Safari

safari

Vendor: Apple • 1,598 CVEs

CVEs (1,598)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-0043 1Apple 1Safari Apr 29, 2026 Mar 15, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
CVE-2010-0042 1Apple 1Safari Apr 29, 2026 Mar 15, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information fr...Show more ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.Show less
CVE-2010-0041 1Apple 1Safari Apr 29, 2026 Mar 15, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information fr...Show more ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.Show less
CVE-2010-0040 1Apple 1Safari Apr 29, 2026 Mar 15, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted...Show more Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.Show less
CVE-2010-0925 1Apple 1Safari Apr 29, 2026 Mar 3, 2010 N/A· v4 N/A· v3 5.0 MEDIUM· v2 cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a...Show more cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element.Show less
CVE-2010-0924 1Apple 1Safari Apr 29, 2026 Mar 3, 2010 N/A· v4 N/A· v3 5.0 MEDIUM· v2 cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROU...Show more cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element.Show less
CVE-2010-0651 2Apple Google 3Chrome SafariWebkit Apr 29, 2026 Feb 18, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesh...Show more WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.Show less
CVE-2010-0650 3Apple CanonicalGoogle 3Chrome SafariUbuntu Linux Apr 29, 2026 Feb 18, 2010 N/A· v4 N/A· v3 2.6 LOW· v2 WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.
CVE-2010-0314 1Apple 1Safari Apr 23, 2026 Jan 14, 2010 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading t...Show more Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.Show less
CVE-2009-4186 1Apple 1Safari Apr 23, 2026 Dec 3, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background prop...Show more Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.Show less
CVE-2009-3384 1Apple 1Safari Apr 23, 2026 Nov 13, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information vi...Show more Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.Show less
CVE-2009-2842 1Apple 1Safari Apr 23, 2026 Nov 13, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.
CVE-2009-2841 1Apple 1Safari Apr 23, 2026 Nov 13, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elem...Show more The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.Show less
CVE-2009-2816 4Apple FedoraprojectGoogle+1 more 5Chrome FedoraIphone Os+2 more Apr 23, 2026 Nov 13, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-ori...Show more The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.Show less
CVE-2009-3455 1Apple 1Safari Apr 23, 2026 Sep 29, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spo...Show more Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Show less
CVE-2009-3272 1Apple 1Safari Apr 23, 2026 Sep 21, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that c...Show more Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.Show less
CVE-2009-3271 1Apple 2Iphone Os Safari Apr 23, 2026 Sep 21, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.
CVE-2009-2804 1Apple 3Mac Os X Mac Os X ServerSafari Apr 23, 2026 Sep 14, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Col...Show more Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.Show less
CVE-2009-3016 1Apple 1Safari Apr 23, 2026 Aug 31, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting...Show more Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.Show less
CVE-2009-2200 1Apple 1Safari Apr 23, 2026 Aug 12, 2009 N/A· v4 N/A· v3 7.1 HIGH· v2 WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensit...Show more WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.Show less

Previous 1...707172...80 Next