Vulnerabilities > Apple > Safari > 4.0.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-03-12 | CVE-2012-0647 | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | 5.0 |
2012-03-12 | CVE-2012-0640 | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie. | 5.0 |
2012-03-12 | CVE-2012-0584 | Improper Input Validation vulnerability in Apple Safari The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs. | 6.4 |
2012-03-09 | CVE-2011-3046 | Cross-Site Scripting vulnerability in Google Chrome The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue. | 10.0 |
2012-03-08 | CVE-2012-0637 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes, Safari and Webkit WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 7.6 |
2012-03-08 | CVE-2012-0636 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes, Safari and Webkit WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 7.6 |
2012-03-05 | CVE-2011-3044 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements. | 6.8 |
2012-03-05 | CVE-2011-3043 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements. | 6.8 |
2012-03-05 | CVE-2011-3042 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections. | 6.8 |
2012-03-05 | CVE-2011-3041 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes. | 6.8 |