Lucene search

K

1421 matches found

CVE
CVE
added 2012/07/25 8:55 p.m.37 views

CVE-2012-3609

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVE
added 2012/07/25 8:55 p.m.37 views

CVE-2012-3661

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.02826EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.37 views

CVE-2015-7093

Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a crafted web site.

4.3CVSS5.8AI score0.00266EPSS
CVE
CVE
added 2007/11/15 2:46 a.m.36 views

CVE-2007-4699

The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.

7.5CVSS7AI score0.00301EPSS
CVE
CVE
added 2008/03/19 12:44 a.m.36 views

CVE-2008-1007

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

4.3CVSS5.3AI score0.00949EPSS
CVE
CVE
added 2009/03/24 2:30 p.m.36 views

CVE-2009-1060

Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009.

9.3CVSS7.4AI score0.13958EPSS
CVE
CVE
added 2012/07/25 8:55 p.m.36 views

CVE-2012-3600

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVE
added 2012/07/25 8:55 p.m.36 views

CVE-2012-3608

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVE
added 2012/07/25 8:55 p.m.36 views

CVE-2012-3639

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.02826EPSS
CVE
CVE
added 2007/11/15 12:46 a.m.35 views

CVE-2007-4698

Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.

4.3CVSS6.5AI score0.01128EPSS
CVE
CVE
added 2008/07/14 6:41 p.m.35 views

CVE-2008-1589

Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.

4.3CVSS6.1AI score0.00256EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.35 views

CVE-2009-1682

Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.

4.3CVSS6.8AI score0.00387EPSS
CVE
CVE
added 2012/07/25 8:55 p.m.35 views

CVE-2012-3603

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVE
added 2009/05/11 3:30 p.m.34 views

CVE-2009-1600

Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated b...

9.3CVSS6.3AI score0.00242EPSS
CVE
CVE
added 2012/07/25 8:55 p.m.34 views

CVE-2012-3593

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVE
added 2024/01/10 10:15 p.m.34 views

CVE-2023-40385

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.

6.5CVSS6.7AI score0.00208EPSS
CVE
CVE
added 2012/07/25 8:55 p.m.33 views

CVE-2012-3596

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVE
added 2008/07/14 11:41 p.m.32 views

CVE-2008-3171

Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

5CVSS5.7AI score0.0026EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.32 views

CVE-2016-1771

The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site.

7.1CVSS6.4AI score0.0048EPSS
CVE
CVE
added 2010/03/29 7:30 p.m.30 views

CVE-2010-1178

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string.

4.3CVSS6.3AI score0.0045EPSS
CVE
CVE
added 2025/05/19 4:15 p.m.25 views

CVE-2025-24189

The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption.

8.8CVSS5.5AI score0.00026EPSS
Total number of security vulnerabilities1421