Safari@4.0.0b Security Vulnerabilities and Issues — Safari@4.0.0b CVE List

Lucene search

AppleSafari4.0.0b

76 matches found

CVE•added 2010/09/10 7:0 p.m.•160 views

CVE-2010-1807

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related...

9.3CVSS8.9AI score0.80553EPSS

CVE•added 2010/06/11 7:30 p.m.•73 views

CVE-2010-1419

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close...

9.3CVSS9.1AI score0.10048EPSS

CVE•added 2010/06/11 6:0 p.m.•69 views

CVE-2010-1395

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issu...

4.3CVSS7AI score0.01195EPSS

CVE•added 2010/06/11 7:30 p.m.•65 views

CVE-2010-0544

4.3CVSS5.2AI score0.00763EPSS

CVE•added 2010/06/11 6:0 p.m.•63 views

CVE-2010-1750

Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.

9.3CVSS7.6AI score0.05719EPSS

CVE•added 2010/07/30 8:30 p.m.•63 views

CVE-2010-1792

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.

9.3CVSS9.2AI score0.06539EPSS

CVE•added 2010/03/15 1:28 p.m.•62 views

CVE-2010-0046

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.

9.3CVSS8.9AI score0.09029EPSS

CVE•added 2010/07/30 8:30 p.m.•62 views

CVE-2010-1783

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory co...

9.3CVSS9.2AI score0.04924EPSS

CVE•added 2010/07/30 8:30 p.m.•62 views

CVE-2010-1784

The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of servi...

9.3CVSS9.2AI score0.04924EPSS

CVE•added 2010/06/11 6:0 p.m.•61 views

CVE-2010-1401

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vec...

9.3CVSS9AI score0.10956EPSS

CVE•added 2010/03/15 2:15 p.m.•60 views

CVE-2010-0051

WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.

4.3CVSS7.3AI score0.02404EPSS

CVE•added 2010/06/11 6:0 p.m.•60 views

CVE-2010-1393

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.

4.3CVSS8.3AI score0.01392EPSS

CVE•added 2010/06/11 7:30 p.m.•60 views

CVE-2010-2264

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages ...

4.3CVSS7.4AI score0.00732EPSS

CVE•added 2010/06/11 6:0 p.m.•59 views

CVE-2010-1414

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.

9.3CVSS9.1AI score0.13965EPSS

CVE•added 2010/07/30 8:30 p.m.•59 views

CVE-2010-1782

9.3CVSS9.3AI score0.06539EPSS

CVE•added 2010/03/25 9:0 p.m.•58 views

CVE-2010-1119

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database...

10CVSS8.6AI score0.28439EPSS

CVE•added 2010/03/15 1:28 p.m.•57 views

CVE-2010-0040

Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.

9.3CVSS8.8AI score0.19782EPSS

CVE•added 2010/06/11 6:0 p.m.•57 views

CVE-2010-1390

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of...

4.3CVSS7.1AI score0.01195EPSS

CVE•added 2010/06/11 6:0 p.m.•57 views

CVE-2010-1749

9.3CVSS8.6AI score0.12597EPSS

CVE•added 2010/06/11 7:30 p.m.•57 views

CVE-2010-1771

9.3CVSS8.7AI score0.08537EPSS

CVE•added 2010/07/30 8:30 p.m.•57 views

CVE-2010-1785

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote atta...

9.3CVSS9.1AI score0.07555EPSS

CVE•added 2010/07/30 8:30 p.m.•57 views

CVE-2010-1786

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject elemen...

9.3CVSS9.1AI score0.06495EPSS

CVE•added 2010/06/11 6:0 p.m.•56 views

CVE-2010-1396

9.3CVSS8.6AI score0.07407EPSS

CVE•added 2010/06/11 6:0 p.m.•56 views

CVE-2010-1417

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content ...

