Vulnerabilities > Apple > Safari > 1.0.0b1

DATE CVE VULNERABILITY TITLE RISK
2011-07-21 CVE-2011-0217 Information Exposure vulnerability in Apple Safari
Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields.
4.3
2011-07-21 CVE-2011-0216 Numeric Errors vulnerability in Apple Safari
Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.
network
apple microsoft CWE-189
critical
9.3
2011-07-21 CVE-2011-0215 Improper Input Validation vulnerability in Apple Imageio and Safari
ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file.
network
apple microsoft CWE-20
critical
9.3
2011-07-21 CVE-2011-0214 Cryptographic Issues vulnerability in Apple Cfnetwork and Safari
CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.
network
low complexity
apple microsoft CWE-310
5.0
2011-07-21 CVE-2010-1420 Cross-Site Scripting vulnerability in Apple Cfnetwork and Safari
Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file.
4.3
2011-07-21 CVE-2010-1383 Credentials Management vulnerability in Apple Cfnetwork and Safari
CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.
network
apple microsoft CWE-255
critical
9.3
2011-05-03 CVE-2011-1451 Improper Input Validation vulnerability in Google Chrome
Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."
network
low complexity
google apple CWE-20
7.5
2011-05-03 CVE-2011-1449 USE After Free vulnerability in Google Chrome
Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google apple CWE-416
6.8
2011-05-03 CVE-2011-1440 USE After Free vulnerability in Google Chrome
Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.
network
low complexity
google debian apple CWE-416
6.8
2011-03-25 CVE-2011-1296 Improper Input Validation vulnerability in Google Chrome
Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
network
low complexity
google apple CWE-20
7.5