Total
1352 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0214 | 2 Apple, Microsoft | 5 Cfnetwork, Safari, Windows 7 and 2 more | 2011-07-22 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority. | |||||
| CVE-2011-0244 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2011-07-22 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds. | |||||
| CVE-2010-1383 | 2 Apple, Microsoft | 5 Cfnetwork, Safari, Windows 7 and 2 more | 2011-07-22 | 9.3 HIGH | N/A |
| CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue. | |||||
| CVE-2011-0217 | 2 Apple, Microsoft | 6 Mac Os X, Mac Os X Server, Safari and 3 more | 2011-07-22 | 4.3 MEDIUM | N/A |
| Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields. | |||||
| CVE-2011-2602 | 2 Microsoft, Nvidia | 2 Windows Xp, Geforce 310 Driver | 2011-07-12 | 7.1 HIGH | N/A |
| The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK. | |||||
| CVE-2011-2604 | 2 Intel, Microsoft | 2 G41 Driver, Windows Xp | 2011-07-12 | 7.1 HIGH | N/A |
| The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK. | |||||
| CVE-2011-2600 | 1 Microsoft | 1 Windows Xp | 2011-07-12 | 7.1 HIGH | N/A |
| The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK. | |||||
| CVE-2011-0132 | 2 Apple, Microsoft | 7 Itunes, Safari, Webkit and 4 more | 2011-03-18 | 7.6 HIGH | N/A |
| Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | |||||
| CVE-2011-0115 | 2 Apple, Microsoft | 7 Itunes, Safari, Webkit and 4 more | 2011-03-18 | 7.6 HIGH | N/A |
| The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | |||||
| CVE-2010-2264 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2011-03-18 | 4.3 MEDIUM | N/A |
| The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. | |||||
| CVE-2008-2307 | 2 Apple, Microsoft | 5 Mac Os X, Safari, Windows and 2 more | 2011-03-15 | 9.3 HIGH | N/A |
| Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. | |||||
| CVE-2008-2306 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2011-03-08 | 9.3 HIGH | N/A |
| Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. | |||||
| CVE-2010-1388 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2011-02-17 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document. | |||||
| CVE-2009-2200 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2011-02-17 | 7.1 HIGH | N/A |
| WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. | |||||
| CVE-2009-2195 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2011-02-17 | 9.3 HIGH | N/A |
| Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers. | |||||
| CVE-2010-1131 | 2 Apple, Microsoft | 2 Safari, Windows Xp | 2010-06-08 | 4.3 MEDIUM | N/A |
| JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring. | |||||
| CVE-2009-3344 | 2 Microsoft, Sap | 2 Windows Xp, Crystal Reports Server | 2009-09-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-0137 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2009-08-19 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues." | |||||
| CVE-2009-2196 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2009-08-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. | |||||
| CVE-2007-3724 | 1 Microsoft | 1 Windows Xp | 2008-11-15 | 2.1 LOW | N/A |
| The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | |||||