Safari

safari

Vendor: Apple • 1,598 CVEs

CVEs (1,598)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-3968 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Feb 9, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token seq...Show more Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.Show less
CVE-2011-3966 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Feb 9, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sh...Show more Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data.Show less
CVE-2011-3958 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Feb 9, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a c...Show more Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.Show less
CVE-2011-3928 2Apple Google 3Chrome Iphone OsSafari Apr 29, 2026 Jan 24, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
CVE-2011-3926 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Jan 24, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-3924 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Jan 24, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.
CVE-2011-3913 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Dec 13, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling.
CVE-2011-3909 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Dec 13, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corrupt...Show more The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.Show less
CVE-2011-3908 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Dec 13, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-4692 2Apple Google 3Chrome SafariWebkit Apr 29, 2026 Dec 7, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whet...Show more WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.Show less
CVE-2010-5070 1Apple 1Safari Apr 29, 2026 Dec 7, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information...Show more The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073.Show less
CVE-2011-3897 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Nov 11, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.
CVE-2011-3888 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Oct 25, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in...Show more Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.Show less
CVE-2011-3887 2Apple Google 3Chrome Iphone OsSafari Apr 29, 2026 Oct 25, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.
CVE-2011-3885 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Oct 25, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) t...Show more Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.Show less
CVE-2011-3881 2Apple Google 4Android ChromeIphone Os+1 more Apr 29, 2026 Oct 25, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::cle...Show more WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function.Show less
CVE-2011-2845 2Apple Google 3Chrome Iphone OsSafari Apr 29, 2026 Oct 25, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.
CVE-2011-3243 1Apple 2Iphone Os Safari Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
CVE-2011-3242 1Apple 1Safari Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.
CVE-2011-3231 1Apple 1Safari Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a craft...Show more The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.Show less

Previous 1...596061...80 Next