Vulnerabilities > Apple > Safari > 2.0

DATE CVE VULNERABILITY TITLE RISK
2010-03-25 CVE-2010-1119 Resource Management Errors vulnerability in Apple products
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.
network
low complexity
apple microsoft CWE-399
critical
 10.0
10
2010-03-15 CVE-2010-0054 Resource Management Errors vulnerability in Apple Safari
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements.
network
apple CWE-399
critical
 9.3
9.3
2010-03-15 CVE-2010-0053 Resource Management Errors vulnerability in Apple Safari
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property.
network
apple CWE-399
critical
 9.3
9.3
2010-03-15 CVE-2010-0052 Resource Management Errors vulnerability in Apple Safari
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html CVE-ID: CVE-2010-0052 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use-after-free issue exists in WebKit's handling of callbacks for HTML elements.
network
apple CWE-399
critical
 9.3
9.3
2010-03-15 CVE-2010-0051 Improper Input Validation vulnerability in Apple Safari
WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document.
network
apple CWE-20
4.3
4.3
2010-03-15 CVE-2010-0050 Use After Free vulnerability in multiple products
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
network
low complexity
apple fedoraproject canonical opensuse CWE-416
8.8
8.8
2010-03-15 CVE-2010-0049 Resource Management Errors vulnerability in Apple Safari
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.
network
apple CWE-399
critical
 9.3
9.3
2010-03-15 CVE-2010-0046 Code Injection vulnerability in Apple Safari
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.
network
apple CWE-94
critical
 9.3
9.3
2010-03-15 CVE-2010-0045 Improper Input Validation vulnerability in Apple Safari
Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.
network
apple microsoft CWE-20
critical
 9.3
9.3
2010-03-15 CVE-2010-0044 Configuration vulnerability in Apple Safari
PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.
network
apple CWE-16
4.3
4.3