Download
| Alert*
oval:org.secpod.oval:def:17211
The host is installed with Apple Safari before 3.1 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle crafted certificates. Successful exploitation allows remote attackers to spoof trusted SSL certificates. oval:org.secpod.oval:def:17289 The host is installed with Apple Safari before 3.2.2 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle a 3xx HTTP CONNECT response before a successful SSL handshake. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:17208 The host is installed with Apple Safari before 3.1 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted regular expressions in JavaScript. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:17215 The host is installed with Apple Safari before 3.1.1 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a regular expression with large, nested repetition counts. Successful exploitation allows remote attackers to execute arbitrary ... oval:org.secpod.oval:def:17218 The host is installed with Apple Safari before 3.1.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted GIF or BMP image. Successful exploitation could allow attackers to disclose memory contents. oval:org.secpod.oval:def:17204 The host is installed with Apple Safari before 3.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to change the security context of a webpage to the caller's contex ... oval:org.secpod.oval:def:17202 The host is installed with Apple Safari before 3.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to the Web Inspector. Successful exploitation could allow attackers to inject arbitrary web script or HTML. oval:org.secpod.oval:def:17201 The host is installed with Apple Safari before 3.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to sites that set the document.domain property or have the same document.domain. Successful exploitation could ... oval:org.secpod.oval:def:17207 The host is installed with Apple Safari before 3.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle the history object. Successful exploitation allows remote attackers to inject arbitrary JavaScript. oval:org.secpod.oval:def:17206 The host is installed with Apple Safari before 3.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle the document.domain property. Successful exploitation allows remote attackers to conduct cross-site scripting (XSS) attacks. oval:org.secpod.oval:def:17205 The host is installed with Apple Safari before 3.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web page. Successful exploitation allows remote attackers to conduct cross-site scripting (XSS) attacks. oval:org.secpod.oval:def:17200 The host is installed with Apple Safari before 3.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted web page. Successful exploitation could allow attackers to execute javascript in the context of another site. oval:org.secpod.oval:def:17214 The host is installed with Apple Safari before 3.1.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle a crafted URL with a colon in the hostname portion. Successful exploitation allows remote attackers to inject arbitrary web ... oval:org.secpod.oval:def:17209 The host is installed with Apple Safari before 3.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle a frame that calls a method instance in another frame. Successful exploitation allows remote attackers to inject arbitrary web ... oval:org.secpod.oval:def:17199 The host is installed with Apple Safari before 3.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted URL. Successful exploitation could allow attackers to inject arbitrary web script. oval:org.secpod.oval:def:17203 The host is installed with Apple Safari before 3.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly mask the password field when reverse conversion is used with the Kotoeri input method. Successful exploitation allows physically p ... oval:org.secpod.oval:def:17212 The host is installed with Apple Safari before 3.1 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle crafted certificates. Successful exploitation allows remote attackers to spoof trusted SSL certificates. oval:org.secpod.oval:def:17210 The host is installed with Apple Safari before 3.1 and is prone to a secure website spoofing vulnerability. A flaw is present in the application, which fails to properly handle a 502 Bad Gateway error. Successful exploitation allows remote attackers to retrieve arbitrary data. oval:org.secpod.oval:def:17283 The host is installed with Apple Safari before 3.2.2 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle Safari RSS feeds. Successful exploitation could allow attackers to obtain passwords, cookies or other sensitive information. oval:org.secpod.oval:def:17345 The host is installed with Apple Safari before 4.0.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly restrict the URL scheme of the pluginspage attribute of an EMBED element. Successful exploitation could allow attackers to launc ... oval:org.secpod.oval:def:17343 The host is installed with Apple Safari before 4.0.3 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle crafted floating-point numbers. Successful exploitation could allow attackers execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:17213 The host is installed with Apple Safari before 3.1.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted download filename. Successful exploitation allows remote attackers to crash the service or execute arbitrary code. oval:org.secpod.oval:def:17217 The host is installed with Apple Safari before 3.1.1 and is prone to a phishing attacks vulnerability. A flaw is present in the application, which fails to properly handle a timing issue. Successful exploitation allows remote attackers to spoof the contents of a legitimate site. oval:org.secpod.oval:def:17268 The host is installed with Apple Safari before 4.0 and is prone to a CRLF injection vulnerability. A flaw is present in the application, which fails to properly handle XMLHttpRequest headers in WebKit. Successful exploitation could allow attackers to bypass the same-origin policy by issuing an XMLHt ... oval:org.secpod.oval:def:17260 The host is installed with Apple Safari before 4.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle allocation failures. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:17266 The host is installed with Apple Safari before 4.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle vectors involving access to frame contents after completion of a page transition. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:17265 The host is installed with Apple Safari before 4.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a CANVAS element with an SVG image. Successful exploitation could allow attackers to read images from arbitrary web sites. oval:org.secpod.oval:def:17263 The host is installed with Apple Safari before 4.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle recursion in certain DOM event handlers. Successful exploitation could allow attackers to execute arbitrary code or crash the se ... oval:org.secpod.oval:def:17278 The host is installed with Apple Safari before 4.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle an applet or object element. Successful exploitation could allow attackers to disclose sensitive information. oval:org.secpod.oval:def:17277 The host is installed with Apple Safari before 4.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly validate DOM objects. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:17276 The host is installed with Apple Safari before 4.0 and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to properly handle a custom cursor in conjunction with a modified CSS3 hotspot property. Successful exploitation could allow attackers to spoof the browser's ... oval:org.secpod.oval:def:17275 The host is installed with Apple Safari before 4.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle an SVG animation element. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:17257 The host is installed with Apple Safari before 4.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to prevent an event handler from executing a script in the security context of the next web page that is loaded in its window or frame. Successfu ... oval:org.secpod.oval:def:17256 The host is installed with Apple Safari before 4.0 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to prevent web sites from loading third-party content into a subframe. Successful exploitation could allow attackers to bypass the Same Orig ... oval:org.secpod.oval:def:17286 The host is installed with Apple Safari before 3.2.3 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle SVGList objects. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:17285 The host is installed with Apple Safari before 3.2.3 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle a a crafted feed: URL. Successful exploitation could allow attackers to inject arbitrary web script or HTML. oval:org.secpod.oval:def:17294 The host is installed with Apple Safari before 4.0.3 and is prone to an incomplete blacklist vulnerability. A flaw is present in the application, which fails to properly properly handle unspecified homoglyphs. Successful exploitation could allow attackers to spoof domain names in URLs. oval:org.secpod.oval:def:17292 The host is installed with Apple Safari 4.x before 4.0.3 and is prone to a phishing attack vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors. Successful exploitation could allow remote web servers to place an arbitrary web site in the Top Sites view. oval:org.secpod.oval:def:17291 The host is installed with Apple Safari before 4.0.3 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle an image with crafted EXIF metadata. Successful exploitation could allow attackers to execute arbitrary code or crash the service ... oval:org.secpod.oval:def:17290 The host is installed with Apple Safari before 4.0.3 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a long text run that triggers a heap-based buffer overflow during font glyph rendering. Successful exploitation could allow att ... oval:org.secpod.oval:def:17342 The host is installed with Apple Safari before 4.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle vectors related to the improper escaping of HTML attributes. oval:org.secpod.oval:def:17341 The host is installed with Apple Safari before 4.