Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-07-25 | CVE-2012-3694 | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site. | 4.3 |
| 2012-07-25 | CVE-2012-3693 | Domain Name URI Spoofing vulnerability in WebKit International Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs. | 5.0 |
| 2012-07-25 | CVE-2012-3691 | Improper Input Validation vulnerability in Apple Safari WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 5.8 |
| 2012-07-25 | CVE-2012-3690 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site. | 4.3 |
| 2012-07-25 | CVE-2012-3689 | Improper Input Validation vulnerability in Apple Safari WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site. | 5.8 |
| 2012-07-25 | CVE-2012-3650 | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | 4.3 |
| 2012-07-25 | CVE-2012-0680 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | 5.0 |
| 2012-07-25 | CVE-2012-0679 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL. | 4.3 |
| 2012-07-25 | CVE-2012-0678 | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL. | 4.3 |
| 2012-07-03 | CVE-2012-1148 | Resource Management Errors vulnerability in multiple products Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. | 5.0 |