Safari

safari

Vendor: Apple • 1,598 CVEs

CVEs (1,598)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-1179 1Apple 1Safari Apr 29, 2026 Mar 29, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo e...Show more Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024.Show less
CVE-2010-1178 1Apple 1Safari Apr 29, 2026 Mar 29, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string.
CVE-2010-1177 1Apple 1Safari Apr 29, 2026 Mar 29, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted stri...Show more Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings.Show less
CVE-2010-1176 1Apple 1Safari Apr 29, 2026 Mar 29, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG...Show more Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no associated TABLE element, and certain calls to the delete operator and the cloneNode, clearAttributes, and CollectGarbage methods, possibly a related issue to CVE-2009-0075.Show less
CVE-2010-1131 1Apple 1Safari Apr 29, 2026 Mar 27, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> s...Show more JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring.Show less
CVE-2010-1120 1Apple 1Safari Apr 29, 2026 Mar 25, 2010 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010.
CVE-2010-1119 1Apple 4Iphone Os Mac Os XMac Os X Server+1 more Apr 29, 2026 Mar 25, 2010 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary...Show more Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.Show less
CVE-2010-1099 1Apple 1Safari Apr 29, 2026 Mar 24, 2010 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of...Show more Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.Show less
CVE-2010-1029 2Apple Google 2Chrome Safari Apr 29, 2026 Mar 19, 2010 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to...Show more Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.Show less
CVE-2010-0054 1Apple 1Safari Apr 29, 2026 Mar 15, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements.
CVE-2010-0053 1Apple 1Safari Apr 29, 2026 Mar 15, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style She...Show more Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property.Show less
CVE-2010-0052 1Apple 1Safari Apr 29, 2026 Mar 15, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements."
CVE-2010-0051 1Apple 1Safari Apr 29, 2026 Mar 15, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap...Show more WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.Show less
CVE-2010-0050 4Apple CanonicalFedoraproject+1 more 5Fedora Iphone OsOpensuse+2 more Apr 29, 2026 Mar 15, 2010 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
CVE-2010-0049 1Apple 1Safari Apr 29, 2026 Mar 15, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text direc...Show more Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.Show less
CVE-2010-0048 1Apple 1Safari Apr 29, 2026 Mar 15, 2010 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
CVE-2010-0047 1Apple 1Safari Apr 29, 2026 Mar 15, 2010 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback...Show more Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content."Show less
CVE-2010-0046 1Apple 1Safari Apr 29, 2026 Mar 15, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted...Show more The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.Show less
CVE-2010-0045 1Apple 1Safari Apr 29, 2026 Mar 15, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.
CVE-2010-0044 1Apple 1Safari Apr 29, 2026 Mar 15, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) A...Show more PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.Show less

Previous 1...697071...80 Next