| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complex
ity
|
Authen
tication
|
Confiden
tiality
|
Integrity
|
Availa
bility
|
|
1 |
CVE-2012-0676 |
20 |
|
|
2012-05-10 |
2012-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors. |
|
2 |
CVE-2012-0647 |
200 |
|
+Info |
2012-03-12 |
2012-03-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. |
|
3 |
CVE-2012-0640 |
200 |
|
+Info |
2012-03-12 |
2012-03-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie. |
|
4 |
CVE-2012-0584 |
20 |
|
|
2012-03-12 |
2012-03-13 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs. |
|
5 |
CVE-2011-4692 |
264 |
|
|
2011-12-07 |
2011-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. |
|
6 |
CVE-2011-3845 |
399 |
|
Exec Code |
2012-03-07 |
2012-03-08 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins. |
|
7 |
CVE-2011-3844 |
20 |
|
|
2012-03-07 |
2012-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Apple Safari 5.0.5 does not properly implement the setInterval function, which allows remote attackers to spoof the address bar via a crafted web page. |
|
8 |
CVE-2011-3443 |
399 |
|
DoS Exec Code Mem. Corr. |
2012-03-01 |
2012-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors related to improper list management for Cascading Style Sheets (CSS) @font-face rules. |
|
9 |
CVE-2011-3243 |
79 |
|
XSS |
2011-10-14 |
2011-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. |
|
10 |
CVE-2011-3242 |
200 |
|
+Info |
2011-10-14 |
2011-10-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. |
|
11 |
CVE-2011-3231 |
94 |
|
Exec Code |
2011-10-14 |
2011-10-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. |
|
12 |
CVE-2011-3230 |
264 |
|
Exec Code |
2011-10-14 |
2012-01-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. |
|
13 |
CVE-2011-3229 |
22 |
|
Exec Code Dir. Trav. |
2011-10-14 |
2011-10-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. |
|
14 |
CVE-2011-1797 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
15 |
CVE-2011-1774 |
20 |
|
Exec Code |
2011-07-21 |
2012-02-13 |
8.8 |
None |
Remote |
Medium |
Not required |
None |
Complete |
Complete |
|
WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425. |
|
16 |
CVE-2011-1462 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
17 |
CVE-2011-1457 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
18 |
CVE-2011-1453 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
19 |
CVE-2011-1344 |
399 |
|
Exec Code |
2011-03-10 |
2012-03-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. |
|
20 |
CVE-2011-1295 |
20 |
|
DoS XSS |
2011-03-25 |
2012-01-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors. |
|
21 |
CVE-2011-1288 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
22 |
CVE-2011-0255 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
23 |
CVE-2011-0254 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
24 |
CVE-2011-0253 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
25 |
CVE-2011-0244 |
200 |
|
+Info |
2011-07-21 |
2011-07-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds. |
|
26 |
CVE-2011-0242 |
79 |
|
XSS |
2011-07-21 |
2011-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username. |
|
27 |
CVE-2011-0241 |
119 |
|
DoS Exec Code Overflow |
2011-07-21 |
2012-05-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding. |
|
28 |
CVE-2011-0240 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
29 |
CVE-2011-0238 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
30 |
CVE-2011-0237 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
31 |
CVE-2011-0235 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
32 |
CVE-2011-0234 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
33 |
CVE-2011-0233 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
34 |
CVE-2011-0232 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
35 |
CVE-2011-0225 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
36 |
CVE-2011-0223 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
37 |
CVE-2011-0222 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
38 |
CVE-2011-0221 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
39 |
CVE-2011-0219 |
264 |
|
Bypass |
2011-07-21 |
2011-07-22 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts. |
|
40 |
CVE-2011-0218 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
41 |
CVE-2011-0217 |
200 |
|
+Info |
2011-07-21 |
2011-07-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields. |
|
42 |
CVE-2011-0216 |
189 |
|
DoS Exec Code Overflow |
2011-07-21 |
2012-01-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. |
|
43 |
CVE-2011-0215 |
20 |
|
DoS Exec Code |
2011-07-21 |
2011-10-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file. |
|
44 |
CVE-2011-0214 |
310 |
|
Bypass |
2011-07-21 |
2011-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority. |
|
45 |
CVE-2011-0169 |
79 |
|
XSS Bypass |
2011-03-11 |
2011-03-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. |
|
46 |
CVE-2011-0167 |
264 |
|
Bypass |
2011-03-11 |
2011-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. |
|
47 |
CVE-2011-0166 |
264 |
|
Bypass +Info |
2011-03-11 |
2011-10-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778. |
|
48 |
CVE-2011-0163 |
20 |
|
DoS |
2011-03-11 |
2011-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. |
|
49 |
CVE-2011-0161 |
264 |
|
Bypass |
2011-03-11 |
2011-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. |
|
50 |
CVE-2011-0160 |
20 |
|
|
2011-03-11 |
2011-03-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. |
