Safari

safari

Vendor: Apple • 1,598 CVEs

CVEs (1,598)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-5195 1Apple 3Itunes SafariWebkit Apr 29, 2026 Dec 18, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ...Show more WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.Show less
CVE-2013-7127 1Apple 2Mac Os X Safari Apr 29, 2026 Dec 17, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file.
CVE-2013-5130 1Apple 1Safari Apr 29, 2026 Oct 24, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/...Show more WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files.Show less
CVE-2013-1047 1Apple 3Iphone Os ItunesSafari Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...Show more WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.Show less
CVE-2013-1041 1Apple 3Iphone Os ItunesSafari Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...Show more WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.Show less
CVE-2013-1040 1Apple 3Iphone Os ItunesSafari Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...Show more WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.Show less
CVE-2013-1039 1Apple 3Iphone Os ItunesSafari Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...Show more WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.Show less
CVE-2013-1038 1Apple 3Iphone Os ItunesSafari Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...Show more WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.Show less
CVE-2013-1037 1Apple 3Iphone Os ItunesSafari Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...Show more WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.Show less
CVE-2013-1023 1Apple 1Safari Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability tha...Show more WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009.Show less
CVE-2013-1013 1Apple 1Safari Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors.
CVE-2013-1012 1Apple 1Safari Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.
CVE-2013-1009 1Apple 1Safari Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability tha...Show more WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023.Show less
CVE-2013-0961 1Apple 1Safari Apr 29, 2026 Mar 15, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960.
CVE-2013-0960 1Apple 1Safari Apr 29, 2026 Mar 15, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961.
CVE-2012-5851 2Apple Google 3Chrome SafariWebkit Apr 29, 2026 Nov 15, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypas...Show more html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.Show less
CVE-2012-3748 1Apple 2Iphone Os Safari Apr 29, 2026 Nov 3, 2012 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.
CVE-2012-3715 1Apple 1Safari Apr 29, 2026 Sep 20, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the ne...Show more Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network.Show less
CVE-2012-3714 1Apple 1Safari Apr 29, 2026 Sep 20, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book v...Show more The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.Show less
CVE-2012-3713 1Apple 1Safari Apr 29, 2026 Sep 20, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document.

Previous 1...525354...80 Next