Safari@2.0.1 Security Vulnerabilities and Issues — Page 4 of Safari@2.0.1 CVE List

9.3CVSS7.8AI score0.02653EPSS

CVE-2012-3630

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

CVE-2012-3633

CVE-2012-3663

9.3CVSS7.8AI score0.02767EPSS

CVE-2012-3666

CVE•added 2012/07/25 7:55 p.m.•40 views

CVE-2012-3689

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.

5.8CVSS6AI score0.00155EPSS

CVE•added 2006/04/21 10:2 p.m.•39 views

CVE-2006-1988

The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably ...

5CVSS6.1AI score0.01431EPSS

CVE•added 2009/06/15 7:30 p.m.•39 views

CVE-2009-2066

Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, re...

6.8CVSS6.6AI score0.00299EPSS

CVE•added 2012/03/12 9:55 p.m.•39 views

CVE-2012-0584

The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs.

6.4CVSS6.1AI score0.00585EPSS

CVE-2012-3592

9.3CVSS7.8AI score0.021EPSS

CVE-2012-3625

CVE-2012-3636

CVE-2012-3638

9.3CVSS7.8AI score0.021EPSS

CVE-2012-3669

CVE•added 2010/11/22 1:0 p.m.•38 views

CVE-2010-3819

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a d...

9.3CVSS8.7AI score0.02551EPSS

CVE•added 2011/07/21 11:55 p.m.•38 views

CVE-2011-0217

Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields.

4.3CVSS7.5AI score0.00236EPSS

CVE•added 2012/07/25 8:55 p.m.•38 views

CVE-2012-3618

CVE•added 2012/07/25 8:55 p.m.•38 views

CVE-2012-3629

CVE•added 2012/07/25 8:55 p.m.•38 views

CVE-2012-3637

9.3CVSS7.8AI score0.02653EPSS

CVE•added 2012/07/25 7:55 p.m.•38 views

CVE-2012-3697

WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise.

7.1CVSS6.3AI score0.00138EPSS

CVE•added 2011/10/14 10:55 a.m.•37 views

CVE-2011-3231

The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.

6.8CVSS7.4AI score0.00319EPSS

CVE•added 2012/03/12 9:55 p.m.•37 views

CVE-2012-0640

WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.

5CVSS6AI score0.00291EPSS

CVE•added 2012/07/25 8:55 p.m.•37 views

CVE-2012-3597

CVE•added 2012/07/25 8:55 p.m.•37 views

CVE-2012-3609

CVE•added 2012/07/25 8:55 p.m.•37 views

CVE-2012-3661