Vulnerabilities > Apple > Safari > 2.0

DATE CVE VULNERABILITY TITLE RISK
2012-07-25 CVE-2012-3694 Information Exposure vulnerability in Apple Safari
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site.
network
apple CWE-200
4.3
2012-07-25 CVE-2012-3693 Domain Name URI Spoofing vulnerability in WebKit International
Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs.
network
low complexity
apple
5.0
2012-07-25 CVE-2012-3691 Improper Input Validation vulnerability in Apple Safari
WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
apple CWE-20
5.8
2012-07-25 CVE-2012-3690 Permissions, Privileges, and Access Controls vulnerability in Apple Safari
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site.
network
apple CWE-264
4.3
2012-07-25 CVE-2012-3689 Improper Input Validation vulnerability in Apple Safari
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.
network
apple CWE-20
5.8
2012-07-25 CVE-2012-3650 Information Exposure vulnerability in Apple Safari
WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
network
apple CWE-200
4.3
2012-07-25 CVE-2012-0680 Permissions, Privileges, and Access Controls vulnerability in Apple Safari
Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation.
network
low complexity
apple CWE-264
5.0
2012-07-25 CVE-2012-0679 Permissions, Privileges, and Access Controls vulnerability in Apple Safari
Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL.
network
apple CWE-264
4.3
2012-07-25 CVE-2012-0678 Cross-Site Scripting vulnerability in Apple Safari
Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL.
network
apple CWE-79
4.3
2012-05-11 CVE-2012-0676 Improper Input Validation vulnerability in Apple Safari
WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.
network
low complexity
apple CWE-20
5.0