Safari

safari

Vendor: Apple • 1,598 CVEs

CVEs (1,598)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-3589 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than...Show more WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.Show less
CVE-2012-1520 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than...Show more WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.Show less
CVE-2012-0683 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than...Show more WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.Show less
CVE-2012-0682 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than...Show more WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.Show less
CVE-2012-3697 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 7.1 HIGH· v2 WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise.
CVE-2012-3696 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSock...Show more CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling.Show less
CVE-2012-3695 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location...Show more Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property.Show less
CVE-2012-3694 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site.
CVE-2012-3693 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unic...Show more Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs.Show less
CVE-2012-3691 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2012-3690 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site.
CVE-2012-3689 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2012-3650 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
CVE-2012-0680 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation.
CVE-2012-0679 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL.
CVE-2012-0678 1Apple 1Safari Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL.
CVE-2012-0676 1Apple 1Safari Apr 29, 2026 May 11, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified...Show more WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.Show less
CVE-2012-1521 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 May 1, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-3081 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 May 1, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a differe...Show more Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.Show less
CVE-2011-3078 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 May 1, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a differe...Show more Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.Show less

Previous 1...565758...80 Next