Safari@4.0.3 Security Vulnerabilities and Issues — Page 3 of Safari@4.0.3 CVE List

Lucene search

AppleSafari4.0.3

176 matches found

cve•added 2010/06/11 6:0 p.m.•45 views

CVE-2010-1413

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

5CVSS7.2AI score0.01011EPSS

cve•added 2011/10/14 10:55 a.m.•45 views

CVE-2011-3229

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.

6.8CVSS6.7AI score0.00388EPSS

cve•added 2012/07/25 7:55 p.m.•45 views

CVE-2012-0679

Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL.

4.3CVSS6.1AI score0.00236EPSS

cve•added 2012/07/25 8:55 p.m.•45 views

CVE-2012-3594

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS

cve•added 2012/07/25 8:55 p.m.•45 views

CVE-2012-3640

9.3CVSS7.8AI score0.02826EPSS

cve•added 2012/07/25 7:55 p.m.•45 views

CVE-2012-3650

WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

4.3CVSS5.4AI score0.00454EPSS

cve•added 2012/07/25 8:55 p.m.•45 views

CVE-2012-3682

9.3CVSS7.8AI score0.02826EPSS

cve•added 2012/07/25 7:55 p.m.•45 views

CVE-2012-3695

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property.

4.3CVSS5.2AI score0.00357EPSS

cve•added 2012/09/20 9:55 p.m.•45 views

CVE-2012-3715

Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network.

4.3CVSS5.4AI score0.00435EPSS

cve•added 2010/03/15 1:28 p.m.•44 views

CVE-2010-0042

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.

4.3CVSS7.8AI score0.00957EPSS

cve•added 2010/06/11 6:0 p.m.•44 views

CVE-2010-1385

Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

9.3CVSS7.7AI score0.04295EPSS

cve•added 2012/07/25 8:55 p.m.•44 views

CVE-2012-3595

9.3CVSS7.8AI score0.0271EPSS

cve•added 2012/07/25 8:55 p.m.•44 views

CVE-2012-3599

9.3CVSS7.8AI score0.0271EPSS

cve•added 2012/07/25 8:55 p.m.•44 views

CVE-2012-3604

9.3CVSS7.8AI score0.02013EPSS

cve•added 2012/07/25 8:55 p.m.•44 views

CVE-2012-3646

9.3CVSS7.8AI score0.02826EPSS

cve•added 2012/07/25 8:55 p.m.•44 views

CVE-2012-3653

9.3CVSS7.8AI score0.0271EPSS

cve•added 2012/07/25 8:55 p.m.•44 views

CVE-2012-3668

9.3CVSS7.8AI score0.02826EPSS

cve•added 2012/07/25 7:55 p.m.•44 views

CVE-2012-3696

CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling.

4.3CVSS6.3AI score0.00346EPSS

cve•added 2012/07/25 8:55 p.m.•43 views

CVE-2012-3615

9.3CVSS7.8AI score0.0197EPSS

cve•added 2012/07/25 8:55 p.m.•43 views

CVE-2012-3631

9.3CVSS7.8AI score0.0271EPSS

cve•added 2012/07/25 8:55 p.m.•43 views

CVE-2012-3642

9.3CVSS7.8AI score0.02826EPSS

cve•added 2012/07/25 8:55 p.m.•43 views

CVE-2012-3644

9.3CVSS7.8AI score0.02826EPSS

cve•added 2012/07/25 8:55 p.m.•43 views

CVE-2012-3670

9.3CVSS7.8AI score0.021EPSS

cve•added 2012/07/25 8:55 p.m.•43 views

CVE-2012-3678

9.3CVSS7.8AI score0.02826EPSS

cve•added 2012/05/11 3:49 a.m.•42 views

CVE-2012-0676

WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.

5CVSS5.9AI score0.00677EPSS

cve•added 2012/07/25 7:55 p.m.•42 views

CVE-2012-0678

Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL.

4.3CVSS5.2AI score0.00248EPSS

cve•added 2012/07/25 8:55 p.m.•42 views

CVE-2012-0683

9.3CVSS7.8AI score0.02826EPSS

cve•added 2012/07/25 8:55 p.m.•42 views

CVE-2012-3605

9.3CVSS7.8AI score0.0271EPSS

cve•added 2012/07/25 8:55 p.m.•42 views

CVE-2012-3627

9.3CVSS7.8AI score0.021EPSS

cve•added 2012/07/25 8:55 p.m.•42 views

CVE-2012-3628

9.3CVSS7.8AI score0.02013EPSS

cve•added 2012/07/25 8:55 p.m.•42 views

CVE-2012-3635

9.3CVSS7.8AI score0.0271EPSS

cve•added 2012/07/25 8:55 p.m.•42 views

CVE-2012-3680

9.3CVSS7.8AI score0.021EPSS

cve•added 2012/07/25 8:55 p.m.•42 views

CVE-2012-3683

9.3CVSS7.8AI score0.02767EPSS

cve•added 2012/07/25 7:55 p.m.•42 views

CVE-2012-3690

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site.

4.3CVSS6AI score0.00211EPSS

cve•added 2012/09/20 9:55 p.m.•42 views

CVE-2012-3714

The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.

4.3CVSS5.9AI score0.00319EPSS

cve•added 2009/08/31 4:30 p.m.•41 views

CVE-2009-3016

Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: U...

4.3CVSS5.3AI score0.00276EPSS

cve•added 2010/07/30 8:30 p.m.•41 views

CVE-2010-1796

The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.

2.6CVSS5.8AI score0.00357EPSS

cve•added 2012/03/02 12:55 a.m.•41 views

CVE-2011-3443

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors related to improper list management for Cascading Style Sheets (CSS) @font-face rul...

7.5CVSS8.8AI score0.01686EPSS

cve•added 2012/07/25 8:55 p.m.•41 views

CVE-2012-3591

9.3CVSS7.8AI score0.0271EPSS

cve•added 2012/07/25 8:55 p.m.•41 views

CVE-2012-3641

9.3CVSS7.8AI score0.02826EPSS

cve•added 2012/07/25 8:55 p.m.•41 views

CVE-2012-3655

9.3CVSS7.8AI score0.021EPSS

cve•added 2012/07/25 8:55 p.m.•41 views

CVE-2012-3656