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle vectors involving a CANVAS element and redirection. Successful exploitation could allow attackers to read images from arbit ... oval:org.secpod.oval:def:17237 The host is installed with Apple Safari before 4.0 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly process arguments. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:17236 The host is installed with Apple Safari before 4.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which insecurely downloads temporary files. Successful exploitation could allow attackers to read the contents of files being downloaded by other users. oval:org.secpod.oval:def:17235 The host is installed with Apple Safari before 4.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which misinterprets downloaded image files as local HTML documents in unspecified circumstances. Successful exploitation could allow attackers to execut ... oval:org.secpod.oval:def:17238 The host is installed with Apple Safari before 4.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly use arithmetic during automatic hinting of TrueType fonts. Successful exploitation could allow attackers to execute arbitrary code or cr ... oval:org.secpod.oval:def:17339 The host is missing a security update according to Apple advisory, APPLE-SA-2009-02-12. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a crafted feed: URL. Successful exploitation could allow attackers to execute a ... oval:org.secpod.oval:def:17338 The host is installed with Apple Safari before 3.2.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a crafted feed: URL. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:17267 The host is installed with Apple Safari before 4.0 and is prone to a session-tracking vulnerability. A flaw is present in the application, which fails to properly generate random numbers for JavaScript applications. Successful exploitation could allow attackers to track a particular Safari session w ... oval:org.secpod.oval:def:17262 The host is installed with Apple Safari before 4.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to inject arbitrary web script or HTML. oval:org.secpod.oval:def:17261 The host is installed with Apple Safari before 4.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly use the standards-compliant method to determine the security context associated with a script. Successful exploitation could allow a ... oval:org.secpod.oval:def:17264 The host is installed with Apple Safari before 4.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle vectors related to insufficient access control for standard JavaScript prototypes in other domains. Successful exploitation c ... oval:org.secpod.oval:def:17279 The host is installed with Apple Safari before 4.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly implement the document function. Successful exploitation could allow attackers to read (1) arbitrary local files and (2) files fro ... oval:org.secpod.oval:def:17274 The host is installed with Apple Safari before 4.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle audio and video HTML elements. Successful exploitation could allow attackers to disclose sensitive information. oval:org.secpod.oval:def:17248 The host is installed with Apple Safari before 4.0 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a large XML document. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:17247 The host is installed with Apple Safari before 4.0 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a large XML document. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:17246 The host is installed with Apple Safari before 4.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle "predefined entities definitions" in entities. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:17249 The host is installed with Apple Safari before 4.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle Extended Validation (EV) certificates. Successful exploitation could allow attackers to bypass revocation checking for EV certifica ... oval:org.secpod.oval:def:17240 The host is installed with Apple Safari before 4.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted PDF file. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:17243 The host is installed with Apple Safari before 4.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly convert invalid byte sequences to Unicode. Successful exploitation could allow attackers to bypass filters on websites that attempt t ... oval:org.secpod.oval:def:17259 The host is installed with Apple Safari before 4.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a constant (aka const) declarations in a type-conversion operation during JavaScript exception handling. Successful exploitation ... oval:org.secpod.oval:def:17258 The host is installed with Apple Safari before 4.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle a crafted web page. Successful exploitation could allow attackers to inject arbitrary web script or HTML. oval:org.secpod.oval:def:17251 The host is installed with Apple Safari before 4.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to immediately remove website passwords from memory. Successful exploitation could allow attackers to access the stored credentials of another ... oval:org.secpod.oval:def:17250 The host is installed with Apple Safari before 4.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly remove cookies from the alternate cookie store in unspecified circumstances. Successful exploitation could allow attackers to to t ... oval:org.secpod.oval:def:17254 The host is installed with Apple Safari before 4.0 and is prone to an memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted color strings. Successful exploitation could allow attackers execute arbitrary code or crash the service. oval:org.secpod.oval:def:17252 The host is installed with Apple Safari before 4.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to prevent calls to the open-help-anchor URL handler by web sites. Successful exploitation could allow attackers to open arbitrary local hel ... oval:org.secpod.oval:def:17281 The host is installed with Apple Safari before 4.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle vectors involving drag events and the dragging of content over a crafted web page. Successful exploitation could allow atta ... oval:org.secpod.oval:def:17280 The host is installed with Apple Safari before 4.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle vectors related to script execution with incorrect privileges. Successful exploitation could allow attackers to to inject arbi ... oval:org.secpod.oval:def:17295 The host is installed with Apple Safari before 4.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a "high-bit character" in a URL fragment for an unspecified protocol. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:17296 The host is installed with Apple Safari before 4.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a file://' Protocol Handler. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:17220 The host is installed with Apple Safari before 3.1.2 and is prone to a unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors involving JavaScript arrays. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:17219 The host is installed with Apple Safari before 3.1.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:17216 The host is installed with Apple Safari before 3.1.1 and is prone to a phishing attacks vulnerability. A flaw is present in the application, which fails to properly handle a timing issue. Successful exploitation allows remote attackers to spoof the contents of a legitimate site. oval:org.secpod.oval:def:17288 The host is installed with Apple Safari before 4.0 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle vectors related to an unspecified compression method. Successful exploitation could allow local users to gain privileges. oval:org.secpod.oval:def:17299 The host is missing a security update according to Apple advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle textnodes. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:17297 The host is installed with Apple Safari before 5.0.5 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle nodesets. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:1829 The host is installed with Apple Safari version less than or equal to 5.0.5 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the application which fails to handle off-by-one error in libxml. Successful exploitation allows remote attackers to execute arbitrary code or ca ... oval:org.secpod.oval:def:1810 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary c ... oval:org.secpod.oval:def:1812 The host is installed with Apple Safari version less than or equal to 5.0.5 and is prone to information disclosure vulnerability. A flaw is present in the application which fails to handle vectors related to improper canonicalization of URLs within RSS feeds. Successful exploitation allows remote at ... oval:org.secpod.oval:def:1811 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary c ... oval:org.secpod.oval:def:1813 The host is installed with Apple Safari version less than or equal to 5.0.5 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application which fails to handle vectors involving a URL that contains a username. Successful exploitation allows remote attackers to inject ... oval:org.secpod.oval:def:1805 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary c ... oval:org.secpod.oval:def:1804 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes before 10.5 and is prone to arbitrary code execution vulnerability. A flaw is present in the application which fails to handle libxslt security settings in webKit. Successful exploitation allows remote attack ... oval:org.secpod.oval:def:1807 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes before 10.5 is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:1806 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary c ... oval:org.secpod.oval:def:1809 The host is installed with Apple Safari version less than or equal to 5.0.