Apple

Safari

1572 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2012-0647

  • EPSS 0.28%
  • Veröffentlicht 12.03.2012 21:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

10

CVE-2011-3046

Medienbericht
  • EPSS 9.71%
  • Veröffentlicht 09.03.2012 00:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.

7.6

CVE-2012-0636

  • EPSS 0.95%
  • Veröffentlicht 08.03.2012 22:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t...

7.6

CVE-2012-0637

  • EPSS 0.95%
  • Veröffentlicht 08.03.2012 22:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t...

4.3

CVE-2011-3844

  • EPSS 0.28%
  • Veröffentlicht 08.03.2012 04:15:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Apple Safari 5.0.5 does not properly implement the setInterval function, which allows remote attackers to spoof the address bar via a crafted web page.

7.6

CVE-2011-3845

  • EPSS 3.23%
  • Veröffentlicht 08.03.2012 04:15:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in...

6.8

CVE-2011-3032

  • EPSS 1.57%
  • Veröffentlicht 05.03.2012 19:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values.

6.8

CVE-2011-3034

  • EPSS 2.36%
  • Veröffentlicht 05.03.2012 19:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.

6.8

CVE-2011-3035

  • EPSS 2.36%
  • Veröffentlicht 05.03.2012 19:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.

6.8

CVE-2011-3036

  • EPSS 2.76%
  • Veröffentlicht 05.03.2012 19:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.