National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:apple:safari:5.1.1
There are 721 matching records.
Displaying matches 641 through 660.
Vuln ID Summary CVSS Severity
CVE-2012-3693

Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs.

Published: July 25, 2012; 03:55:06 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-3691

WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Published: July 25, 2012; 03:55:06 PM -04:00
    V2: 5.8 MEDIUM
CVE-2012-3690

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site.

Published: July 25, 2012; 03:55:06 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-3689

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.

Published: July 25, 2012; 03:55:06 PM -04:00
    V2: 5.8 MEDIUM
CVE-2012-3650

WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

Published: July 25, 2012; 03:55:05 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-0680

Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation.

Published: July 25, 2012; 03:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-0679

Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL.

Published: July 25, 2012; 03:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-0678

Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL.

Published: July 25, 2012; 03:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-0676

WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.

Published: May 10, 2012; 11:49:59 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-0647

WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

Published: March 12, 2012; 05:55:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-0640

WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.

Published: March 12, 2012; 05:55:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-0584

The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs.

Published: March 12, 2012; 05:55:00 PM -04:00
    V2: 6.4 MEDIUM
CVE-2012-0637

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

Published: March 08, 2012; 05:55:03 PM -05:00
    V2: 7.6 HIGH
CVE-2012-0636

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

Published: March 08, 2012; 05:55:03 PM -05:00
    V2: 7.6 HIGH
CVE-2011-4692

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.

Published: December 07, 2011; 02:55:03 PM -05:00
    V2: 5.0 MEDIUM
CVE-2011-3243

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.

Published: October 14, 2011; 06:55:09 AM -04:00
    V2: 4.3 MEDIUM
CVE-2011-3242

The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.

Published: October 14, 2011; 06:55:09 AM -04:00
    V2: 5.0 MEDIUM
CVE-2011-3231

The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.

Published: October 14, 2011; 06:55:09 AM -04:00
    V2: 6.8 MEDIUM
CVE-2011-3230

Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.

Published: October 14, 2011; 06:55:09 AM -04:00
    V2: 6.8 MEDIUM
CVE-2011-3229

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.

Published: October 14, 2011; 06:55:09 AM -04:00
    V2: 6.8 MEDIUM