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of ser ... oval:org.secpod.oval:def:1808 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary c ... oval:org.secpod.oval:def:1821 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes version less than 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:1820 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary c ... oval:org.secpod.oval:def:1823 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes less than 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrar ... oval:org.secpod.oval:def:1822 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes version less than 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:1825 The host is installed with Apple Safari version less than or equal to 5.0.5 and is prone to bypass vulnerability. A flaw is present in the application which fails to handle a Java applet that loads fonts. Successful exploitation allows remote attackers to bypass the cross Origin Policy, and modify t ... oval:org.secpod.oval:def:1824 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes less than 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrar ... oval:org.secpod.oval:def:1816 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary c ... oval:org.secpod.oval:def:1815 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary c ... oval:org.secpod.oval:def:1818 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary c ... oval:org.secpod.oval:def:1817 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary c ... oval:org.secpod.oval:def:1819 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary c ... oval:org.secpod.oval:def:1830 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes less than 10.5 and is prone to denial of service vulnerability. A flaw is present in ImageIO in the application which fails to handle a crafted TIFF image. Successful exploitation allows remote attackers to e ... oval:org.secpod.oval:def:1832 The host is installed with Apple Safari version less than or equal to 5.0.5 and is prone to security bypass vulnerability. A flaw is present in CFNetwork in the application which fails to handle a crafted text/plain file. Successful exploitation allows remote attackers to inject arbitrary web script ... oval:org.secpod.oval:def:1831 The host is installed with Apple Safari version less than or equal to 5.0.5 and is prone to security bypass vulnerability. A flaw is present in CFNetwork in the application which fails to handle an untrusted attribute of a system root certificate. Successful exploitation allows remote web servers to ... oval:org.secpod.oval:def:1833 The host is installed with Apple Safari version less than or equal to 5.0.5 and is prone to arbitrary code execution vulnerability. A flaw is present in CFNetwork in the application which fails to handle credential reflection issue. Successful exploitation allows remote web servers to execute arbitr ... oval:org.secpod.oval:def:1827 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes version less than 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:1826 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes less than 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrar ... oval:org.secpod.oval:def:1828 The host is installed with Apple Safari version less than or equal to 5.0.5 and is prone to information disclosure vulnerability. A flaw is present in the application which fails to execute AutoFill information to scripts after HTML form submission. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:17226 The host is installed with Apple Safari before 3.2 and is prone to a memory corruption. A flaw is present in the application, which fails to properly handle a maliciously crafted TIFF image. Successful exploitation could allow attackers to crash the service or execute arbitrary code. oval:org.secpod.oval:def:17225 The host is installed with Apple Safari before 3.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a maliciously crafted TIFF image. Successful exploitation could allow attackers to crash the service or execute arbitrary code. oval:org.secpod.oval:def:17224 The host is installed with Apple Safari before 3.2 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle color spaces. Successful exploitation could allow attackers to crash the service or execute arbitrary code. oval:org.secpod.oval:def:17223 The host is installed with Apple Safari before 3.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted XML document. Successful exploitation could allow attackers to crash the service or execute arbitrary code. oval:org.secpod.oval:def:17229 The host is installed with Apple Safari before 3.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly prevent caching of form data for form fields that have autocomplete disabled. Successful exploitation could allows local users to ... oval:org.secpod.oval:def:17228 The host is installed with Apple Safari before 3.2 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a maliciously crafted image with an embedded ICC profile. Successful exploitation could allow attackers to crash the service or exe ... oval:org.secpod.oval:def:17227 The host is installed with Apple Safari before 3.2 and is prone to a memory corruption. A flaw is present in the application, which fails to properly handle a maliciously crafted JPEG image. Successful exploitation could allow attackers to crash the service or execute arbitrary code. oval:org.secpod.oval:def:17222 The host is installed with Apple Safari before 3.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:17234 The host is installed with Apple Safari before 3.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:17232 The host is installed with Apple Safari before 3.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to prevent plug-ins from accessing local URLs. Successful exploitation could allow attackers to obtain sensitive information. oval:org.secpod.oval:def:17298 The host is installed with Apple Safari before 5.0.5 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle textnodes. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:17293 The host is installed with Apple Safari before 4.0.3 and is prone to an incomplete blacklist vulnerability. A flaw is present in the application, which fails to properly properly handle unspecified homoglyphs. Successful exploitation could allow attackers to spoof domain names in URLs. oval:org.secpod.oval:def:17273 The host is installed with Apple Safari before 4.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle Location and History objects. Successful exploitation could allow attackers to inject arbitrary web script or HTML. oval:org.secpod.oval:def:17272 The host is installed with Apple Safari before 4.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle document elements. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:17271 The host is installed with Apple Safari before 4.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle redirects. Successful exploitation could allow attackers to read XML content from arbitrary web pages via a crafted documen ... oval:org.secpod.oval:def:17269 The host is installed with Apple Safari before 4.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted HTML document. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:17255 The host is installed with Apple Safari before 4.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle a web page with crafted CSS import statements. Successful exploitation could allow attackers execute arbitrary code or crash the se ... oval:org.secpod.oval:def:17230 The host is installed with Apple Safari before 3.2 and is prone to an integer signedness error vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:17253 The host is installed with Apple Safari before 4.0 and is prone to an address bar spoofing vulnerability. A flaw is present in the application, which fails to properly handle unicode ideographic spaces. Successful exploitation could allow attackers to direct the user to a spoofed site that visually ... oval:org.secpod.oval:def:17233 The host is missing a security update according to Apple advisory, APPLE-SA-2008-11-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to obtain sensitive inf ... oval:org.secpod.oval:def:17231 The host is installed with Apple Safari before 3.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.mitre.oval:def:11802 Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. oval:org.mitre.oval:def:11923 Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-fa ... oval:org.mitre.oval:def:6091 Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence. oval:org.mitre.oval:def:7180 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations ... oval:org.mitre.oval:def:11916 The host is installed with Google Chrome before before 8.0.552.215, Apple Safari before 5.0.4 and earlier or Apple iTunes before 10.2 and is prone to double free vulnerability. The flaw is present in application, which fails to handle vectors related to XPath handling. Successful exploitation allows ... oval:org.mitre.oval:def:7051 PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. oval:org.mitre.oval:def:7053 The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. oval:org.mitre.oval:def:7295 WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099. oval:org.mitre.oval:def:7049 Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. oval:org.mitre.oval:def:7288 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements. oval:org.mitre.oval:def:7041 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method. oval:org.mitre.oval:def:11909 Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to impro ... oval:org.mitre.oval:def:7037 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database ... oval:org.mitre.oval:def:7157 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees. oval:org.mitre.oval:def:6066 Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) \\\\\% (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) ch ... oval:org.secpod.oval:def:2052 The host is installed with Apple Safari 5.34.50.0 or before and is prone to security-bypass vulnerability. A flaw is present in the application which fails to properly restrict modifications to cookies established in HTTPS sessions. Successful exploitation allows attackers to bypass security feature ... oval:org.secpod.oval:def:7981 The host is installed with Google Chrome through 22 or Apple Safari 5.1.7 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to properly handle the html/parser/XSSAuditor.cpp in WebCore in WebKit. Successful exploitation allows remote attacker ... oval:org.mitre.oval:def:7150 WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements. oval:org.mitre.oval:def:7031 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements. oval:org.mitre.oval:def:7151 Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages. oval:org.mitre.oval:def:7143 Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management. oval:org.mitre.oval:def:7024 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 and Apple iTunes before 9.2 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML but ... oval:org.mitre.oval:def:5915 Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. oval:org.mitre.oval:def:7099 WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary c ... oval:org.secpod.oval:def:40347 The host is installed with Apple Safari version less than or equal to 5.0.5 and is prone to arbitrary code execution vulnerability. A flaw is present in webkit in the application which fails to handle crafted data. Successful exploitation allows remote web servers to execute arbitrary code or crash ... oval:org.secpod.oval:def:195 The host is installed with Google Chrome before 9.0.597.94 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly process anonymous blocks related to stale pointers. Successful exploitation allows remote attackers to cause a denial of service c ... oval:org.mitre.oval:def:7082 Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involv ... oval:org.secpod.oval:def:197 The host is installed with Google Chrome before 9.0.597.94, Apple Safari before 5.0.6 or Apple iTunes before 10.5 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to properly process animation events related to stale pointers. Successful exploitation allow ... oval:org.mitre.oval:def:7197 WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive inf ... oval:org.mitre.oval:def:7199 Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. oval:org.mitre.oval:def:12079 WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (app ... oval:org.mitre.oval:def:7071 Double free vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, ... oval:org.mitre.oval:def:12060 WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack. oval:org.mitre.oval:def:12293 The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching ... oval:org.mitre.oval:def:12160 WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (a ... oval:org.mitre.oval:def:6912 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISC ... oval:org.mitre.oval:def:6915 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements. oval:org.mitre.oval:def:6901 ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. oval:org.mitre.oval:def:12148 The host is installed with Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier or Apple iTunes before 10.2 and is prone to memory corruption vulnerability. The flaw is present in the ibxml2 before 2.7.8, which reads from invalid memory locations during processing of malformed XPath expre ... oval:org.mitre.oval:def:12130 Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. oval:org.mitre.oval:def:12138 Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus. oval:org.mitre.oval:def:12255 Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. oval:org.mitre.oval:def:6836 Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port. oval:org.mitre.oval:def:12002 WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or ca ... oval:org.mitre.oval:def:6709 WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. oval:org.secpod.oval:def:354 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to implement the .sort function for JavaScript arrays. Successful exploitation could allow remote attackers to execute arbitrary ... oval:org.secpod.oval:def:353 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:356 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:355 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:350 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:352 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:351 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:347 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:346 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:349 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to parse HTML elements associated with document namespaces. Successful exploitation could allow remote attackers to execute arbit ... oval:org.secpod.oval:def:348 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:469 The host is installed with Google Chrome before 10.0.648.127, Apple Safari before 5.0.6 or Apple iTunes before 10.5 and is prone to memory corruption vulnerability. A flaw is present in the applications which do not properly handle counter nodes. Successful exploitation allow remote attackers to cau ... oval:org.mitre.oval:def:12233 Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. oval:org.mitre.oval:def:6817 Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. oval:org.secpod.oval:def:14268 The host is installed with Apple Safari before 4.0.4 is prone to buffer overflow vulnerability. The flaw is present in the application which fails to properly handle a crafted ColorSync profile embedded in an image. Successful exploitation allows attacker to cause a denial of service. oval:org.secpod.oval:def:361 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to buffer overflow vulnerability. A flaw is present in LibTIFF in ImageIO, which fails to handle TIFF images with JPEG encoding. Successful exploitation could allow remote attackers to execute arbitrary cod ... oval:org.secpod.oval:def:482 The host is installed Google Chrome before 10.0.648.127, Apple Safari before 5.0.6 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which does not properly handle attributes. Successful exploitation allow remote attackers to cause a de ... oval:org.secpod.oval:def:360 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to heap based buffer overflow vulnerability. A flaw is present in ImageIO in CoreGraphics, which fails to handle crafted International Color Consortium (ICC) profile in a JPEG image. Successful exploitation ... oval:org.secpod.oval:def:362 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to buffer overflow vulnerability. A flaw is present in LibTIFF in ImageIO, which fails to handle TIFF images with CCITT Group 4 encoding. Successful exploitation could allow remote attackers to execute arb ... oval:org.secpod.oval:def:483 The host is installed with Google Chrome before 10.0.648.127, Apple Safari before 5.0.6 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the applications which does not properly handle SVG cursors. Successful exploitation allow remote attackers to cau ... oval:org.secpod.oval:def:358 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:357 The host is installed with Apple iTunes before 10.5 or Apple Safari before 5.0.5 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:359 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.mitre.oval:def:11495 The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a relate ... oval:org.mitre.oval:def:6810 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality. oval:org.mitre.oval:def:6812 Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. oval:org.secpod.oval:def:332 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, which fails to prevent man-in-the-middle attack while browsing the ... oval:org.secpod.oval:def:331 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:334 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:455 The host is installed with Apple Safari and is prone to code injection vulnerability. A flaw is present in Webkit, which fails to handle Attr.style accessor leading to cross-origin issue. Successful exploitation could allow remote attackers to inject Cascading Style Sheets (CSS) token sequences in o ... oval:org.secpod.oval:def:333 The host is installed Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to handle glyph data during layout actions for floating blocks associated with pseudo-elements. Successful exploitation could allow re ... oval:org.secpod.oval:def:454 The host is installed with Apple Safari and is prone to information disclosure vulnerability. A flaw is present in Webkit in conjunction with HTTP Basic Authentication, which fails to handle redirection and discloses user's authentication credentials. Successful exploitation could allow remote attac ... oval:org.secpod.oval:def:330 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:329 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.mitre.oval:def:6882 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content." oval:org.secpod.oval:def:328 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.mitre.oval:def:6885 ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. oval:org.secpod.oval:def:325 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:324 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:327 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:326 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.mitre.oval:def:6649 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for ... oval:org.mitre.oval:def:5559 Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. oval:org.mitre.oval:def:12216 WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of s ... oval:org.mitre.oval:def:6888 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes 9.2 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lac ... oval:org.secpod.oval:def:343 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:342 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:345 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:344 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:341 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:340 The host is installed Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attackers t ... oval:org.mitre.oval:def:6871 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces. oval:org.secpod.oval:def:339 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:336 The host is installed Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attackers t ... oval:org.secpod.oval:def:457 The host is installed with Apple Safari and is prone to information disclosure vulnerability. A flaw is present in Webkit, which fails to handle HTML5 drag and drop operations leading to cross-origin issue. Successful exploitation could allow remote attackers to obtain sensitive information. oval:org.secpod.oval:def:335 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:456 The host is installed with Apple Safari and is prone to denial of service vulnerability. A flaw is present in Webkit, which fails to handle cached