Safari@3.0.4b Security Vulnerabilities and Issues — Safari@3.0.4b CVE List

Lucene search

AppleSafari3.0.4b

166 matches found

CVE•added 2012/11/03 5:55 p.m.•154 views

CVE-2012-3748

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

5.1CVSS7.5AI score0.30417EPSS

CVE•added 2012/07/25 8:55 p.m.•117 views

CVE-2012-1520

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS

CVE•added 2010/11/22 1:0 p.m.•91 views

CVE-2010-3804

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a relat...

5CVSS8.2AI score0.19249EPSS

CVE•added 2011/07/21 11:55 p.m.•78 views

CVE-2011-0216

Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.

9.3CVSS8.5AI score0.01308EPSS

CVE•added 2011/07/21 11:55 p.m.•74 views

CVE-2011-0255

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2010/11/22 1:0 p.m.•70 views

CVE-2010-3812

Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause...

9.3CVSS9.3AI score0.06675EPSS

CVE•added 2011/10/14 10:55 a.m.•68 views

CVE-2011-3243

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.

4.3CVSS5AI score0.00521EPSS

CVE•added 2009/07/09 5:30 p.m.•67 views

CVE-2009-1725

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to exe...

9.3CVSS7.4AI score0.12201EPSS

CVE•added 2009/06/10 6:0 p.m.•64 views

CVE-2009-1698

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code ...

9.3CVSS7.4AI score0.0736EPSS

CVE•added 2009/06/10 6:0 p.m.•64 views

CVE-2009-1702

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.

4.3CVSS6.5AI score0.00573EPSS

CVE•added 2009/11/13 3:30 p.m.•63 views

CVE-2009-2841

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers...

5CVSS6.8AI score0.03879EPSS

CVE•added 2009/11/13 3:30 p.m.•63 views

CVE-2009-2842

Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.

4.3CVSS5.9AI score0.00796EPSS

CVE•added 2011/07/21 11:55 p.m.•63 views

CVE-2011-1288

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2009/08/12 7:30 p.m.•59 views

CVE-2009-2195

Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.

9.3CVSS8.7AI score0.2882EPSS

CVE•added 2010/11/22 1:0 p.m.•59 views

CVE-2010-3813

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetchin...

5.8CVSS8.5AI score0.00848EPSS

CVE•added 2011/07/21 11:55 p.m.•59 views

CVE-2011-1797

9.3CVSS8.8AI score0.01413EPSS

CVE•added 2009/07/09 5:30 p.m.•58 views

CVE-2009-1724

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.

4.3CVSS6.6AI score0.01516EPSS

CVE•added 2010/03/25 9:0 p.m.•58 views

CVE-2010-1119

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database...

10CVSS8.6AI score0.28439EPSS

CVE•added 2011/07/21 11:55 p.m.•58 views

CVE-2010-1383

CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.

9.3CVSS8.5AI score0.0083EPSS

CVE•added 2011/07/21 11:55 p.m.•58 views

CVE-2011-1453

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2009/09/14 4:30 p.m.•57 views

CVE-2009-2804

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.

6.8CVSS7.9AI score0.09194EPSS

CVE•added 2009/06/15 7:30 p.m.•56 views

CVE-2009-2072

Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy serve...

5.4CVSS6.1AI score0.00041EPSS

CVE•added 2010/11/22 1:0 p.m.•56 views

CVE-2010-3816

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.

9.3CVSS8.6AI score0.10426EPSS

CVE•added 2010/11/22 1:0 p.m.•56 views

CVE-2010-3823

9.3CVSS8.6AI score0.10426EPSS

CVE•added 2011/07/21 11:55 p.m.•56 views

CVE-2011-0222

9.3CVSS8.8AI score0.58896EPSS

CVE•added 2013/03/15 8:55 p.m.•56 views

CVE-2013-0961

WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960.

6.8CVSS7.5AI score0.01189EPSS

CVE•added 2011/07/21 11:55 p.m.•55 views

CVE-2011-0253

9.3CVSS8.8AI score0.02627EPSS

CVE•added 2012/07/25 8:55 p.m.•55 views

CVE-2012-3681

9.3CVSS7.8AI score0.02826EPSS

CVE•added 2009/11/13 3:30 p.m.•54 views

CVE-2009-3384

Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.

9.3CVSS7.3AI score0.01257EPSS

CVE•added 2011/03/10 8:55 p.m.•54 views

CVE-2011-1344

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, r...

6.8CVSS9AI score0.03992EPSS

CVE•added 2011/07/21 11:55 p.m.•53 views

CVE-2011-0233

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•53 views

CVE-2011-1774

WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.

8.8CVSS6.7AI score0.81631EPSS

CVE•added 2012/07/25 8:55 p.m.•53 views

CVE-2012-3626

9.3CVSS7.8AI score0.02013EPSS

CVE•added 2012/07/25 7:55 p.m.•53 views

CVE-2012-3691

WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

5.8CVSS6AI score0.00227EPSS

CVE•added 2009/06/10 6:0 p.m.•52 views

CVE-2009-1700

The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.

4.3CVSS7.6AI score0.0088EPSS

CVE•added 2009/08/12 7:30 p.m.•52 views

CVE-2009-2199

Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.

5.8CVSS7.8AI score0.0142EPSS

CVE•added 2010/11/22 1:0 p.m.•51 views

CVE-2010-3805

Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010...

9.3CVSS8.6AI score0.12024EPSS

CVE•added 2011/03/11 10:55 p.m.•51 views

CVE-2011-0166

The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778.

5.8CVSS8AI score0.00542EPSS

CVE•added 2011/07/21 11:55 p.m.•51 views

CVE-2011-0241

Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding.

9.3CVSS7.7AI score0.08047EPSS

CVE•added 2011/07/21 11:55 p.m.•51 views

CVE-2011-1462

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2012/03/12 9:55 p.m.•51 views

CVE-2012-0647

WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

5CVSS6.2AI score0.00276EPSS

CVE•added 2013/03/15 8:55 p.m.•51 views

CVE-2013-0960

6.8CVSS7.5AI score0.01189EPSS

CVE•added 2009/06/10 6:0 p.m.•50 views

CVE-2009-1701

Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a docu...

9.3CVSS8.7AI score0.09717EPSS

CVE•added 2010/11/22 1:0 p.m.•50 views

CVE-2010-3820

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a craf...

9.3CVSS8.6AI score0.02223EPSS

CVE•added 2011/03/11 10:55 p.m.•50 views

CVE-2011-0163

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.

4.3CVSS7.9AI score0.01049EPSS

CVE•added 2011/07/21 11:55 p.m.•50 views

CVE-2011-1457

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2010/11/22 1:0 p.m.•49 views

CVE-2010-3808

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (...

9.3CVSS8.7AI score0.02551EPSS

CVE•added 2011/03/11 10:55 p.m.•49 views

CVE-2011-0160

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

5CVSS8.3AI score0.00423EPSS

CVE•added 2011/03/11 10:55 p.m.•49 views

CVE-2011-0167

The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.

4.3CVSS8.2AI score0.02629EPSS

CVE•added 2012/07/25 8:55 p.m.•49 views

CVE-2012-3674

9.3CVSS7.8AI score0.021EPSS

Total number of security vulnerabilities166