Safari@* Security Vulnerabilities and Issues — Page 25 of Safari@* CVE List

Lucene search

AppleSafari*

1435 matches found

CVE•added 2010/11/22 1:0 p.m.•47 views

CVE-2010-3826

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of ...

9.3CVSS8.7AI score0.02223EPSS

CVE•added 2011/07/21 11:55 p.m.•47 views

CVE-2011-0225

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/08/03 12:55 a.m.•47 views

CVE-2011-2819

Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI.

6.8CVSS6.1AI score0.00738EPSS

CVE•added 2012/07/25 8:55 p.m.•47 views

CVE-2012-3665

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.02826EPSS

CVE•added 2012/07/25 8:55 p.m.•47 views

CVE-2012-3686

9.3CVSS7.8AI score0.02826EPSS

CVE•added 2012/07/25 7:55 p.m.•47 views

CVE-2012-3694

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site.

4.3CVSS5.3AI score0.00277EPSS

CVE•added 2012/09/20 9:55 p.m.•47 views

CVE-2012-3713

Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document.

4.3CVSS6AI score0.00435EPSS

CVE•added 2013/12/18 4:4 p.m.•47 views

CVE-2013-5225

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8CVSS7.8AI score0.02121EPSS

CVE•added 2014/04/02 4:17 p.m.•47 views

CVE-2014-1311

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8CVSS7.8AI score0.01557EPSS

CVE•added 2014/05/22 7:55 p.m.•47 views

CVE-2014-1334

WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.

6.8CVSS7.9AI score0.01344EPSS

CVE•added 2014/07/01 10:17 a.m.•47 views

CVE-2014-1345

WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.

4.3CVSS5.7AI score0.00467EPSS

CVE•added 2014/07/01 10:17 a.m.•47 views

CVE-2014-1367

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...

6.8CVSS7.8AI score0.01171EPSS

CVE•added 2014/07/01 10:17 a.m.•47 views

CVE-2014-1369

WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site.

4.3CVSS6.2AI score0.00542EPSS

CVE•added 2015/03/18 10:59 p.m.•47 views

CVE-2015-1084

The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.

5CVSS6AI score0.00434EPSS

CVE•added 2015/04/10 2:59 p.m.•47 views

CVE-2015-1129

Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.

4.3CVSS6.1AI score0.00227EPSS

CVE•added 2015/08/16 11:59 p.m.•47 views

CVE-2015-3732

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.5AI score0.01576EPSS

CVE•added 2017/05/22 5:29 a.m.•47 views

CVE-2017-2506

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we...

8.8CVSS8AI score0.00853EPSS

CVE•added 2019/04/03 6:29 p.m.•47 views

CVE-2018-4195

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 12.

6.5CVSS6.2AI score0.00255EPSS

CVE•added 2019/04/03 6:29 p.m.•47 views

CVE-2018-4329

Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12.

7.5CVSS7.1AI score0.00281EPSS

CVE•added 2024/10/28 9:15 p.m.•47 views

CVE-2024-44229

An information leakage was addressed with additional validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. Private browsing may leak some browsing history.

5.3CVSS5.2AI score0.00169EPSS

CVE•added 2005/08/19 4:0 a.m.•46 views

CVE-2005-2517

Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.

2.6CVSS9.4AI score0.00305EPSS

CVE•added 2007/08/03 8:17 p.m.•46 views

CVE-2007-3742

WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform ...

4.3CVSS6.1AI score0.00614EPSS

CVE•added 2007/11/15 12:46 a.m.•46 views

CVE-2007-4692

The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not a...

4.3CVSS7.2AI score0.01126EPSS

CVE•added 2008/11/17 6:18 p.m.•46 views

CVE-2008-3644

Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.

1.9CVSS5.1AI score0.00066EPSS

CVE•added 2008/11/25 11:30 p.m.•46 views

CVE-2008-4232

Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.

5CVSS5.9AI score0.00881EPSS

CVE•added 2009/09/21 7:30 p.m.•46 views

CVE-2009-3271

Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.

4.3CVSS6.1AI score0.02007EPSS

CVE•added 2010/03/15 1:28 p.m.•46 views

CVE-2010-0044

PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.

4.3CVSS8AI score0.00464EPSS

CVE•added 2010/03/15 1:28 p.m.•46 views

CVE-2010-0045

Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.

9.3CVSS8.2AI score0.02733EPSS

CVE•added 2010/06/11 6:0 p.m.•46 views

CVE-2010-1405

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.

9.3CVSS8.7AI score0.08544EPSS

CVE•added 2010/11/22 1:0 p.m.•46 views

CVE-2010-3809

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (ap...

9.3CVSS8.7AI score0.02347EPSS

CVE•added 2010/11/22 1:0 p.m.•46 views

CVE-2010-3818

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes.

9.3CVSS8.6AI score0.10426EPSS

CVE•added 2011/03/03 8:0 p.m.•46 views

CVE-2011-0115

The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a den...

7.6CVSS9.2AI score0.01538EPSS

CVE•added 2011/07/21 11:55 p.m.•46 views

CVE-2011-0214

CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.

5CVSS7.8AI score0.00137EPSS

CVE•added 2011/07/21 11:55 p.m.•46 views

CVE-2011-0223

9.3CVSS8.8AI score0.02024EPSS

CVE•added 2011/03/01 11:0 p.m.•46 views

CVE-2011-1107

Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors.

4.3CVSS8.1AI score0.00999EPSS

CVE•added 2011/10/14 10:55 a.m.•46 views

CVE-2011-3229

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.

6.8CVSS6.7AI score0.00388EPSS

CVE•added 2012/07/25 7:55 p.m.•46 views

CVE-2012-0679

Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL.

4.3CVSS6.1AI score0.00236EPSS

CVE•added 2012/07/25 8:55 p.m.•46 views

CVE-2012-3594

9.3CVSS7.8AI score0.0271EPSS

CVE•added 2012/07/25 8:55 p.m.•46 views

CVE-2012-3640

9.3CVSS7.8AI score0.02826EPSS

CVE•added 2012/07/25 8:55 p.m.•46 views

CVE-2012-3646

9.3CVSS7.8AI score0.02826EPSS

CVE•added 2012/07/25 7:55 p.m.•46 views

CVE-2012-3650

WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

4.3CVSS5.4AI score0.00454EPSS

CVE•added 2012/07/25 8:55 p.m.•46 views

CVE-2012-3682

9.3CVSS7.8AI score0.02826EPSS

CVE•added 2012/07/25 7:55 p.m.•46 views

CVE-2012-3695

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property.

4.3CVSS5.2AI score0.00357EPSS

CVE•added 2012/07/25 7:55 p.m.•46 views

CVE-2012-3696

CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling.

4.3CVSS6.3AI score0.00346EPSS

CVE•added 2012/09/20 9:55 p.m.•46 views

CVE-2012-3715

Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network.

4.3CVSS5.4AI score0.00435EPSS

CVE•added 2013/12/18 4:4 p.m.•46 views

CVE-2013-5195

6.8CVSS7.9AI score0.01314EPSS

CVE•added 2013/12/18 4:4 p.m.•46 views

CVE-2013-5196

6.8CVSS7.8AI score0.02121EPSS

CVE•added 2014/04/02 4:17 p.m.•46 views

CVE-2014-1301

6.8CVSS7.9AI score0.01307EPSS

CVE•added 2014/04/02 4:17 p.m.•46 views

CVE-2014-1307