resources leading to cache-poisoning. Successful exploitation could allow remote attackers to cause denial of service. oval:org.secpod.oval:def:338 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:459 The host is installed with Apple Safari and is prone to cross site scripting vulnerability. A flaw is present in window.console._inspectorCommandLineAPI property in Web Inspector, which fails to sanitize user supplied data. Successful exploitation could allow remote attackers to execute arbitrary co ... oval:org.secpod.oval:def:337 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:458 The host is installed with Apple Safari and is prone to arbitrary file upload vulnerability. A flaw is present in Webkit, which fails to correctly implement windows functionality leading to cross-origin issue. Successful exploitation could allow remote attackers to upload arbitrary files on the affe ... oval:org.mitre.oval:def:6516 The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to con ... oval:org.mitre.oval:def:6876 The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selecto ... oval:org.mitre.oval:def:11112 The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. oval:org.secpod.oval:def:310 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:430 The host is installed with Google Chrome before 9.0.597.107, Apple Safari before 5.0.6 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application, which is caused by a stale node error related to table handling. Successful exploitation allow rem ... oval:org.secpod.oval:def:312 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:311 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.mitre.oval:def:6981 Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 or Apple iTunes on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element. oval:org.secpod.oval:def:427 The host is installed with Google Chrome before 9.0.597.107, Apple Safari before 5.0.6 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which is caused by a stale pointer error related to table rendering. Successful exploitation allow ... oval:org.mitre.oval:def:6741 Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. oval:org.mitre.oval:def:6862 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts. oval:org.mitre.oval:def:6748 Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. oval:org.mitre.oval:def:11221 WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensi ... oval:org.mitre.oval:def:5777 WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to exec ... oval:org.mitre.oval:def:12306 Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this ... oval:org.secpod.oval:def:321 The host is installed Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attackers t ... oval:org.secpod.oval:def:320 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:323 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:322 The host is installed Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attackers t ... oval:org.secpod.oval:def:439 The host is installed with Google Chrome before 9.0.597.107, Apple Safari before 5.0.6 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which is caused by a stale pointer error related to the handling of stylesheet nodes. Successful ex ... oval:org.secpod.oval:def:319 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:314 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in the DOM implementation in WebKit, which fails to handle DOM manipulations associated with event listeners during processing of range objects. Success ... oval:org.secpod.oval:def:313 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:316 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:315 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in setOuterText method in htmlelement library in WebKit, which fails to handle DOM manipulations during iTunes Store browsing. Successful exploitation c ... oval:org.mitre.oval:def:6739 The execCommand JavaScript function in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document. oval:org.mitre.oval:def:12300 Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements. oval:org.mitre.oval:def:6208 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. oval:org.mitre.oval:def:11689 Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause ... oval:org.mitre.oval:def:6325 The operating system having Apple Safari (32 bit) installation. oval:org.secpod.oval:def:421 The host is installed with Google Chrome before 9.0.597.107, Apple Safari before 5.0.6 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which is caused by an error related to the handling of XHTML. Successful exploitation allows attack ... oval:org.mitre.oval:def:11673 Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010 ... oval:org.mitre.oval:def:11308 WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a de ... oval:org.secpod.oval:def:751 The host is installed with Google Chrome before 4.0.249.78 or Apple Safari before 4.0.5 and is prone to information disclosure vulnerability. A flaw is present in the applications which fails to restrict cross-origin loading of CSS stylesheets when the stylesheet download has an incorrect MIME type ... oval:org.secpod.oval:def:864 The host is installed with Google Chrome before 11.0.696.57, Apple Safari before 5.0.6 or Apple iTunes before 10.5 and is prone to use-after-free vulnerability. A flaw is present in the browser, which fails to handle WebSockets implementation. Successful exploitation could allow remote attackers to ... oval:org.secpod.oval:def:866 The host is installed with Google Chrome before 11.0.696.57, Apple Safari version less than or equal to 5.0.5 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the browser, which fails to handle DOM id maps resulting in dangling pointers. Successful ex ... oval:org.secpod.oval:def:629 The host is installed with Google Chrome before 10.0.648.204, Apple Safari before 5.0.6 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which does not properly handle SVG text. Successful exploitation allow remote attackers to cause a ... oval:org.mitre.oval:def:11899 WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service ( ... oval:org.mitre.oval:def:11538 Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. oval:org.secpod.oval:def:632 The host is installed with Google Chrome before 10.0.648.204 and is prone to denial of service vulnerability. A flaw is present in the application which does not properly handle parentage. Successful exploitation allow remote attackers to cause a denial of service or possibly have unspecified other ... oval:org.mitre.oval:def:11777 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (a ... oval:org.mitre.oval:def:11898 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression. oval:org.mitre.oval:def:6656 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL. oval:org.mitre.oval:def:7335 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects. oval:org.mitre.oval:def:6362 Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. oval:org.mitre.oval:def:11524 Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. oval:org.mitre.oval:def:11766 The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of servic ... oval:org.mitre.oval:def:11639 Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. oval:org.mitre.oval:def:11877 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG docu ... oval:org.secpod.oval:def:2237 The host is installed with Apple Safari 4.0.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to properly handle the successive occurrences of the (object) substring. Successful exploitation allows an attacker to crash the affected browser, resulting ... oval:org.secpod.oval:def:2238 The host is installed with Apple Safari 4.0.5 or before or 5.0 and is prone to information disclosure vulnerability. A flaw is present in the application that is caused by the inclusion of HTTP basic authentication credentials in an HTTP request which will persuade a victim to visit a Web site that ... oval:org.mitre.oval:def:7323 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property. oval:org.mitre.oval:def:6475 Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: UR ... oval:org.secpod.oval:def:856 The host is installed with Google Chrome before 11.0.696.57, Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application, which fail to handle ruby element and Cascading Style Sheets (CSS) token sequences. Successful exp ... oval:org.mitre.oval:def:7314 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and- ... oval:org.mitre.oval:def:11972 WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a craft ... oval:org.mitre.oval:def:11729 Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers. oval:org.mitre.oval:def:7135 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. oval:org.mitre.oval:def:7374 WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue." oval:org.mitre.oval:def:7252 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning. oval:org.mitre.oval:def:7255 WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. oval:org.mitre.oval:def:11962 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document. oval:org.mitre.oval:def:11964 WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related ... oval:org.mitre.oval:def:11837 Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element ... oval:org.mitre.oval:def:11956 Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. oval:org.secpod.oval:def:2674 The host is missing a security update according to APPLE-SA-2011-04-14-3. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application which fail to properly handle CSS style and certain text nodes. