Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
AppleSafari

126 matches found

CVE
CVEadded 2010/11/22 1:0 p.m.46 views

CVE-2010-3826

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of ...

9.3CVSS8.7AI score0.02223EPSS
CVE
CVEadded 2010/03/15 1:28 p.m.45 views

CVE-2010-0044

PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.

4.3CVSS8AI score0.00464EPSS
CVE
CVEadded 2010/03/15 1:28 p.m.45 views

CVE-2010-0045

Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.

9.3CVSS8.2AI score0.02733EPSS
CVE
CVEadded 2010/06/11 6:0 p.m.45 views

CVE-2010-1405

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.

9.3CVSS8.7AI score0.08544EPSS
CVE
CVEadded 2010/06/11 6:0 p.m.45 views

CVE-2010-1413

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

5CVSS7.2AI score0.01011EPSS
CVE
CVEadded 2010/11/22 1:0 p.m.45 views

CVE-2010-3809

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (ap...

9.3CVSS8.7AI score0.02347EPSS
CVE
CVEadded 2010/11/22 1:0 p.m.45 views

CVE-2010-3818

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes.

9.3CVSS8.6AI score0.10426EPSS
CVE
CVEadded 2010/11/22 1:0 p.m.45 views

CVE-2010-3824

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements.

9.3CVSS8.6AI score0.11226EPSS
CVE
CVEadded 2010/03/15 1:28 p.m.44 views

CVE-2010-0042

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.

4.3CVSS7.8AI score0.00957EPSS
CVE
CVEadded 2010/06/11 6:0 p.m.44 views

CVE-2010-1385

Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

9.3CVSS7.7AI score0.04295EPSS
CVE
CVEadded 2010/03/03 7:30 p.m.43 views

CVE-2010-0925

cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element.

5CVSS6.4AI score0.00481EPSS
CVE
CVEadded 2010/03/29 7:30 p.m.43 views

CVE-2010-1180

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514.

9.3CVSS8AI score0.05285EPSS
CVE
CVEadded 2010/11/22 1:0 p.m.43 views

CVE-2010-3821

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of ...

9.3CVSS8.8AI score0.0239EPSS
CVE
CVEadded 2010/03/25 9:0 p.m.42 views

CVE-2010-1120

Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010.

10CVSS7.4AI score0.03861EPSS
CVE
CVEadded 2010/03/27 7:7 p.m.42 views

CVE-2010-1131

JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the substring.

4.3CVSS6.2AI score0.02854EPSS
CVE
CVEadded 2010/03/29 7:30 p.m.42 views

CVE-2010-1177

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings.

9.3CVSS8AI score0.04577EPSS
CVE
CVEadded 2010/11/22 1:0 p.m.42 views

CVE-2010-3811

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes.

9.3CVSS8.6AI score0.10426EPSS
CVE
CVEadded 2010/11/22 1:0 p.m.42 views

CVE-2010-3817

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or c...

9.3CVSS8.7AI score0.02223EPSS
CVE
CVEadded 2010/07/30 8:30 p.m.41 views

CVE-2010-1796

The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.

2.6CVSS5.8AI score0.00357EPSS
CVE
CVEadded 2010/11/22 1:0 p.m.40 views

CVE-2010-3822

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service ...

9.3CVSS8.6AI score0.02199EPSS
CVE
CVEadded 2010/03/29 7:30 p.m.39 views

CVE-2010-1176

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no ...

9.3CVSS7.9AI score0.85286EPSS
CVE
CVEadded 2010/03/29 7:30 p.m.39 views

CVE-2010-1179

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024.

9.3CVSS7.8AI score0.3183EPSS
CVE
CVEadded 2010/01/14 7:30 p.m.38 views

CVE-2010-0314

Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.

5CVSS8.5AI score0.07847EPSS
CVE
CVEadded 2010/03/03 7:30 p.m.38 views

CVE-2010-0924

cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element.

5CVSS6.3AI score0.00481EPSS
CVE
CVEadded 2010/11/22 1:0 p.m.38 views

CVE-2010-3819

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a d...

9.3CVSS8.7AI score0.02551EPSS
CVE
CVEadded 2010/03/29 7:30 p.m.30 views

CVE-2010-1178

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string.

4.3CVSS6.3AI score0.0045EPSS
Total number of security vulnerabilities126