Lucene search

K

223 matches found

CVE
CVE
added 2012/07/25 8:55 p.m.117 views

CVE-2012-1520

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVE
added 2010/11/22 1:0 p.m.91 views

CVE-2010-3804

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a relat...

5CVSS8.2AI score0.19249EPSS
CVE
CVE
added 2011/07/21 11:55 p.m.78 views

CVE-2011-0216

Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.

9.3CVSS8.5AI score0.01308EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.76 views

CVE-2009-1690

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupti...

9.3CVSS7.3AI score0.1222EPSS
CVE
CVE
added 2011/07/21 11:55 p.m.74 views

CVE-2011-0255

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS
CVE
CVE
added 2009/05/13 5:30 p.m.72 views

CVE-2009-0945

Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitra...

9.3CVSS7.7AI score0.11718EPSS
CVE
CVE
added 2010/11/22 1:0 p.m.70 views

CVE-2010-3812

Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause...

9.3CVSS9.3AI score0.06675EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.68 views

CVE-2009-1709

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG ...

9.3CVSS8.8AI score0.08085EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.68 views

CVE-2011-3243

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.

4.3CVSS5AI score0.00521EPSS
CVE
CVE
added 2007/06/12 10:30 p.m.67 views

CVE-2007-3186

Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.

9.3CVSS7.2AI score0.08926EPSS
CVE
CVE
added 2009/07/09 5:30 p.m.67 views

CVE-2009-1725

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to exe...

9.3CVSS7.4AI score0.12201EPSS
CVE
CVE
added 2009/09/29 6:0 p.m.67 views

CVE-2009-3455

Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certi...

7.5CVSS5.7AI score0.01808EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.64 views

CVE-2009-1698

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code ...

9.3CVSS7.4AI score0.0736EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.64 views

CVE-2009-1702

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.

4.3CVSS6.5AI score0.00573EPSS
CVE
CVE
added 2007/06/25 7:30 p.m.63 views

CVE-2007-2400

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to p...

4.3CVSS5.3AI score0.00304EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.63 views

CVE-2009-1711

WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

9.3CVSS7.7AI score0.064EPSS
CVE
CVE
added 2009/11/13 3:30 p.m.63 views

CVE-2009-2841

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers...

5CVSS6.8AI score0.03879EPSS
CVE
CVE
added 2009/11/13 3:30 p.m.63 views

CVE-2009-2842

Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.

4.3CVSS5.9AI score0.00796EPSS
CVE
CVE
added 2011/07/21 11:55 p.m.63 views

CVE-2011-1288

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.62 views

CVE-2009-1712

WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.

9.3CVSS7.4AI score0.04819EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.62 views

CVE-2009-1713

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.

7.1CVSS6.9AI score0.00861EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.61 views

CVE-2009-1687

The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption an...

9.3CVSS7.3AI score0.0736EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.61 views

CVE-2009-1714

Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.

4.3CVSS6.5AI score0.00648EPSS
CVE
CVE
added 2007/06/19 9:30 p.m.59 views

CVE-2007-3274

Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location.

4.3CVSS6AI score0.00388EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.59 views

CVE-2009-1694

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site i...

5.8CVSS6.9AI score0.00637EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.59 views

CVE-2009-1695

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transit...

4.3CVSS6.3AI score0.00573EPSS
CVE
CVE
added 2009/08/12 7:30 p.m.59 views

CVE-2009-2195

Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.

9.3CVSS8.7AI score0.2882EPSS
CVE
CVE
added 2010/11/22 1:0 p.m.59 views

CVE-2010-3813

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetchin...

5.8CVSS8.5AI score0.00848EPSS
CVE
CVE
added 2011/07/21 11:55 p.m.59 views

CVE-2011-1797

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.01413EPSS
CVE
CVE
added 2009/07/09 5:30 p.m.58 views

CVE-2009-1724

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.

4.3CVSS6.6AI score0.01516EPSS
CVE
CVE
added 2010/03/25 9:0 p.m.58 views

CVE-2010-1119

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database...

10CVSS8.6AI score0.28439EPSS
CVE
CVE
added 2011/07/21 11:55 p.m.58 views

CVE-2010-1383

CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.

9.3CVSS8.5AI score0.0083EPSS
CVE
CVE
added 2011/07/21 11:55 p.m.58 views

CVE-2011-1453

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.57 views

CVE-2009-1693

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."

5.8CVSS7AI score0.00573EPSS
CVE
CVE
added 2009/09/14 4:30 p.m.57 views

CVE-2009-2804

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.

6.8CVSS7.9AI score0.09194EPSS
CVE
CVE
added 2009/06/15 7:30 p.m.56 views

CVE-2009-2072

Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy serve...

5.4CVSS6.1AI score0.00041EPSS
CVE
CVE
added 2010/11/22 1:0 p.m.56 views

CVE-2010-3816

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.

9.3CVSS8.6AI score0.10426EPSS
CVE
CVE
added 2010/11/22 1:0 p.m.56 views

CVE-2010-3823

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this ...

9.3CVSS8.6AI score0.10426EPSS
CVE
CVE
added 2011/07/21 11:55 p.m.56 views

CVE-2011-0222

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.58896EPSS
CVE
CVE
added 2013/03/15 8:55 p.m.56 views

CVE-2013-0961

WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960.

6.8CVSS7.5AI score0.01189EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.55 views

CVE-2009-0162

Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.

4.3CVSS6.1AI score0.0195EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.55 views

CVE-2009-1697

CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks ...

4.3CVSS6.6AI score0.00192EPSS
CVE
CVE
added 2011/07/21 11:55 p.m.55 views

CVE-2011-0253

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.02627EPSS
CVE
CVE
added 2012/07/25 8:55 p.m.55 views

CVE-2012-3681

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.02826EPSS
CVE
CVE
added 2007/07/23 4:30 p.m.54 views

CVE-2007-3944

Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: t...

9.3CVSS7.4AI score0.36787EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.54 views

CVE-2009-1681

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted...

4.3CVSS6.8AI score0.00261EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.54 views

CVE-2009-1684

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next lo...

4.3CVSS6.4AI score0.01963EPSS
CVE
CVE
added 2009/06/10 7:30 p.m.54 views

CVE-2009-2027

The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method.

7.2CVSS6.1AI score0.00045EPSS
CVE
CVE
added 2009/11/13 3:30 p.m.54 views

CVE-2009-3384

Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.

9.3CVSS7.3AI score0.01257EPSS
CVE
CVE
added 2011/03/10 8:55 p.m.54 views

CVE-2011-1344

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, r...

6.8CVSS9AI score0.03992EPSS
Total number of security vulnerabilities223