U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:apple:safari:3.0.3b:-:windows
There are 101 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2012-3592

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

Published: July 25, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-3591

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

Published: July 25, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-3590

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

Published: July 25, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 8.8 HIGH
CVE-2012-3589

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

Published: July 25, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-1520

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

Published: July 25, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-0683

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

Published: July 25, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-0682

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

Published: July 25, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-3697

WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise.

Published: July 25, 2012; 3:55:06 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2012-3696

CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling.

Published: July 25, 2012; 3:55:06 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-3695

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property.

Published: July 25, 2012; 3:55:06 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-3694

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site.

Published: July 25, 2012; 3:55:06 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-3693

Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs.

Published: July 25, 2012; 3:55:06 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-3691

WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Published: July 25, 2012; 3:55:06 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2012-3690

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site.

Published: July 25, 2012; 3:55:06 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-3689

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.

Published: July 25, 2012; 3:55:06 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2012-3650

WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

Published: July 25, 2012; 3:55:05 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0680

Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation.

Published: July 25, 2012; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-0679

Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL.

Published: July 25, 2012; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0678

Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL.

Published: July 25, 2012; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0676

WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.

Published: May 10, 2012; 11:49:59 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM