Vulnerabilities > Microsoft > Windows 7 > Medium

DATE CVE VULNERABILITY TITLE RISK
2010-06-11 CVE-2010-1422 Multiple Security vulnerability in RETIRED: Apple Safari Prior to 5.0 and 4.1
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document.
network
apple microsoft
4.3
2010-06-11 CVE-2010-1416 Permissions, Privileges, and Access Controls vulnerability in Apple Safari and Webkit
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue."
4.3
2010-06-11 CVE-2010-1413 Cryptographic Issues vulnerability in Apple Safari and Webkit
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
network
low complexity
apple microsoft CWE-310
5.0
2010-06-11 CVE-2010-1409 Multiple Security vulnerability in RETIRED: Apple Safari Prior to 5.0 and 4.1
Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.
network
apple microsoft
5.8
2010-06-11 CVE-2010-1408 Permissions, Privileges, and Access Controls vulnerability in Apple Safari and Webkit
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099.
4.3
2010-06-11 CVE-2010-1406 Information Exposure vulnerability in Apple Safari and Webkit
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.
4.3
2010-06-11 CVE-2010-1395 Cross-Site Scripting vulnerability in Apple Safari and Webkit
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue."
4.3
2010-06-11 CVE-2010-1394 Cross-Site Scripting vulnerability in Apple Safari and Webkit
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments.
4.3
2010-06-11 CVE-2010-1393 Information Exposure vulnerability in Apple Safari and Webkit
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.
4.3
2010-06-11 CVE-2010-1391 Path Traversal vulnerability in Apple Safari and Webkit
Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and ..
4.3