Vulnerabilities > Apple > Safari > 4.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-07-21 | CVE-2011-0218 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
| 2011-07-21 | CVE-2011-0217 | Information Exposure vulnerability in Apple Safari Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields. | 4.3 |
| 2011-07-21 | CVE-2011-0216 | Numeric Errors vulnerability in Apple Safari Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. | 9.3 |
| 2011-07-21 | CVE-2011-0215 | Improper Input Validation vulnerability in Apple Imageio and Safari ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file. | 9.3 |
| 2011-07-21 | CVE-2011-0214 | Cryptographic Issues vulnerability in Apple Cfnetwork and Safari CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority. | 5.0 |
| 2011-07-21 | CVE-2010-1420 | Cross-Site Scripting vulnerability in Apple Cfnetwork and Safari Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file. | 4.3 |
| 2011-07-21 | CVE-2010-1383 | Credentials Management vulnerability in Apple Cfnetwork and Safari CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue. | 9.3 |
| 2011-05-03 | CVE-2011-1451 | Improper Input Validation vulnerability in Google Chrome Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers." | 7.5 |
| 2011-05-03 | CVE-2011-1449 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 6.8 |
| 2011-05-03 | CVE-2011-1440 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences. | 6.8 |