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:813 The host is installed with Apple Safari and is prone to integer underflow vulnerability. A flaw is present in the application in WebKit's handling of WebSockets. Successful exploitation allows attacker to cause a denial of service (application crash) oval:org.secpod.oval:def:812 The host is installed with Apple Safari and is prone to use-after-free vulnerability. A flaw is present in the application in WebKit's handling of inline text boxes. Successful exploitation allows attacker to make an unexpected application termination or arbitrary code execution oval:org.secpod.oval:def:815 The host is installed with Apple Safari and is prone to multiple vulnerabilities. The flaws are present the application that are caused by input validation and implementation errors in WebKit. Successful exploitation allows attackers to bypass certain security checks, gain knowledge of sensitive inf ... oval:org.mitre.oval:def:7005 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method. oval:org.secpod.oval:def:814 The host is installed with Apple Safari and is prone to spoofing vulnerability. A flaw is present in the application that is caused due to an error in handling of address bar, which does not properly manage the address bar between the request to open a URL and the retrieval of the new document's con ... oval:org.secpod.oval:def:817 The host is installed with Apple Safari and is prone to denial of service vulnerability. A flaw is the application due to an error in CFNetwork when processing 'BACKGROUND' attribute of a 'BODY' element via a long string. Successful exploitation allows an attacker to crash the affected browser, resu ... oval:org.secpod.oval:def:816 The host is installed with Apple Safari and is prone to denial of service vulnerability. A flaw is present in the application caused by a stack overflow in the WebCore::CSSSelector function within the WebKit library. Successful exploitation allow remote attackers to cause the browsers to crash. oval:org.secpod.oval:def:819 The host is installed with Apple Safari Web Browser and is prone to multiple vulnerabilities. The flaws are present in the application due to error in 'HREF' attribute of a stylesheet 'LINK' element, when reading the 'document.styleSheets[0].href' property value. Successful exploitation allows attac ... oval:org.secpod.oval:def:818 The host is installed with Apple Safari and is prone to denial of service vulnerability. A flaw is present in the application due to an error n CFNetwork when, processing 'SRC' attribute of a 'IMG' or 'IFRAME' element via a long string. Successful exploitation allows attacker to crash the affected b ... oval:org.mitre.oval:def:11820 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory cor ... oval:org.mitre.oval:def:11941 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attac ... oval:org.mitre.oval:def:10964 Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to elem ... oval:org.mitre.oval:def:11814 WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of s ... oval:org.mitre.oval:def:11935 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering ... oval:org.mitre.oval:def:7347 WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data. oval:org.mitre.oval:def:7346 The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. oval:org.secpod.oval:def:1814 The host is installed with Apple Safari version less than or equal to 5.0.5 and is prone to heap-based buffer overflow vulnerability. A flaw is present in ImageIO in the application which fails to handle a crafted TIFF image with CCITT Group 4 encoding. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:4410 The host is installed with Apple iTunes before 9.2 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle a crafted TIFF file. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:14266 The host is installed with Apple Safari before 4.0.4 is prone to stack consumption vulnerability. The flaw is present in the application which fails to properly handle libxml 2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17 via a large depth of element declarations in a DTD. Successfu ... oval:org.secpod.oval:def:17245 The host is installed with Apple Safari before 4.0 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a long XML entity name. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:17284 The host is installed with Apple Safari before 3.2.3 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a long XML entity name. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:17287 The host is missing a security update according to Apple advisory, APPLE-SA-2009-05-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary co ... oval:org.secpod.oval:def:317 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in WebKit, which fails to prevent man-in-the-middle attack while browsing the iTunes Store via iTunes. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:2774 The host is installed with Google Chrome before 15.0.874.102 or Apple Safari before 5.1.4 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly handle javascript URLs. Successful exploitation could allow attackers to read cookies and bypass se ... oval:org.secpod.oval:def:2773 The host is installed with Google Chrome before 15.0.874.102 or Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle editing operations in conjunction with an unknown plug-in. Succes ... oval:org.secpod.oval:def:2776 The host is installed with Google Chrome before 15.0.874.102 or Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle stale style bugs. Successful exploitation could allow attackers to crash t ... oval:org.secpod.oval:def:2781 The host is installed with Google Chrome before 15.0.874.102 or Apple Safari before 5.1.4 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle cross-origin policy violations. Successful exploitation could allow attackers to bypass sec ... oval:org.secpod.oval:def:2761 The host is installed with Google Chrome before 14.0.835.202 or Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle SVG text. Successful exploitation could allow attackers to crash the se ... oval:org.secpod.oval:def:2486 The host is installed with Google Chrome before 14.0.835.163 or Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle unload event. Successful exploitation allows remote attackers to ca ... oval:org.secpod.oval:def:2485 The host is installed with Google Chrome before 14.0.835.163 or Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle the document loader. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:40348 The host is missing a security update according to Apple advisory, APPLE-SA-2011-07-20-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote web servers to execute arbitrary code ... oval:org.secpod.oval:def:1803 The host is installed with Apple Safari version less than or equal to 5.0.5 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary c ... oval:org.secpod.oval:def:1417 The host is installed with Google Chrome before 12.0.742.112 or Apple Safari before 5..1.1 or Apple iTunes before 10.5 and is prone to use-after-free vulnerability. A flaw is present in the application which fails to properly handle SVG use elements. Successful exploitation allows attacker to cause ... oval:org.secpod.oval:def:1924 The host is installed with Google Chrome before 13.0.782.107 or Apple Safari before 5.1.1 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle base URI. Successful exploitation could allow attackers to bypass security and gain sensitive informa ... oval:org.secpod.oval:def:1925 The host is installed with Google Chrome before 13.0.782.107 or Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle display box function. Successful exploitation allows attacker to crash the ... oval:org.secpod.oval:def:1926 The host is installed with Google Chrome before 13.0.782.107 or Apple Safari before 5.1.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to enforce proper security restrictions. Successful exploitation allows attackers to bypass same origin po ... oval:org.secpod.oval:def:1931 The host is installed with Google Chrome before 13.0.782.107 or Apple Safari before 5.1.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to enforce proper security restrictions. Successful exploitation could allow attacker to disclose poten ... oval:org.secpod.oval:def:1932 The host is installed with Google Chrome before 13.0.782.107 or Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a Use-after-free vulnerability. A flaw is present in the application, which fails to handle html range. Successful exploitation could allow attackers to crash the ser ... oval:org.secpod.oval:def:1934 The host is installed with Google Chrome before 13.0.782.107 or Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to properly handle resource caching. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:1939 The host is installed with Google Chrome before 13.0.782.107 or Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle float removal. Successful exploitation could allow attackers to crash the ... oval:org.secpod.oval:def:1941 The host is installed with Google Chrome before 13.0.782.107 or Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a Use-after-free vulnerability. A flaw is present in the application, which fails to properly handle floating styles. Successful exploitation could allow an attacker ... oval:org.secpod.oval:def:1943 The host is installed with Google Chrome before 13.0.782.107 or Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly implement inspector serialization functionality. Successful exploitatio ... oval:org.secpod.oval:def:1951 The host is installed with Google Chrome before 13.0.782.107 or Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly track line boxes during rendering. Successful exploitation could allo ... oval:org.secpod.oval:def:2220 The host is installed with Google Chrome before 13.0.782.215 or Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle text searching properly. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:2222 The host is installed with Google Chrome before 13.0.782.215 or Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle user supplied input. Successful exploitation could allow attackers to cras ... oval:org.secpod.oval:def:2224 The host is installed with Google Chrome before 13.0.782.215 or Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to sanitize user supplied input. Successful exploitation could allow attackers to cr ... oval:org.secpod.oval:def:2466 The host is installed with Google Chrome before 14.0.835.163 or Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to denial of service vulnerability. A flaw is present in the application, which does not properly handle boxes. Successful exploitation allows remote attackers to cause ... oval:org.secpod.oval:def:2472 The host is installed with Google Chrome before 14.0.835.163 or Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle table styles. Successful exploitation allows remote attackers to ca ... oval:org.secpod.oval:def:2475 The host is installed with Google Chrome before 14.0.835.163 or Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle focus controller. Successful exploitation allows remote attackers t ... oval:org.secpod.oval:def:2477 The host is installed with Google Chrome before 14.0.835.163 or Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to denial of service vulnerability. A flaw is present in the applications, which does not properly handle Cascading Style Sheets (CSS) token sequences. Successful exploi ... oval:org.secpod.oval:def:2478 The host is installed with Google Chrome before 14.0.835.163 or Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle ruby / table style. