Apple Safari vulnerabilities
1,592 known vulnerabilities affecting apple/safari.
Total CVEs
1,592
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1
Vulnerabilities
Page 60 of 80
CVE-2012-0678MEDIUMCVSS 4.3≤ 5.1.7v1.0+75 more2012-07-25
CVE-2012-0678 [MEDIUM] CWE-79 CVE-2012-0678: Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to injec
Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL.
nvd
CVE-2012-0676MEDIUMCVSS 5.0≤ 5.1.6v1.0+74 more2012-05-11
CVE-2012-0676 [MEDIUM] CWE-20 CVE-2012-0676: WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing
WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.
nvd
CVE-2011-3081CRITICALCVSS 9.3fixed in 6.02012-05-01
CVE-2011-3081 [CRITICAL] CVE-2011-3081: Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.
nvd
CVE-2012-1521MEDIUMCVSS 6.8fixed in 6.02012-05-01
CVE-2012-1521 [MEDIUM] CWE-416 CVE-2012-1521: Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote a
Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
nvd
CVE-2011-3078MEDIUMCVSS 6.8fixed in 6.02012-05-01
CVE-2011-3078 [MEDIUM] CWE-416 CVE-2011-3078: Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.
nvd
CVE-2011-3071MEDIUMCVSS 6.8fixed in 6.02012-04-05
CVE-2011-3071 [MEDIUM] CWE-416 CVE-2011-3071: Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.102
Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
nvd
CVE-2011-3068MEDIUMCVSS 6.8fixed in 6.02012-04-05
CVE-2011-3068 [MEDIUM] CWE-416 CVE-2011-3068: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome bef
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.
nvd
CVE-2011-3076MEDIUMCVSS 6.8fixed in 6.02012-04-05
CVE-2011-3076 [MEDIUM] CWE-416 CVE-2011-3076: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.
nvd
CVE-2011-3067MEDIUMCVSS 6.8fixed in 6.02012-04-05
CVE-2011-3067 [MEDIUM] CWE-346 CVE-2011-3067: Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vect
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
nvd
CVE-2011-3075MEDIUMCVSS 6.8fixed in 6.02012-04-05
CVE-2011-3075 [MEDIUM] CWE-416 CVE-2011-3075: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.
nvd
CVE-2011-3069MEDIUMCVSS 6.8fixed in 6.02012-04-05
CVE-2011-3069 [MEDIUM] CWE-416 CVE-2011-3069: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome bef
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.
nvd
CVE-2011-3074MEDIUMCVSS 6.8fixed in 6.02012-04-05
CVE-2011-3074 [MEDIUM] CWE-416 CVE-2011-3074: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.
nvd
CVE-2011-3073MEDIUMCVSS 6.8fixed in 6.02012-04-05
CVE-2011-3073 [MEDIUM] CWE-416 CVE-2011-3073: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.
nvd
CVE-2011-3064HIGHCVSS 7.5fixed in 6.02012-03-30
CVE-2011-3064 [HIGH] CWE-416 CVE-2011-3064: Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause
Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.
nvd
CVE-2011-3059MEDIUMCVSS 6.8fixed in 6.02012-03-30
CVE-2011-3059 [MEDIUM] CWE-125 CVE-2011-3059: Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote a
Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
nvd
CVE-2011-3060MEDIUMCVSS 6.8fixed in 6.02012-03-30
CVE-2011-3060 [MEDIUM] CWE-125 CVE-2011-3060: Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote atta
Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
nvd
CVE-2011-3056MEDIUMCVSS 6.8fixed in 5.1.72012-03-22
CVE-2011-3056 [MEDIUM] CWE-346 CVE-2011-3056: Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vector
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
nvd
CVE-2011-3050MEDIUMCVSS 6.8fixed in 6.02012-03-22
CVE-2011-3050 [MEDIUM] CWE-416 CVE-2011-3050: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome bef
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.
nvd
CVE-2011-3053MEDIUMCVSS 6.8fixed in 6.02012-03-22
CVE-2011-3053 [MEDIUM] CWE-416 CVE-2011-3053: Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.
nvd
CVE-2012-0647MEDIUMCVSS 5.0≤ 5.1.3v1.0+71 more2012-03-12
CVE-2012-0647 [MEDIUM] CWE-200 CVE-2012-0647: WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP auth
WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
nvd