Safari@4.0.1 Security Vulnerabilities and Issues — Page 2 of Safari@4.0.1 CVE List

Lucene search

AppleSafari4.0.1

182 matches found

CVE•added 2010/06/11 6:0 p.m.•53 views

CVE-2010-1415

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API ...

9.3CVSS9AI score0.34318EPSS

CVE•added 2010/06/11 7:30 p.m.•53 views

CVE-2010-1418

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preced...

4.3CVSS6.8AI score0.01199EPSS

CVE•added 2010/06/11 7:30 p.m.•53 views

CVE-2010-1761

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees.

9.3CVSS8.6AI score0.08374EPSS

CVE•added 2010/07/30 8:30 p.m.•53 views

CVE-2010-1780

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to ele...

9.3CVSS9.1AI score0.06495EPSS

CVE•added 2010/07/30 8:30 p.m.•53 views

CVE-2010-1788

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document...

9.3CVSS9.3AI score0.06539EPSS

CVE•added 2012/07/25 8:55 p.m.•53 views

CVE-2012-3626

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.02013EPSS

CVE•added 2012/07/25 7:55 p.m.•53 views

CVE-2012-3691

WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

5.8CVSS6AI score0.00227EPSS

CVE•added 2009/08/12 7:30 p.m.•52 views

CVE-2009-2199

Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.

5.8CVSS7.8AI score0.0142EPSS

CVE•added 2010/03/15 2:15 p.m.•52 views

CVE-2010-0049

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.

9.3CVSS8.6AI score0.36531EPSS

CVE•added 2010/06/11 6:0 p.m.•52 views

CVE-2010-1410

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.

9.3CVSS9.3AI score0.16558EPSS

CVE•added 2010/06/11 7:30 p.m.•52 views

CVE-2010-1774

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML d...

9.3CVSS8.6AI score0.05917EPSS

CVE•added 2010/07/30 8:30 p.m.•52 views

CVE-2010-1793

Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-f...

9.3CVSS9.3AI score0.41148EPSS

CVE•added 2010/09/10 7:0 p.m.•52 views

CVE-2010-1806

Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.

9.3CVSS7.7AI score0.04936EPSS

CVE•added 2010/03/15 1:28 p.m.•51 views

CVE-2010-0043

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

9.3CVSS8.8AI score0.16213EPSS

CVE•added 2010/06/11 6:0 p.m.•51 views

CVE-2010-1388

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document.

4.3CVSS7.7AI score0.0086EPSS

CVE•added 2010/06/11 6:0 p.m.•51 views

CVE-2010-1403

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application cras...

9.3CVSS9AI score0.16559EPSS

CVE•added 2010/07/30 8:30 p.m.•51 views

CVE-2010-1791

Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.

9.3CVSS9.1AI score0.10309EPSS

CVE•added 2012/03/12 9:55 p.m.•51 views

CVE-2012-0647

WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

5CVSS6.2AI score0.00276EPSS

CVE•added 2013/03/15 8:55 p.m.•51 views

CVE-2013-0960

WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961.

6.8CVSS7.5AI score0.01189EPSS

CVE•added 2010/03/15 2:15 p.m.•50 views

CVE-2010-0053

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property.

9.3CVSS8.6AI score0.06495EPSS

CVE•added 2010/03/15 2:15 p.m.•50 views

CVE-2010-0054

9.3CVSS8.6AI score0.08537EPSS

CVE•added 2010/06/11 6:0 p.m.•50 views

CVE-2010-1408

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this ma...

4.3CVSS8.2AI score0.00443EPSS

CVE•added 2010/06/11 6:0 p.m.•50 views

CVE-2010-1422

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document...

4.3CVSS7.8AI score0.01082EPSS

CVE•added 2010/07/30 8:30 p.m.•50 views

CVE-2010-1787

9.3CVSS9.3AI score0.06539EPSS

CVE•added 2010/06/11 6:0 p.m.•49 views

CVE-2010-1394

4.3CVSS7AI score0.01195EPSS

CVE•added 2010/06/11 6:0 p.m.•49 views

CVE-2010-1399

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via...

9.3CVSS8.5AI score0.0656EPSS

CVE•added 2010/06/11 6:0 p.m.•49 views

CVE-2010-1406

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive in...

4.3CVSS8.2AI score0.00762EPSS

CVE•added 2010/07/30 8:30 p.m.•49 views

CVE-2010-1790

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (...

9.3CVSS9AI score0.03785EPSS

CVE•added 2010/09/10 7:0 p.m.•49 views

CVE-2010-1805

Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari.

6.9CVSS6.1AI score0.00053EPSS

CVE•added 2012/07/25 8:55 p.m.•49 views

CVE-2012-3674

9.3CVSS7.8AI score0.021EPSS

CVE•added 2010/06/11 6:0 p.m.•48 views

CVE-2010-1412

9.3CVSS8.6AI score0.16215EPSS

CVE•added 2012/07/25 8:55 p.m.•48 views

CVE-2012-3611

9.3CVSS7.8AI score0.02013EPSS

CVE•added 2012/07/25 8:55 p.m.•48 views

CVE-2012-3664

9.3CVSS7.8AI score0.02826EPSS

CVE•added 2009/08/12 7:30 p.m.•47 views

CVE-2009-2196

Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.

5CVSS6.3AI score0.16946EPSS

CVE•added 2010/03/15 1:28 p.m.•47 views

CVE-2010-0041

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.

4.3CVSS7.8AI score0.01191EPSS

CVE•added 2010/03/15 1:28 p.m.•47 views

CVE-2010-0047

9.3CVSS8.6AI score0.06257EPSS

CVE•added 2010/06/11 7:30 p.m.•47 views

CVE-2010-1762

4.3CVSS6.7AI score0.00908EPSS

CVE•added 2010/06/11 7:30 p.m.•47 views

CVE-2010-1764

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.

4.3CVSS8.1AI score0.00905EPSS

CVE•added 2010/07/30 8:30 p.m.•47 views

CVE-2010-1778

Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.

4.3CVSS6.7AI score0.00277EPSS

CVE•added 2010/07/30 8:30 p.m.•47 views

CVE-2010-1789

Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.

9.3CVSS8.7AI score0.14348EPSS

CVE•added 2011/10/14 10:55 a.m.•47 views

CVE-2011-3230

Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.

6.8CVSS7.3AI score0.72026EPSS

CVE•added 2011/10/14 10:55 a.m.•47 views

CVE-2011-3242

The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.

5CVSS6.2AI score0.0043EPSS

CVE•added 2012/07/25 7:55 p.m.•47 views

CVE-2012-0680

Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation.

5CVSS6.4AI score0.00498EPSS

CVE•added 2012/07/25 8:55 p.m.•47 views

CVE-2012-3634

9.3CVSS7.8AI score0.02826EPSS

CVE•added 2012/07/25 8:55 p.m.•47 views

CVE-2012-3645

9.3CVSS7.8AI score0.021EPSS

CVE•added 2010/06/11 6:0 p.m.•46 views

CVE-2010-1384

Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.

4.3CVSS6.1AI score0.01306EPSS

CVE•added 2010/06/11 6:0 p.m.•46 views

CVE-2010-1392

9.3CVSS8.6AI score0.07914EPSS

CVE•added 2010/06/11 6:0 p.m.•46 views

CVE-2010-1400

9.3CVSS8.6AI score0.14566EPSS

CVE•added 2010/06/11 7:30 p.m.•46 views

CVE-2010-1421

The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document.

4.3CVSS7.8AI score0.03913EPSS

CVE•added 2012/07/25 8:55 p.m.•46 views

CVE-2012-3665

9.3CVSS7.8AI score0.02826EPSS

Total number of security vulnerabilities182