CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Safari : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-9895 416 Exec Code 2020-10-16 2020-10-20
7.5
None Remote Low Not required Partial Partial Partial
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
2 CVE-2020-9850 Exec Code 2020-06-09 2020-10-16
7.5
None Remote Low Not required Partial Partial Partial
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.
3 CVE-2020-3864 346 2020-10-27 2021-05-18
7.2
None Local Low Not required Complete Complete Complete
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.
4 CVE-2019-8749 20 Mem. Corr. 2020-10-27 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.
5 CVE-2017-17821 119 DoS Overflow 2017-12-21 2018-01-10
7.5
None Remote Low Not required Partial Partial Partial
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length.
6 CVE-2017-5949 787 DoS 2017-04-03 2017-04-11
7.5
None Remote Low Not required Partial Partial Partial
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm.
7 CVE-2016-1771 19 DoS 2016-03-24 2017-03-24
7.1
None Remote Medium Not required None None Complete
The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site.
8 CVE-2014-4466 399 DoS Exec Code Mem. Corr. 2014-12-10 2019-03-08
7.5
None Remote Low Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
9 CVE-2014-3192 416 DoS 2014-10-08 2019-03-08
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
10 CVE-2012-3697 264 Bypass 2012-07-25 2012-07-30
7.1
None Remote Medium Not required Complete None None
WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise.
11 CVE-2012-0637 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-01-06
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
12 CVE-2012-0636 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-01-06
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
13 CVE-2011-3966 416 DoS 2012-02-09 2020-05-07
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data.
14 CVE-2011-3928 416 DoS 2012-01-24 2020-05-07
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
15 CVE-2011-3926 787 DoS Overflow 2012-01-24 2020-05-07
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
16 CVE-2011-3924 416 DoS 2012-01-24 2020-05-07
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.
17 CVE-2011-3913 416 DoS 2011-12-13 2020-05-08
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling.
18 CVE-2011-3885 416 DoS 2011-10-25 2020-05-11
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.
19 CVE-2011-3845 399 Exec Code 2012-03-08 2018-01-05
7.6
None Remote High Not required Complete Complete Complete
Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins.
20 CVE-2011-3443 399 DoS Exec Code Mem. Corr. 2012-03-02 2012-03-02
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors related to improper list management for Cascading Style Sheets (CSS) @font-face rules.
21 CVE-2011-3064 416 DoS 2012-03-30 2020-04-14
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.
22 CVE-2011-3021 416 DoS 2012-02-16 2020-04-16
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.
23 CVE-2011-2860 416 DoS 2011-09-19 2020-05-08
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.
24 CVE-2011-2827 416 DoS 2011-08-29 2020-05-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.
25 CVE-2011-2823 416 DoS 2011-08-29 2020-05-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.
26 CVE-2011-1451 20 DoS 2011-05-03 2020-05-22
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."
27 CVE-2011-1296 20 DoS 2011-03-25 2020-05-29
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
28 CVE-2011-1295 20 DoS XSS 2011-03-25 2020-05-29
7.5
None Remote Low Not required Partial Partial Partial
WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors.
29 CVE-2011-1293 416 DoS 2011-03-25 2020-05-29
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
30 CVE-2011-1203 DoS 2011-03-11 2020-06-03
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
31 CVE-2011-1188 DoS Mem. Corr. 2011-03-11 2020-06-03
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
32 CVE-2011-1121 190 DoS Overflow 2011-03-01 2020-06-04
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element.
33 CVE-2011-1117 DoS 2011-03-01 2020-06-04
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes."
34 CVE-2011-1115 DoS 2011-03-01 2020-06-04
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
35 CVE-2011-1114 DoS 2011-03-01 2020-06-04
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."
36 CVE-2011-1109 20 DoS 2011-03-01 2020-06-03
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
37 CVE-2011-0983 20 DoS 2011-02-10 2020-06-04
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
38 CVE-2011-0981 20 DoS 2011-02-10 2020-06-04
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
39 CVE-2010-4494 415 DoS 2010-12-07 2020-07-31
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
40 CVE-2010-1205 120 Exec Code Overflow 2010-06-30 2020-08-14
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
41 CVE-2009-3455 310 2009-09-29 2009-09-30
7.5
None Remote Low Not required Partial Partial Partial
Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
42 CVE-2009-2027 264 +Priv 2009-06-10 2017-08-17
7.2
None Local Low Not required Complete Complete Complete
The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method.
43 CVE-2009-1718 200 +Info 2009-06-10 2011-02-17
7.1
None Remote Medium Not required Complete None None
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.
44 CVE-2009-1713 200 +Info 2009-06-10 2017-08-17
7.1
None Remote Medium Not required Complete None None
The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.
45 CVE-2009-1703 200 +Info 2009-06-10 2011-02-17
7.1
None Remote Medium Not required Complete None None
WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document.
46 CVE-2009-1699 200 +Info 2009-06-10 2017-09-29
7.1
None Remote Medium Not required Complete None None
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
47 CVE-2009-1692 399 DoS 2009-06-19 2018-10-10
7.1
None Remote Medium Not required None None Complete
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
48 CVE-2009-0946 190 Exec Code Overflow 2009-04-17 2021-04-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
49 CVE-2007-3718 2007-07-12 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher.
50 CVE-2007-3284 DoS 2007-06-19 2012-10-31
7.8
None Remote Low Not required None None Complete
corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name.
Total number of vulnerabilities : 65   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.