9.3CVSS8.9AI score0.08544EPSS

CVE•added 2010/06/11 7:30 p.m.•56 views

CVE-2010-1759

9.3CVSS8.7AI score0.48797EPSS

CVE•added 2010/03/15 2:15 p.m.•55 views

CVE-2010-0052

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements."

9.3CVSS8.6AI score0.08537EPSS

CVE•added 2010/06/11 6:0 p.m.•55 views

CVE-2010-1402

Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, ...

9.3CVSS9.1AI score0.10956EPSS

CVE•added 2010/06/11 6:0 p.m.•55 views

CVE-2010-1404

9.3CVSS9.2AI score0.12489EPSS

CVE•added 2010/06/11 7:30 p.m.•55 views

CVE-2010-1758

9.3CVSS8.7AI score0.13965EPSS

CVE•added 2010/06/11 6:0 p.m.•54 views

CVE-2010-1389

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for...

4.3CVSS7.1AI score0.01007EPSS

CVE•added 2010/06/11 6:0 p.m.•54 views

CVE-2010-1391

Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors invol...

4.3CVSS8.9AI score0.00565EPSS

CVE•added 2010/06/11 6:0 p.m.•54 views

CVE-2010-1416

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted ...

4.3CVSS7.8AI score0.01397EPSS

CVE•added 2010/06/11 6:0 p.m.•53 views

CVE-2010-1397

9.3CVSS8.7AI score0.12489EPSS

CVE•added 2010/06/11 6:0 p.m.•53 views

CVE-2010-1398

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft...

9.3CVSS8.8AI score0.09518EPSS

CVE•added 2010/06/11 6:0 p.m.•53 views

CVE-2010-1409

Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.

5.8CVSS8.1AI score0.00883EPSS

CVE•added 2010/06/11 6:0 p.m.•53 views

CVE-2010-1415

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API ...

9.3CVSS9AI score0.34318EPSS

CVE•added 2010/06/11 7:30 p.m.•53 views

CVE-2010-1418

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preced...

4.3CVSS6.8AI score0.01199EPSS

CVE•added 2010/06/11 7:30 p.m.•53 views

CVE-2010-1761

9.3CVSS8.6AI score0.08374EPSS

CVE•added 2010/07/30 8:30 p.m.•53 views

CVE-2010-1780

9.3CVSS9.1AI score0.06495EPSS

CVE•added 2010/07/30 8:30 p.m.•53 views

CVE-2010-1788

9.3CVSS9.3AI score0.06539EPSS

CVE•added 2010/03/15 2:15 p.m.•52 views

CVE-2010-0049

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.

9.3CVSS8.6AI score0.36531EPSS

CVE•added 2010/06/11 6:0 p.m.•52 views

CVE-2010-1410

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.

9.3CVSS9.3AI score0.16558EPSS

CVE•added 2010/06/11 7:30 p.m.•52 views

CVE-2010-1774

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML d...

9.3CVSS8.6AI score0.05917EPSS

CVE•added 2010/07/30 8:30 p.m.•52 views

CVE-2010-1793

Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-f...

9.3CVSS9.3AI score0.41148EPSS

CVE•added 2010/09/10 7:0 p.m.•52 views

CVE-2010-1806

Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.

9.3CVSS7.7AI score0.04936EPSS

CVE•added 2010/03/15 1:28 p.m.•51 views

CVE-2010-0043

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

9.3CVSS8.8AI score0.16213EPSS

CVE•added 2010/06/11 6:0 p.m.•51 views

CVE-2010-1388

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document.

4.3CVSS7.7AI score0.0086EPSS

CVE•added 2010/06/11 6:0 p.m.•51 views

CVE-2010-1403

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application cras...

9.3CVSS9AI score0.16559EPSS

CVE•added 2010/07/30 8:30 p.m.•51 views

CVE-2010-1791

Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.

9.3CVSS9.1AI score0.10309EPSS

CVE•added 2010/03/15 2:15 p.m.•50 views

CVE-2010-0053

9.3CVSS8.6AI score0.06495EPSS

Total number of security vulnerabilities76