CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0CVE-2012-3714
https://notcve.org/view.php?id=CVE-2012-3714
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site. La característica Form Autofill en Apple Safari anteriores a v6.0.1 no restringen los campos rellenados al grupo de los campos que contiene el autorellenado, lo que permite a los atacantes remotos a obtener la tarjeta Me desde la Address Book a través de una sitio Web manipulado. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html http://osvdb.org/85653 http://support.apple.com/kb/HT5502 http://www.securityfocus.com/bid/55625 https://exchange.xforce.ibmcloud.com/vulnerabilities/78681 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0CVE-2012-3713
https://notcve.org/view.php?id=CVE-2012-3713
Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document. Apple Safari anterior a v6.0.1 no maneja adecuadamente el atributo Quarantine de los documentos HTML, lo que permite a atacantes remotos asistidos por el usuario leer archivos de su elección aprovechando la presencia de un documento descargado. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html http://osvdb.org/85652 http://support.apple.com/kb/HT5502 http://www.securityfocus.com/bid/55624 https://exchange.xforce.ibmcloud.com/vulnerabilities/78679 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 5%CPEs: 102EXPL: 0CVE-2012-3609
https://notcve.org/view.php?id=CVE-2012-3609
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. WebKit, como se usa en Apple Safari antes de v6.0, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web modificado, una vulnerabilidad diferente a otros CVE del WebKit APPLE-SA-2012-07-25-1. • http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5400 http://support.apple.com/kb/HT5485 http://support.apple.com/kb/HT5503 •
CVSS: 9.3EPSS: 3%CPEs: 102EXPL: 0CVE-2012-3669
https://notcve.org/view.php?id=CVE-2012-3669
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. WebKit, como se usa en Apple Safari antes de v6.0, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web modificado, una vulnerabilidad diferente a otros CVE del WebKit APPLE-SA-2012-07-25-1. • http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5400 http://support.apple.com/kb/HT5485 http://support.apple.com/kb/HT5503 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 102EXPL: 0CVE-2012-3634
https://notcve.org/view.php?id=CVE-2012-3634
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. WebKit, como se usa en Apple Safari antes de v6.0, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web modificado, una vulnerabilidad diferente a otros CVE del WebKit APPLE-SA-2012-07-25-1. • http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5400 http://support.apple.com/kb/HT5485 http://support.apple.com/kb/HT5503 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •