Safari
by Apple Inc.
CVEs (1,615)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-3888 | 0.00 | — | 0.02 | Oct 25, 2011 | Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in. | |||
| CVE-2011-3887 | 0.00 | — | 0.01 | Oct 25, 2011 | Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. | |||
| CVE-2011-3885 | 0.00 | — | 0.02 | Oct 25, 2011 | Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data. | |||
| CVE-2011-3881 | 0.00 | — | 0.02 | Oct 25, 2011 | WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the… | |||
| CVE-2011-2845 | 0.00 | — | 0.01 | Oct 25, 2011 | Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. | |||
| CVE-2011-3426 | 0.00 | — | 0.02 | Oct 14, 2011 | Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header. | |||
| CVE-2011-3243 | 0.00 | — | 0.02 | Oct 14, 2011 | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. | |||
| CVE-2011-3242 | 0.00 | — | 0.01 | Oct 14, 2011 | The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. | |||
| CVE-2011-3231 | 0.00 | — | 0.01 | Oct 14, 2011 | The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. | |||
| CVE-2011-3229 | 0.00 | — | 0.02 | Oct 14, 2011 | Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. | |||
| CVE-2011-2877 | 0.00 | — | 0.01 | Oct 4, 2011 | Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font." | |||
| CVE-2011-3234 | 0.00 | — | 0.02 | Sep 19, 2011 | Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2011-2860 | 0.00 | — | 0.02 | Sep 19, 2011 | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles. | |||
| CVE-2011-2857 | 0.00 | — | 0.02 | Sep 19, 2011 | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller. | |||
| CVE-2011-2855 | 0.00 | — | 0.02 | Sep 19, 2011 | Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | |||
| CVE-2011-2854 | 0.00 | — | 0.02 | Sep 19, 2011 | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing." | |||
| CVE-2011-2847 | 0.00 | — | 0.02 | Sep 19, 2011 | Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | |||
| CVE-2011-2846 | 0.00 | — | 0.02 | Sep 19, 2011 | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling. | |||
| CVE-2011-2827 | 0.00 | — | 0.02 | Aug 29, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching. | |||
| CVE-2011-2825 | 0.00 | — | 0.02 | Aug 29, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts. |
- CVE-2011-3888Oct 25, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.
- CVE-2011-3887Oct 25, 2011risk 0.00cvss —epss 0.01
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.
- CVE-2011-3885Oct 25, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.
- CVE-2011-3881Oct 25, 2011risk 0.00cvss —epss 0.02
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the…
- CVE-2011-2845Oct 25, 2011risk 0.00cvss —epss 0.01
Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.
- CVE-2011-3426Oct 14, 2011risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.
- CVE-2011-3243Oct 14, 2011risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
- CVE-2011-3242Oct 14, 2011risk 0.00cvss —epss 0.01
The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.
- CVE-2011-3231Oct 14, 2011risk 0.00cvss —epss 0.01
The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.
- CVE-2011-3229Oct 14, 2011risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.
- CVE-2011-2877Oct 4, 2011risk 0.00cvss —epss 0.01
Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font."
- CVE-2011-3234Sep 19, 2011risk 0.00cvss —epss 0.02
Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2011-2860Sep 19, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.
- CVE-2011-2857Sep 19, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.
- CVE-2011-2855Sep 19, 2011risk 0.00cvss —epss 0.02
Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."
- CVE-2011-2854Sep 19, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."
- CVE-2011-2847Sep 19, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
- CVE-2011-2846Sep 19, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling.
- CVE-2011-2827Aug 29, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.
- CVE-2011-2825Aug 29, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.
Page 66 of 81