Vulnerabilities > Apple > Safari > 4.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-12-07 | CVE-2010-5070 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. | 5.0 |
| 2011-10-14 | CVE-2011-3243 | Cross-Site Scripting vulnerability in Apple Iphone OS and Safari Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. | 4.3 |
| 2011-10-14 | CVE-2011-3242 | Information Exposure vulnerability in Apple Safari The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. | 5.0 |
| 2011-10-14 | CVE-2011-3231 | Code Injection vulnerability in Apple Safari The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. | 6.8 |
| 2011-10-14 | CVE-2011-3230 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. | 6.8 |
| 2011-10-14 | CVE-2011-3229 | Path Traversal vulnerability in Apple Safari Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. | 6.8 |
| 2011-09-19 | CVE-2011-3234 | Out-Of-Bounds Read vulnerability in Google Chrome Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 5.0 |
| 2011-07-21 | CVE-2011-1774 | Improper Input Validation vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. | 8.8 |
| 2011-07-21 | CVE-2011-1462 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
| 2011-07-21 | CVE-2011-1457 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |