Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:apple:safari:3.0.0b
There are 1,176 matching records.
Displaying matches 981 through 1,000.
Vuln ID Summary CVSS Severity
CVE-2010-1790

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue."

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1789

Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1788

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1787

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1786

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1785

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1784

The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1783

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Published: July 30, 2010; 4:30:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1782

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element.

Published: July 30, 2010; 4:30:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1780

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus.

Published: July 30, 2010; 4:30:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1778

Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.

Published: July 30, 2010; 4:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-2249

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

Published: June 30, 2010; 2:30:01 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2010-1205

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

Published: June 30, 2010; 2:30:01 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2010-2454

Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206.

Published: June 25, 2010; 3:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-2264

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document.

Published: June 11, 2010; 3:30:23 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1774

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

Published: June 11, 2010; 3:30:23 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1771

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts.

Published: June 11, 2010; 3:30:23 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1770

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."

Published: June 11, 2010; 3:30:20 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1764

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.

Published: June 11, 2010; 3:30:20 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1762

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.

Published: June 11, 2010; 3:30:20 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM