Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): safari
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-0047 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content." Published: March 15, 2010; 9:28:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-0046 |
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. Published: March 15, 2010; 9:28:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-0045 |
Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. Published: March 15, 2010; 9:28:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-0044 |
PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. Published: March 15, 2010; 9:28:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-0043 |
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. Published: March 15, 2010; 9:28:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-0042 |
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. Published: March 15, 2010; 9:28:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-0041 |
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. Published: March 15, 2010; 9:28:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-0040 |
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. Published: March 15, 2010; 9:28:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-0925 |
cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element. Published: March 03, 2010; 2:30:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-0924 |
cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element. Published: March 03, 2010; 2:30:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-0651 |
WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. Published: February 18, 2010; 1:00:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-0650 |
WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. Published: February 18, 2010; 1:00:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.6 LOW |
CVE-2010-0314 |
Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value. Published: January 14, 2010; 2:30:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-4186 |
Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. Published: December 03, 2009; 12:30:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-3384 |
Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. Published: November 13, 2009; 10:30:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-2842 |
Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. Published: November 13, 2009; 10:30:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2009-2841 |
The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202. Published: November 13, 2009; 10:30:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-2816 |
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. Published: November 13, 2009; 10:30:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-3931 |
Incomplete blacklist vulnerability in browser/download/download_exe.cc in Google Chrome before 3.0.195.32 allows remote attackers to force the download of certain dangerous files via a "Content-Disposition: attachment" designation, as demonstrated by (1) .mht and (2) .mhtml files, which are automatically executed by Internet Explorer 6; (3) .svg files, which are automatically executed by Safari; (4) .xml files; (5) .htt files; (6) .xsl files; (7) .xslt files; and (8) image files that are forbidden by the victim's site policy. Published: November 12, 2009; 12:54:58 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-3455 |
Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Published: September 29, 2009; 2:00:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |