U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x_server:10.4.4
There are 278 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2010-1770

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."

Published: June 11, 2010; 3:30:20 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1764

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.

Published: June 11, 2010; 3:30:20 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1762

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.

Published: June 11, 2010; 3:30:20 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1761

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees.

Published: June 11, 2010; 3:30:20 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1759

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method.

Published: June 11, 2010; 3:30:15 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1758

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects.

Published: June 11, 2010; 3:30:15 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1421

The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document.

Published: June 11, 2010; 3:30:15 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1419

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation.

Published: June 11, 2010; 3:30:15 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1418

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces.

Published: June 11, 2010; 3:30:15 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0544

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL.

Published: June 11, 2010; 3:30:12 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1749

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times.

Published: June 11, 2010; 2:00:48 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1422

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document.

Published: June 11, 2010; 2:00:48 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1417

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.

Published: June 11, 2010; 2:00:48 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1416

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue."

Published: June 11, 2010; 2:00:45 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1415

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."

Published: June 11, 2010; 2:00:45 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1414

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.

Published: June 11, 2010; 2:00:45 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1413

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

Published: June 11, 2010; 2:00:40 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-1412

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.

Published: June 11, 2010; 2:00:40 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1410

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.

Published: June 11, 2010; 2:00:40 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1409

Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.

Published: June 11, 2010; 2:00:37 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM