713 http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12113 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2107
https://notcve.org/view.php?id=CVE-2010-2107
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality. Vulnerabilidad sin especificar en Google Chrome anterior a v5.0.375.55 permite a atacantes remotos provocar una denegación de servicio (error de memoria) o posiblemente tener otro impacto no especificado a través de vectores relacionados con la funcionalidad "Safe Browsing". • http://code.google.com/p/chromium/issues/detail?id=30079 http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12128 •