Filtered by vendor Apple
Subscriptions
Filtered by product Safari
Subscriptions
Total
1466 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-0160 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2024-08-06 | N/A |
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | ||||
CVE-2011-0163 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2024-08-06 | N/A |
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. | ||||
CVE-2011-0161 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2024-08-06 | N/A |
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. | ||||
CVE-2011-0167 | 1 Apple | 2 Safari, Webkit | 2024-08-06 | N/A |
The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. | ||||
CVE-2011-0215 | 2 Apple, Microsoft | 5 Imageio, Safari, Windows 7 and 2 more | 2024-08-06 | N/A |
ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file. | ||||
CVE-2011-0221 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2024-08-06 | N/A |
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | ||||
CVE-2011-0223 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2024-08-06 | N/A |
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | ||||
CVE-2011-0216 | 3 Apple, Microsoft, Redhat | 5 Safari, Windows 7, Windows Vista and 2 more | 2024-08-06 | N/A |
Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. | ||||
CVE-2011-0169 | 1 Apple | 2 Safari, Webkit | 2024-08-06 | N/A |
WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. | ||||
CVE-2011-0132 | 2 Apple, Microsoft | 7 Itunes, Safari, Webkit and 4 more | 2024-08-06 | N/A |
Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
CVE-2011-0115 | 2 Apple, Microsoft | 7 Itunes, Safari, Webkit and 4 more | 2024-08-06 | N/A |
The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
CVE-2012-5851 | 2 Apple, Google | 3 Safari, Webkit, Chrome | 2024-08-06 | N/A |
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108. | ||||
CVE-2012-3748 | 1 Apple | 2 Iphone Os, Safari | 2024-08-06 | N/A |
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. | ||||
CVE-2012-3682 | 1 Apple | 1 Safari | 2024-08-06 | N/A |
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | ||||
CVE-2012-3714 | 1 Apple | 1 Safari | 2024-08-06 | N/A |
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site. | ||||
CVE-2012-3696 | 1 Apple | 1 Safari | 2024-08-06 | N/A |
CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling. | ||||
CVE-2012-3655 | 1 Apple | 1 Safari | 2024-08-06 | N/A |
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | ||||
CVE-2012-3713 | 1 Apple | 1 Safari | 2024-08-06 | N/A |
Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document. | ||||
CVE-2012-3693 | 1 Apple | 1 Safari | 2024-08-06 | N/A |
Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs. | ||||
CVE-2012-3686 | 1 Apple | 1 Safari | 2024-08-06 | N/A |
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. |