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:3397 The host is installed with Google Chrome 15 or earlier or Apple Safari 5.1.1 or earlier and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to prevent capture of data about the time required for image loading. Successful exploitation could allow ... oval:org.secpod.oval:def:3394 The host is installed with Apple Safari before 5.1.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle vectors involving inactive DOM windows. Successful exploitation could allow to execute arbitrary JavaScript code. oval:org.secpod.oval:def:3395 The host is installed with Apple Safari before 5.1.1 and is prone to a security bypass vulnerability. A flaw is present in the application, a logic error when handling cookies while in Private Browsing mode. Successful exploitation could allow attackers to set cookies although the "Block cookies" op ... oval:org.secpod.oval:def:3392 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3390 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3375 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3373 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3379 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3377 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3371 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3386 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3384 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3388 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3381 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3380 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3353 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3350 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3351 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3355 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3359 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3363 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3361 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3367 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3365 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3369 The host is installed with Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle via vectors related to iTunes Store browsing. Successful exploitation could allow to crash the service. oval:org.secpod.oval:def:3349 The host is installed with Apple Safari before 5.1.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to enforce an intended policy for file: URLs. Successful exploitation could allow to execute arbitrary code. oval:org.secpod.oval:def:3348 The host is installed with Apple Safari before 5.1.1 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to handle a crafted safari extension. Successful exploitation could allow to execute arbitrary JavaScript code. oval:org.mitre.oval:def:7403 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." oval:org.mitre.oval:def:7561 ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. oval:org.mitre.oval:def:7554 WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. oval:org.secpod.oval:def:3781 The host is installed with Apple Safari before 5.0.3 or 4.1.3 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle vectors involving selections. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:3782 The host is installed with Apple Safari before 5.0.3 or 4.1.3 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to prevent access of uninitialized memory during processing of editable elements. Successful exploitation could allow attackers to execute a ... oval:org.secpod.oval:def:3780 The host is installed with Apple Safari before 5.0.3 or 4.1.3 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors involving form menus. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3783 The host is missing a security update according to Apple advisory, APPLE-SA-2010-11-18-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly sanitize user supplied input. Successful exploitation could allow attackers to execute a ... oval:org.secpod.oval:def:3976 The host is missing an important security update according to Apple advisory, APPLE-SA-2011-10-12-4. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to sanitize user supplied input. Successful exploitation could allow to execute arbitrar ... oval:org.secpod.oval:def:4584 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4585 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4582 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4583 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4588 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4589 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4586 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4587 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4580 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4581 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4474 The host is installed with Apple Safari before 5.0.6 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors related to improper list management for Cascading Style Sheets (CSS). Successful exploitation could allow attackers to crash the se ... oval:org.secpod.oval:def:4595 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4596 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4593 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4594 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4599 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4597 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4598 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4591 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4592 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4590 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4562 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4563 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4560 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4561 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4566 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4567 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4564 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4565 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4568 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4569 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4573 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4574 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4571 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4572 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4577 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4578 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4575 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4576 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4579 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4570 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3576 The host is installed with Google Chrome before 16.0.912.63 or Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle SVG parsing. Successful exploitation could allow attackers to crash th ... oval:org.secpod.oval:def:4544 The host is installed with Apple Safari 5.0.5 and is prone to an URL spoofing vulnerability. A flaw is present in an application, which fails to handle a crafted web page. Successful exploitation could allow attackers to spoof the address bar. oval:org.secpod.oval:def:4545 The host is installed with Apple Safari 5.1.2 and is prone to a use-after-free vulnerability. A flaw is present in an application, which fails to handle improper coordination between an API call and the plug-in unloading functionality. Successful exploitation could allow attackers to crash the servi ... oval:org.secpod.oval:def:3211 The host is installed with Google Chrome before 15.0.874.120 or Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to an use after free vulnerability. A flaw is present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to c ... oval:org.secpod.oval:def:3575 The host is installed with Google Chrome before 16.0.912.63 or Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle property arrays. Successful exploitation could allow attackers to crash ... oval:org.secpod.oval:def:4556 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4559 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4557 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to iTunes Store browsing. Successful exploitation could allow attackers to crash the service ... oval:org.secpod.oval:def:4558 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to iTunes Store browsing. Successful exploitation could allow attackers to crash the service ... oval:org.secpod.oval:def:4029 The host is installed with Google Chrome before 16.0.912.77 or Apple Safari before 5.1.4 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to DOM. Successful exploitation could allow remote attackers to execute arbitrary code or ... oval:org.mitre.oval:def:7606 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events. oval:org.mitre.oval:def:7401 WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image captu ... oval:org.mitre.oval:def:7519 WebKit in Apple Safari before 5.0 or iTunes on Windows, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers ... oval:org.mitre.oval:def:7503 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element. oval:org.secpod.oval:def:4760 The host is installed with Apple Safari before 5.1.4 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to handle the Private Browsing mode. Successful exploitation allows remote attackers to bypass intended privacy settings and insert history entries vi ... oval:org.secpod.oval:def:4761 The host is installed with Apple Safari before 5.1.4 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to properly handle a malicious website. Successful exploitation allows remote attackers to inject arbitrary web script or HTML via unspecif ... oval:org.secpod.oval:def:4764 