Safari@5.0.2 Security Vulnerabilities and Issues — Safari@5.0.2 CVE List

Lucene search

AppleSafari5.0.2

130 matches found

CVE•added 2012/11/03 5:55 p.m.•154 views

CVE-2012-3748

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

5.1CVSS7.5AI score0.30417EPSS

CVE•added 2012/07/25 8:55 p.m.•117 views

CVE-2012-1520

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS

CVE•added 2011/07/21 11:55 p.m.•78 views

CVE-2011-0216

Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.

9.3CVSS8.5AI score0.01308EPSS

CVE•added 2011/07/21 11:55 p.m.•74 views

CVE-2011-0255

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/10/14 10:55 a.m.•68 views

CVE-2011-3243

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.

4.3CVSS5AI score0.00521EPSS

CVE•added 2011/07/21 11:55 p.m.•63 views

CVE-2011-1288

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•59 views

CVE-2011-1797

9.3CVSS8.8AI score0.01413EPSS

CVE•added 2011/07/21 11:55 p.m.•58 views

CVE-2010-1383

CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.

9.3CVSS8.5AI score0.0083EPSS

CVE•added 2011/07/21 11:55 p.m.•58 views

CVE-2011-1453

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•56 views

CVE-2011-0222

9.3CVSS8.8AI score0.58896EPSS

CVE•added 2013/03/15 8:55 p.m.•56 views

CVE-2013-0961

WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960.

6.8CVSS7.5AI score0.01189EPSS

CVE•added 2011/07/21 11:55 p.m.•55 views

CVE-2011-0253

9.3CVSS8.8AI score0.02627EPSS

CVE•added 2012/07/25 8:55 p.m.•55 views

CVE-2012-3681

9.3CVSS7.8AI score0.02826EPSS

CVE•added 2011/03/10 8:55 p.m.•54 views

CVE-2011-1344

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, r...

6.8CVSS9AI score0.03992EPSS

CVE•added 2011/07/21 11:55 p.m.•53 views

CVE-2011-0233

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•53 views

CVE-2011-1774

WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.

8.8CVSS6.7AI score0.81631EPSS

CVE•added 2012/07/25 8:55 p.m.•53 views

CVE-2012-3626

9.3CVSS7.8AI score0.02013EPSS

CVE•added 2012/07/25 7:55 p.m.•53 views

CVE-2012-3691

WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

5.8CVSS6AI score0.00227EPSS

CVE•added 2011/03/11 10:55 p.m.•51 views

CVE-2011-0166

The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778.

5.8CVSS8AI score0.00542EPSS

CVE•added 2011/07/21 11:55 p.m.•51 views

CVE-2011-0241

Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding.

9.3CVSS7.7AI score0.08047EPSS

CVE•added 2011/07/21 11:55 p.m.•51 views

CVE-2011-1462

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2012/03/12 9:55 p.m.•51 views

CVE-2012-0647

WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

5CVSS6.2AI score0.00276EPSS

CVE•added 2013/03/15 8:55 p.m.•51 views

CVE-2013-0960

6.8CVSS7.5AI score0.01189EPSS

CVE•added 2011/03/11 10:55 p.m.•50 views

CVE-2011-0163

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.

4.3CVSS7.9AI score0.01049EPSS

CVE•added 2011/07/21 11:55 p.m.•50 views

CVE-2011-1457

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/03/11 10:55 p.m.•49 views

CVE-2011-0160

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

5CVSS8.3AI score0.00423EPSS

CVE•added 2011/03/11 10:55 p.m.•49 views

CVE-2011-0167

The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.

4.3CVSS8.2AI score0.02629EPSS

CVE•added 2012/07/25 8:55 p.m.•49 views

CVE-2012-3674

9.3CVSS7.8AI score0.021EPSS

CVE•added 2011/07/21 11:55 p.m.•48 views

CVE-2011-0218

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•48 views

CVE-2011-0235

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•48 views

CVE-2011-0254

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2012/07/25 8:55 p.m.•48 views

CVE-2012-3611

9.3CVSS7.8AI score0.02013EPSS

CVE•added 2012/07/25 8:55 p.m.•48 views

CVE-2012-3664

9.3CVSS7.8AI score0.02826EPSS

CVE•added 2011/07/21 11:55 p.m.•47 views

CVE-2010-1420

Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file.

4.3CVSS6.4AI score0.00239EPSS

CVE•added 2011/07/21 11:55 p.m.•47 views

CVE-2011-0232

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•47 views

CVE-2011-0234

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/10/14 10:55 a.m.•47 views

CVE-2011-3230

Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.

6.8CVSS7.3AI score0.72026EPSS

CVE•added 2011/10/14 10:55 a.m.•47 views

CVE-2011-3242

The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.

5CVSS6.2AI score0.0043EPSS

CVE•added 2012/07/25 7:55 p.m.•47 views

CVE-2012-0680

Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation.

5CVSS6.4AI score0.00498EPSS

CVE•added 2012/07/25 8:55 p.m.•47 views

CVE-2012-3634

9.3CVSS7.8AI score0.02826EPSS

CVE•added 2012/07/25 8:55 p.m.•47 views

CVE-2012-3645

9.3CVSS7.8AI score0.021EPSS

CVE•added 2011/07/21 11:55 p.m.•46 views

CVE-2011-0225

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2012/07/25 8:55 p.m.•46 views

CVE-2012-3665

9.3CVSS7.8AI score0.02826EPSS

CVE•added 2012/07/25 8:55 p.m.•46 views

CVE-2012-3686

9.3CVSS7.8AI score0.02826EPSS

CVE•added 2012/07/25 7:55 p.m.•46 views

CVE-2012-3693

Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs.

5CVSS6.1AI score0.00309EPSS

CVE•added 2012/07/25 7:55 p.m.•46 views

CVE-2012-3694

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site.

4.3CVSS5.3AI score0.00277EPSS

CVE•added 2012/09/20 9:55 p.m.•46 views

CVE-2012-3713

Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document.

4.3CVSS6AI score0.00435EPSS

CVE•added 2011/07/21 11:55 p.m.•45 views

CVE-2011-0223

9.3CVSS8.8AI score0.02627EPSS

CVE•added 2011/10/14 10:55 a.m.•45 views

CVE-2011-3229

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.

6.8CVSS6.7AI score0.00388EPSS

CVE•added 2012/07/25 7:55 p.m.•45 views

CVE-2012-0679

Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL.

4.3CVSS6.1AI score0.00236EPSS

Total number of security vulnerabilities130