Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:apple:safari:3.0.2:-:mac
There are 117 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2012-0647

WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

Published: March 12, 2012; 5:55:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-0640

WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.

Published: March 12, 2012; 5:55:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-0584

The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs.

Published: March 12, 2012; 5:55:00 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2011-3443

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors related to improper list management for Cascading Style Sheets (CSS) @font-face rules.

Published: March 01, 2012; 7:55:02 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3243

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3242

The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-3231

The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3230

Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3229

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-3455

Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Published: September 29, 2009; 2:00:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-1718

WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.

Published: June 10, 2009; 2:00:00 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2009-1716

CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.

Published: June 10, 2009; 2:00:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2009-1715

Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges.

Published: June 10, 2009; 2:00:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-1714

Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.

Published: June 10, 2009; 2:00:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-1713

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.

Published: June 10, 2009; 2:00:00 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2009-1712

WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.

Published: June 10, 2009; 2:00:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-1711

WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

Published: June 10, 2009; 2:00:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-1710

WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.

Published: June 10, 2009; 2:00:00 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2009-1709

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."

Published: June 10, 2009; 2:00:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-1708

Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.

Published: June 10, 2009; 2:00:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH