U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:apple:safari:3.2.1b:-:windows:*:*:*:*:*
  • CPE Name Search: true
There are 1,296 matching records.
Displaying matches 1,181 through 1,200.
Vuln ID Summary CVSS Severity
CVE-2010-0054

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements.

Published: March 15, 2010; 10:15:32 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-0053

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property.

Published: March 15, 2010; 10:15:32 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-0052

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements."

Published: March 15, 2010; 10:15:32 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-0051

WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.

Published: March 15, 2010; 10:15:32 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0050

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.

Published: March 15, 2010; 10:15:32 AM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2010-0049

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.

Published: March 15, 2010; 10:15:32 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-0048

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

Published: March 15, 2010; 9:28:25 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-0047

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content."

Published: March 15, 2010; 9:28:25 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-0046

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.

Published: March 15, 2010; 9:28:25 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-0045

Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.

Published: March 15, 2010; 9:28:25 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-0044

PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.

Published: March 15, 2010; 9:28:25 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0043

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

Published: March 15, 2010; 9:28:25 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-0042

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.

Published: March 15, 2010; 9:28:25 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0041

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.

Published: March 15, 2010; 9:28:25 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0040

Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.

Published: March 15, 2010; 9:28:25 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-0651

WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

Published: February 18, 2010; 1:00:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0314

Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.

Published: January 14, 2010; 2:30:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-3384

Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.

Published: November 13, 2009; 10:30:00 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-2842

Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.

Published: November 13, 2009; 10:30:00 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-2841

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.

Published: November 13, 2009; 10:30:00 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM