Safari Security Vulnerabilities and Issues — Safari CVE List

Lucene search

AppleSafari

27 matches found

CVE•added 2010/03/19 9:30 p.m.•81 views

CVE-2010-1029

Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary co...

5CVSS8.7AI score0.3762EPSS

CVE•added 2010/03/15 2:15 p.m.•67 views

CVE-2010-0050

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.

9.3CVSS8.6AI score0.45126EPSS

CVE•added 2010/03/15 1:28 p.m.•63 views

CVE-2010-0046

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.

9.3CVSS8.9AI score0.09029EPSS

CVE•added 2010/03/15 2:15 p.m.•61 views

CVE-2010-0051

WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.

4.3CVSS7.3AI score0.02404EPSS

CVE•added 2010/03/25 9:0 p.m.•59 views

CVE-2010-1119

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database...

10CVSS8.6AI score0.24416EPSS

CVE•added 2010/03/15 1:28 p.m.•58 views

CVE-2010-0040

Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.

9.3CVSS8.8AI score0.19782EPSS

CVE•added 2010/03/24 10:45 p.m.•57 views

CVE-2010-1099

Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.

5CVSS6.5AI score0.00158EPSS

CVE•added 2010/03/15 2:15 p.m.•56 views

CVE-2010-0052

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements."

9.3CVSS8.6AI score0.08537EPSS

CVE•added 2010/03/15 1:28 p.m.•54 views

CVE-2010-0048

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

9.3CVSS8.6AI score0.04724EPSS

CVE•added 2010/03/15 1:28 p.m.•53 views

CVE-2010-0043

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

9.3CVSS8.8AI score0.16213EPSS

CVE•added 2010/03/15 2:15 p.m.•53 views

CVE-2010-0049

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.

9.3CVSS8.6AI score0.36531EPSS

CVE•added 2010/03/15 2:15 p.m.•51 views

CVE-2010-0053

9.3CVSS8.6AI score0.06495EPSS

CVE•added 2010/03/15 2:15 p.m.•51 views

CVE-2010-0054

9.3CVSS8.6AI score0.08537EPSS

CVE•added 2010/03/15 1:28 p.m.•48 views

CVE-2010-0041

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.

4.3CVSS7.8AI score0.01191EPSS

CVE•added 2010/03/15 1:28 p.m.•48 views

CVE-2010-0047

9.3CVSS8.6AI score0.06257EPSS

CVE•added 2010/03/15 1:28 p.m.•46 views

CVE-2010-0044

PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.

4.3CVSS8AI score0.00464EPSS

CVE•added 2010/03/15 1:28 p.m.•46 views

CVE-2010-0045

Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.

9.3CVSS8.2AI score0.02733EPSS

CVE•added 2010/03/15 1:28 p.m.•45 views

CVE-2010-0042

4.3CVSS7.8AI score0.00957EPSS

CVE•added 2010/03/03 7:30 p.m.•44 views

CVE-2010-0925

cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element.

5CVSS6.4AI score0.00481EPSS

CVE•added 2010/03/27 7:7 p.m.•44 views

CVE-2010-1131

JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the substring.

4.3CVSS6.2AI score0.02854EPSS

CVE•added 2010/03/29 7:30 p.m.•44 views

CVE-2010-1180

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514.

9.3CVSS8AI score0.05131EPSS

CVE•added 2010/03/25 9:0 p.m.•43 views

CVE-2010-1120

Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010.

10CVSS7.4AI score0.03026EPSS

CVE•added 2010/03/29 7:30 p.m.•43 views

CVE-2010-1177

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings.

9.3CVSS8AI score0.04442EPSS

CVE•added 2010/03/29 7:30 p.m.•40 views

CVE-2010-1176

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no ...

9.3CVSS7.9AI score0.85286EPSS

CVE•added 2010/03/29 7:30 p.m.•40 views

CVE-2010-1179

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024.

9.3CVSS7.8AI score0.32195EPSS

CVE•added 2010/03/03 7:30 p.m.•39 views

CVE-2010-0924

cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element.

5CVSS6.3AI score0.00481EPSS

CVE•added 2010/03/29 7:30 p.m.•31 views

CVE-2010-1178

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string.

4.3CVSS6.3AI score0.0045EPSS