Vulnerabilities > Apple > Safari > 4.0.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-03-15 | CVE-2010-0044 | Configuration vulnerability in Apple Safari PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. | 4.3 |
| 2010-03-15 | CVE-2010-0043 | Code Injection vulnerability in Apple Safari ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. | 9.3 |
| 2010-03-15 | CVE-2010-0042 | Information Exposure vulnerability in Apple Safari ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. | 4.3 |
| 2010-03-15 | CVE-2010-0041 | Information Exposure vulnerability in Apple Safari ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. | 4.3 |
| 2010-03-15 | CVE-2010-0040 | Numeric Errors vulnerability in Apple Safari Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. | 9.3 |
| 2010-03-03 | CVE-2010-0924 | Remote Denial Of Service vulnerability in Apple Safari 'background' attribute cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element. | 5.0 |
| 2010-02-18 | CVE-2010-0651 | Information Exposure vulnerability in multiple products WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. | 4.3 |
| 2009-12-03 | CVE-2009-4186 | Buffer Errors vulnerability in Apple Safari 4.0.3 Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. | 9.3 |
| 2009-11-13 | CVE-2009-3384 | Unspecified vulnerability in Apple Safari Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. | 9.3 |
| 2009-11-13 | CVE-2009-2842 | Information Disclosure vulnerability in Apple Safari Shortcut Menu Options Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. network apple | 4.3 |