The host is installed with Apple Safari before 5.1.4 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to properly handle a malicious website. Successful exploitation allows remote attackers to inject arbitrary web script or HTML via vectors ... oval:org.secpod.oval:def:4765 The host is installed with Apple Safari before 5.1.4 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to properly handle a malicious website. Successful exploitation allows remote attackers to inject arbitrary web script or HTML via unspecif ... oval:org.secpod.oval:def:4762 The host is installed with Apple Safari before 5.1.4 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to properly handle a malicious website. Successful exploitation allows remote attackers to inject arbitrary web script or HTML via unspecif ... oval:org.secpod.oval:def:4763 The host is installed with Apple Safari before 5.1.4 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to properly handle a malicious website. Successful exploitation allows remote attackers to inject arbitrary web script or HTML via unspecif ... oval:org.mitre.oval:def:7556 WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion o ... oval:org.mitre.oval:def:7552 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. oval:org.secpod.oval:def:4757 The host is installed with Apple Safari before 5.1.4 and is prone to URL spoofing vulnerability. A flaw is present in the application, which fails to properly restrict the characters in URLs. Successful exploitation allows remote attackers to spoof a domain name via unspecified homoglyphs. oval:org.secpod.oval:def:4758 The host is installed with Apple Safari before 5.1.4 and is prone to cookie setting vulnerability. A flaw is present in the application, which fails to properly block cookies from third parties and advertisers. Successful exploitation allows remote web servers to track users via a cookie. oval:org.secpod.oval:def:4756 The host is missing a security update according to APPLE-SA-2012-03-12-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle malicious contents. Successful exploitation allows remote attackers to execute remote code or gai ... oval:org.secpod.oval:def:4759 The host is installed with Apple Safari before 5.1.4 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle redirects in conjunction with HTTP authentication. Successful exploitation allows remote web servers to capture credentials ... oval:org.secpod.oval:def:4600 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4603 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4604 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4601 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4602 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4607 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4605 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:4606 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.mitre.oval:def:7499 Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile. oval:org.mitre.oval:def:7497 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during ... oval:org.secpod.oval:def:4610 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to iTunes Store browsing. Successful exploitation could allow attackers to crash the service ... oval:org.secpod.oval:def:4611 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to iTunes Store browsing. Successful exploitation could allow attackers to crash the service ... oval:org.secpod.oval:def:4614 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to iTunes Store browsing. Successful exploitation could allow attackers to crash the service ... oval:org.secpod.oval:def:4612 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to iTunes Store browsing. Successful exploitation could allow attackers to crash the service ... oval:org.secpod.oval:def:4613 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to iTunes Store browsing. Successful exploitation could allow attackers to crash the service ... oval:org.secpod.oval:def:4609 The host is installed with Apple iTunes before 10.6 or Apple Safari before 5.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle vectors related to a crafted website. Successful exploitation could allow attackers to crash the service. oval:org.mitre.oval:def:7476 WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. oval:org.mitre.oval:def:7591 WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document. oval:org.mitre.oval:def:7464 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue." oval:org.secpod.oval:def:5667 The host is installed with Apple Safari before 5.1.7 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly track state information during the processing of form input. Successful exploitation could allow attackers to fill in form fields on the ... oval:org.secpod.oval:def:5666 The host is installed with Apple Safari before 5.1.7 or Apple iTunes before 10.6.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle malicious data. Successful exploitation could allow attackers to execute arbitrary code or crash the servi ... oval:org.secpod.oval:def:5668 The host is missing an important security update according to Apple advisory, APPLE-SA-2012-05-09-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle malicious data. Successful exploitation could allow attackers bypass s ... oval:org.secpod.oval:def:4852 The host is installed with Google Chrome before 17.0.963.83 or Apple Safari before 5.1.7 and is prone to cross-origin violation vulnerability. A flaw is present in the application, which fails to handle the Same Origin Policy. Successful exploitation could allow remote attackers to bypass the Same O ... oval:org.secpod.oval:def:4617 The host is installed with Google Chrome before 17.0.963.78 or Apple Safari before 5.1.7 and is prone to Universal XSS (UXSS) vulnerability. A flaw is present in the applications, which fail to properly handle history navigation. Successful exploitation allows remote attackers to execute arbitrary c ... oval:org.secpod.oval:def:3965 The host is installed with Apple Safari before 5.0.5 or Apple iTunes before 10.5 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the application, as it fails to handle TIFF images. Successful exploitation could allow attackers to execute arbitrary code or crash the s ... oval:org.mitre.oval:def:7405 Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, Apple Safari before 5.0.6 or Apple iTunes before 10.5, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such a ... oval:org.secpod.oval:def:3970 The host is installed with Apple Safari before 5.0.5 or Apple iTunes before 10.5 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle images with an embedded ColorSync profile. Successful exploitation could allow attackers to execute arbitrar ... oval:org.secpod.oval:def:17241 The host is installed with Apple Safari before 4.0 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle PDF file containing a maliciously crafted JBIG2 stream. Successful exploitation could allow attackers to execute arbitrary code o ... oval:org.secpod.oval:def:3486 The host is installed with Apple Safari before 5.0.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to sanitize user supplied input. Successful exploitation could allow attackers to crash the service. oval:org.mitre.oval:def:7587 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. oval:org.secpod.oval:def:14267 The host is installed with Apple Safari before 4.0.4 is prone to use-after-free vulnerability. The flaw is present in the application which fails to properly handle libxml 2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17 via crafted notation or enumeration attribute types in an XML fi ... oval:org.secpod.oval:def:14890 The host is missing an important security update according to Apple advisory, APPLE-SA-2009-11-11-1. The update is required to fix multiple vulnerabilities. The flaw are present in the application, which fails to handle a crafted application. Successful exploitation could allow attackers to crash th ... oval:org.secpod.oval:def:17244 The host is installed with Apple Safari before 4.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly detect recursion during entity expansion in an attribute value. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:17270 The host is installed with Apple Safari before 4.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle an XML External Entity issue. Successful exploitation could allow attackers to read files from the user's system. oval:org.secpod.oval:def:17242 The host is installed with Apple Safari before 4.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted PNG file. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:17340 The host is missing a security update according to APPLE-SA-2011-03-09-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application which fails to properly handle memory. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:17239 The host is installed with Apple Safari before 4.0 and is prone to a multiple integer overflow vulnerability. The flaws are present in the application, which fails to properly handle vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. ... oval:org.secpod.oval:def:14279 The host is installed with Apple iTunes before 10.2 or Apple Safari before 5.0.4 and is prone to memory leak vulnerability. The flaw is present in the application, which fails to handle a PNG image containing malformed Physical Scale (aka sCAL) chunks. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:17282 The host is missing a security update according to Apple advisory, APPLE-SA-2009-06-08-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:17221 The host is missing a security update according to Apple advisory, APPLE-SA-2008-06-19. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or cra ... oval:org.mitre.oval:def:8509 Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows ... oval:org.mitre.oval:def:11851 The host is installed with Apple iTunes before 10.2, Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Mozilla SeaMonkey 2.x before 2.0.6 or Mozilla Thunderbird 3.1.x before 3.1.1 and 3.0.x before 3.0.6 or Apple Safari before 5.0.4 and is prone to buffer overflow vulnerability. The flaw is ... oval:org.secpod.oval:def:2688 The host is installed with Mozilla Firefox before 7.0, Thunderbird before 7.0 or SeaMonkey before 2.4, Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted javascript code. Succ ... |