CVSS: 4.3EPSS: 0%CPEs: 102EXPL: 0CVE-2012-3695
https://notcve.org/view.php?id=CVE-2012-3695
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebKit de Apple Safari antes de v6.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante el aprovechamiento de la normalización de URL incorrecta en el manejo de la propiedad location.href. • http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5400 http://support.apple.com/kb/HT5503 http://www.securityfocus.com/bid/54695 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 102EXPL: 0CVE-2012-3691
https://notcve.org/view.php?id=CVE-2012-3691
WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. WebKit de Apple Safari antes de v6.0 no maneja adecuadamente los valores de propiedad de las hojas de estilo en cascada (CSS), lo que permite a atacantes remotos evitar la Same Origin Policy a través de un sitio web modificado. • http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5400 http://support.apple.com/kb/HT5503 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 102EXPL: 0CVE-2012-3650
https://notcve.org/view.php?id=CVE-2012-3650
WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. WebKit de Apple Safari anterior a v6.0 accede a posiciones de memoria sin inicializar en la representación de imágenes SVG, lo que permite a atacantes remotos obtener información sensible de la memoria del proceso a través de un sitio web diseñado. • http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5400 http://support.apple.com/kb/HT5503 http://www.securityfocus.com/bid/54703 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 102EXPL: 0CVE-2012-0679
https://notcve.org/view.php?id=CVE-2012-0679
Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL. Apple Safari anterior a v6.0 permite a atacantes remotos leer ficheros arbitrarios a través de un feed :/ / URL. • http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://support.apple.com/kb/HT5400 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 102EXPL: 0CVE-2012-3689
https://notcve.org/view.php?id=CVE-2012-3689
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site. WebKit de Apple Safari antes de v6.0 no maneja adecuadamente los eventos de arrastrar y soltar, lo que permite a atacantes remotos asistidos por el usuario, omitir la política del mismo origen a través de un sitio web modificado. • http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://support.apple.com/kb/HT5400 • CWE-20: Improper Input Validation •