CVSS: 9.7EPSS: 4%CPEs: 44EXPL: 0CVE-2011-1417 – Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1417
11 Mar 2011 — Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. Un desbordamiento de e... • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 11%CPEs: 126EXPL: 0CVE-2010-3824
https://notcve.org/view.php?id=CVE-2010-3824
20 Nov 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements. Vulnerabilidad de uso después de la liberación en WebKit en Apple Safari anteriores a v5.0.3 en Mac OS X 10.5 hasta v10.6 y Windows, y anteriores a v4.1.3 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su ele... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 2%CPEs: 126EXPL: 0CVE-2010-3826
https://notcve.org/view.php?id=CVE-2010-3826
20 Nov 2010 — WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, no realiza adecuadamente una conversión ... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html •
CVSS: 6.5EPSS: 0%CPEs: 126EXPL: 0CVE-2010-3810
https://notcve.org/view.php?id=CVE-2010-3810
20 Nov 2010 — WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack. WebKit en Apple Safari anteriores a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anteirores a v4.1.3 en Mac OS X v10.4, no maneja de forma adecuada el objeto History, lo que permite a atacantes remotos espiar la URL de la barra de l... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html •
CVSS: 9.3EPSS: 2%CPEs: 126EXPL: 0CVE-2010-3820
https://notcve.org/view.php?id=CVE-2010-3820
20 Nov 2010 — WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit de Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, accede a memoria sin iniciar durante el proceso de editar elementos, esto perm... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 10%CPEs: 126EXPL: 0CVE-2010-3816
https://notcve.org/view.php?id=CVE-2010-3816
20 Nov 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. Vulnerabilidad de uso después de liberación en WebKit de Apple Safari anterior a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anterior a v4.1.3 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o prov... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 18%CPEs: 126EXPL: 2CVE-2010-3804 – WebKit - Insufficient Entropy Random Number Generator
https://notcve.org/view.php?id=CVE-2010-3804
20 Nov 2010 — The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. La implementación de JavaScript en WebKit en Apple Safari anteriores a v5.0.3 en Mac OS X v10.5 hasta v10.6 y Windows, y anteriores a v4.1.3 en Mac OS X v10.4, usa un a... • https://www.exploit-db.com/exploits/35005 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 126EXPL: 0CVE-2010-3813 – webkit: HTMLLinkElement ignores dnsPrefetchingEnabled setting
https://notcve.org/view.php?id=CVE-2010-3813
20 Nov 2010 — The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To ... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 10%CPEs: 126EXPL: 0CVE-2010-3811
https://notcve.org/view.php?id=CVE-2010-3811
20 Nov 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. Vulnerabilidad de uso después de la liberación en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 a la v10.6 y Windows en la v4.1.3 y anteriores y sobre Mac OS X v10.4, permite a atacantes remotos oejecutar código de su elec... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 12%CPEs: 126EXPL: 0CVE-2010-3805
https://notcve.org/view.php?id=CVE-2010-3805
20 Nov 2010 — Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. Un desbordamiento de enteros en el WebKit de Apple Safari v5.0.3 antes en Mac OS X v10.5 a v10.6 y Windows, y antes de v4.1.3 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o ... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-189: Numeric Errors •