Lucene search

K

792 matches found

CVE
CVE
added 2016/07/22 2:59 a.m.51 views

CVE-2016-4586

WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.2AI score0.00667EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.50 views

CVE-2005-2516

Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.

7.5CVSS9.7AI score0.01074EPSS
CVE
CVE
added 2011/03/03 8:0 p.m.50 views

CVE-2011-0132

Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of se...

7.6CVSS9.2AI score0.00771EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.50 views

CVE-2011-2799

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling.

6.8CVSS6.9AI score0.02007EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.50 views

CVE-2019-8654

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.1. Visiting a malicious website may lead to user interface spoofing.

6.5CVSS5.9AI score0.00255EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.50 views

CVE-2019-8725

The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.

5.3CVSS5.3AI score0.00237EPSS
CVE
CVE
added 2020/10/16 5:15 p.m.50 views

CVE-2020-9912

A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode.

3.3CVSS5AI score0.00068EPSS
CVE
CVE
added 2007/04/22 7:19 p.m.49 views

CVE-2007-2163

Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

5CVSS6.2AI score0.00477EPSS
CVE
CVE
added 2008/07/14 11:41 p.m.49 views

CVE-2008-3170

Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE...

6.8CVSS6.1AI score0.03644EPSS
CVE
CVE
added 2010/06/25 7:30 p.m.49 views

CVE-2010-2454

Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206.

4.3CVSS8.4AI score0.00477EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.49 views

CVE-2011-2847

Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

6.8CVSS7AI score0.02455EPSS
CVE
CVE
added 2012/03/05 7:55 p.m.49 views

CVE-2011-3040

Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

4.3CVSS6AI score0.02655EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.49 views

CVE-2011-3230

Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.

6.8CVSS7.3AI score0.67284EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.49 views

CVE-2011-3242

The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.

5CVSS6.2AI score0.0043EPSS
CVE
CVE
added 2016/07/22 2:59 a.m.49 views

CVE-2016-4584

The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.4AI score0.00768EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.49 views

CVE-2025-31223

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

8CVSS5.8AI score0.00082EPSS
CVE
CVE
added 2007/09/27 10:17 p.m.48 views

CVE-2007-3760

Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags.

4.3CVSS6.2AI score0.01182EPSS
CVE
CVE
added 2009/01/08 7:30 p.m.48 views

CVE-2009-0070

Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issu...

9.3CVSS6.9AI score0.09793EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.48 views

CVE-2011-2819

Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI.

6.8CVSS6.1AI score0.00738EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.48 views

CVE-2018-4195

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 12.

6.5CVSS6.2AI score0.00255EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.48 views

CVE-2018-4329

Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12.

7.5CVSS7.1AI score0.00281EPSS
CVE
CVE
added 2007/05/09 9:19 p.m.47 views

CVE-2007-2580

Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script.

1.9CVSS5.1AI score0.00264EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.47 views

CVE-2011-3229

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.

6.8CVSS6.7AI score0.00388EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.47 views

CVE-2012-3713

Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document.

4.3CVSS6AI score0.00435EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.46 views

CVE-2005-2517

Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.

2.6CVSS9.4AI score0.00305EPSS
CVE
CVE
added 2008/11/17 6:18 p.m.46 views

CVE-2008-3644

Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.

1.9CVSS5.1AI score0.00066EPSS
CVE
CVE
added 2008/11/25 11:30 p.m.46 views

CVE-2008-4232

Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.

5CVSS5.9AI score0.00881EPSS
CVE
CVE
added 2009/09/21 7:30 p.m.46 views

CVE-2009-3271

Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.

4.3CVSS6.1AI score0.02007EPSS
CVE
CVE
added 2011/03/03 8:0 p.m.46 views

CVE-2011-0115

The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a den...

7.6CVSS9.2AI score0.01137EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.46 views

CVE-2011-1107

Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors.

4.3CVSS8.1AI score0.00999EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.46 views

CVE-2012-3715

Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network.

4.3CVSS5.4AI score0.00435EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.46 views

CVE-2016-1783

WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.3CVSS8.9AI score0.01662EPSS
CVE
CVE
added 2016/05/20 11:0 a.m.46 views

CVE-2016-1858

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.

6.5CVSS6.1AI score0.01328EPSS
CVE
CVE
added 2019/01/11 6:29 p.m.46 views

CVE-2018-4186

In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation.

7.5CVSS7.4AI score0.00322EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.45 views

CVE-2005-2522

Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.

5.1CVSS9.6AI score0.02862EPSS
CVE
CVE
added 2007/12/19 9:46 p.m.45 views

CVE-2007-5858

WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.

4.3CVSS7.9AI score0.01025EPSS
CVE
CVE
added 2008/02/21 9:44 p.m.45 views

CVE-2008-0894

Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420.

6.8CVSS6.3AI score0.02102EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.45 views

CVE-2018-4362

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12.

6.5CVSS6.4AI score0.00222EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.45 views

CVE-2018-4445

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2.

4.3CVSS5.3AI score0.00191EPSS
CVE
CVE
added 2024/10/24 5:15 p.m.45 views

CVE-2024-44206

An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions.

9.3CVSS5.2AI score0.00423EPSS
CVE
CVE
added 2007/09/27 10:17 p.m.44 views

CVE-2007-3758

Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks.

4.3CVSS6.6AI score0.01387EPSS
CVE
CVE
added 2008/11/25 11:30 p.m.44 views

CVE-2008-4233

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.

2.6CVSS6.1AI score0.01155EPSS
CVE
CVE
added 2010/03/29 7:30 p.m.44 views

CVE-2010-1180

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514.

9.3CVSS8AI score0.05131EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.44 views

CVE-2018-4260

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.

6.5CVSS6.4AI score0.00222EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.44 views

CVE-2025-31217

The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

6.5CVSS5.8AI score0.00204EPSS
CVE
CVE
added 2008/11/17 6:18 p.m.43 views

CVE-2008-4216

The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files."

4.3CVSS5.2AI score0.0064EPSS
Web
CVE
CVE
added 2009/02/13 12:30 a.m.43 views

CVE-2009-0137

Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues."

10CVSS7.3AI score0.0058EPSS
CVE
CVE
added 2010/03/29 7:30 p.m.43 views

CVE-2010-1177

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings.

9.3CVSS8AI score0.04442EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.43 views

CVE-2012-3714

The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.

4.3CVSS5.9AI score0.00319EPSS
CVE
CVE
added 2016/07/22 2:59 a.m.43 views

CVE-2016-4604

Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.

5.8CVSS6.1AI score0.00366EPSS
Total number of security vulnerabilities792