Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-0679 |
Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL. Published: July 25, 2012; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0678 |
Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL. Published: July 25, 2012; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0676 |
WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors. Published: May 10, 2012; 11:49:59 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-0647 |
WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. Published: March 12, 2012; 5:55:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-0640 |
WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie. Published: March 12, 2012; 5:55:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-0584 |
The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs. Published: March 12, 2012; 5:55:00 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2011-3443 |
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors related to improper list management for Cascading Style Sheets (CSS) @font-face rules. Published: March 01, 2012; 7:55:02 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-3243 |
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. Published: October 14, 2011; 6:55:09 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3242 |
The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. Published: October 14, 2011; 6:55:09 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-3231 |
The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. Published: October 14, 2011; 6:55:09 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-3230 |
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. Published: October 14, 2011; 6:55:09 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-3229 |
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. Published: October 14, 2011; 6:55:09 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-2379 |
Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing. Published: August 09, 2011; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1797 |
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. Published: July 21, 2011; 7:55:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1774 |
WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425. Published: July 21, 2011; 7:55:02 PM -0400 |
V3.x:(not available) V2.0: 8.8 HIGH |
CVE-2011-1462 |
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. Published: July 21, 2011; 7:55:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1457 |
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. Published: July 21, 2011; 7:55:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1453 |
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. Published: July 21, 2011; 7:55:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1288 |
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. Published: July 21, 2011; 7:55:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-0255 |
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. Published: July 21, 2011; 7:55:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |