Vulnerabilities > Apple > Safari > 2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-15 | CVE-2009-2058 | Improper Authentication vulnerability in Apple Safari Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | 6.8 |
| 2009-06-10 | CVE-2009-1718 | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. | 7.1 |
| 2009-06-10 | CVE-2009-1716 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. | 2.1 |
| 2009-06-10 | CVE-2009-1715 | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges. | 4.3 |
| 2009-06-10 | CVE-2009-1714 | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. | 4.3 |
| 2009-06-10 | CVE-2009-1713 | Information Exposure vulnerability in Apple Safari The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors. | 7.1 |
| 2009-06-10 | CVE-2009-1712 | Code Injection vulnerability in Apple Safari WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. | 9.3 |
| 2009-06-10 | CVE-2009-1711 | Resource Management Errors vulnerability in Apple Safari WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. | 9.3 |
| 2009-06-10 | CVE-2009-1710 | Multiple Security vulnerability in RETIRED: Apple Safari Prior to 4.0 WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. | 2.6 |
| 2009-06-10 | CVE-2009-1709 | Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches." | 9.3 |