| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-3697 |
264 |
|
Bypass |
2012-07-25 |
2012-07-30 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise. |
|
2 |
CVE-2011-3845 |
399 |
|
Exec Code |
2012-03-07 |
2012-03-08 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins. |
|
3 |
CVE-2011-3443 |
399 |
|
DoS Exec Code Mem. Corr. |
2012-03-01 |
2012-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors related to improper list management for Cascading Style Sheets (CSS) @font-face rules. |
|
4 |
CVE-2011-1295 |
20 |
|
DoS XSS |
2011-03-25 |
2012-01-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors. |
|
5 |
CVE-2011-0132 |
399 |
|
DoS Exec Code Mem. Corr. |
2011-03-03 |
2011-03-17 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. |
|
6 |
CVE-2011-0115 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-03-03 |
2011-03-17 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. |
|
7 |
CVE-2010-1939 |
399 |
|
Exec Code |
2010-05-13 |
2010-08-21 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. |
|
8 |
CVE-2009-3455 |
310 |
|
|
2009-09-29 |
2009-09-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
|
9 |
CVE-2009-2200 |
200 |
|
+Info |
2009-08-12 |
2011-02-17 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. |
|
10 |
CVE-2009-2027 |
264 |
|
+Priv |
2009-06-10 |
2009-07-15 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. |
|
11 |
CVE-2009-1718 |
200 |
|
+Info |
2009-06-10 |
2011-02-17 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. |
|
12 |
CVE-2009-1713 |
200 |
|
+Info |
2009-06-10 |
2011-02-17 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors. |
|
13 |
CVE-2009-1703 |
200 |
|
+Info |
2009-06-10 |
2011-02-17 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document. |
|
14 |
CVE-2009-1699 |
200 |
1
|
+Info |
2009-06-10 |
2012-03-30 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack." |
|
15 |
CVE-2009-1692 |
399 |
1
|
DoS |
2009-06-19 |
2012-03-30 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object. |
|
16 |
CVE-2009-0123 |
200 |
|
+Info |
2009-01-15 |
2009-01-22 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. |
|
17 |
CVE-2007-4699 |
264 |
|
Bypass |
2007-11-14 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. |
|
18 |
CVE-2007-3718 |
|
|
|
2007-07-12 |
2008-11-15 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher. |
|
19 |
CVE-2007-3482 |
79 |
|
XSS Bypass |
2007-06-28 |
2008-11-15 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. |
|
20 |
CVE-2007-3284 |
|
|
DoS |
2007-06-19 |
2012-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. |
|
21 |
CVE-2007-3274 |
|
|
DoS |
2007-06-19 |
2012-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. |
|
22 |
CVE-2007-3187 |
|
|
DoS Exec Code Mem. Corr. |
2007-06-12 |
2008-11-15 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. |
|
23 |
CVE-2007-3185 |
399 |
|
DoS Mem. Corr. |
2007-06-12 |
2008-11-15 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. |
|
24 |
CVE-2007-2398 |
|
|
|
2007-06-21 |
2012-10-30 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
Complete |
None |
|
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. |
|
25 |
CVE-2007-2175 |
|
|
Exec Code |
2007-04-24 |
2008-09-05 |
7.6 |
Admin |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007. |
|
26 |
CVE-2007-0646 |
134 |
|
DoS |
2007-01-31 |
2008-09-05 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function. |
|
27 |
CVE-2007-0644 |
|
|
DoS |
2007-01-31 |
2008-09-05 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. |
|
28 |
CVE-2006-3946 |
119 |
|
DoS Exec Code Overflow |
2006-07-31 |
2011-06-20 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. |
|
29 |
CVE-2006-1987 |
|
|
DoS Exec Code |
2006-04-21 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which vector is responsible. |
|
30 |
CVE-2006-1986 |
|
|
DoS Exec Code |
2006-04-21 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl. |
|
31 |
CVE-2005-4504 |
|
|
DoS |
2005-12-22 |
2008-09-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag. |
|
32 |
CVE-2005-3897 |
|
|
DoS |
2005-11-29 |
2008-09-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function. |
|
33 |
CVE-2005-2516 |
|
|
Exec Code |
2005-08-19 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands. |
|
34 |
CVE-2004-1314 |
|
|
|
2005-01-10 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122. |
|
35 |
CVE-2004-1122 |
|
|
|
2005-01-10 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314. |
|
36 |
CVE-2004-0720 |
|
|
|
2004-07-27 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. |
|
37 |
CVE-2003-0514 |
|
|
Dir. Trav. Bypass |
2004-04-15 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. |
|
38 |
CVE-2003-0370 |
|
|
|
2003-06-16 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. |
