Apple Safari vulnerabilities
1,592 known vulnerabilities affecting apple/safari.
Total CVEs
1,592
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1
Vulnerabilities
Page 64 of 80
CVE-2011-2792MEDIUMCVSS 6.8fixed in 5.1.12011-08-03
CVE-2011-2792 [MEDIUM] CWE-416 CVE-2011-2792: Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.
nvd
CVE-2011-2800MEDIUMCVSS 4.3fixed in 5.1.12011-08-03
CVE-2011-2800 [MEDIUM] CWE-200 CVE-2011-2800: Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive informatio
Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.
nvd
CVE-2011-2819MEDIUMCVSS 6.8fixed in 5.1.12011-08-03
CVE-2011-2819 [MEDIUM] CVE-2011-2819: Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vecto
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI.
nvd
CVE-2011-2359MEDIUMCVSS 6.8fixed in 5.1.12011-08-03
CVE-2011-2359 [MEDIUM] CWE-20 CVE-2011-2359: Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows
Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
nvd
CVE-2011-2797MEDIUMCVSS 6.8fixed in 5.1.12011-08-03
CVE-2011-2797 [MEDIUM] CWE-416 CVE-2011-2797: Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching.
nvd
CVE-2011-2805MEDIUMCVSS 6.8fixed in 5.1.12011-08-03
CVE-2011-2805 [MEDIUM] CWE-74 CVE-2011-2805: Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and condu
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors.
nvd
CVE-2011-2788MEDIUMCVSS 6.8fixed in 5.1.12011-08-03
CVE-2011-2788 [MEDIUM] CWE-120 CVE-2011-2788: Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 al
Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.
nvd
CVE-2011-2790MEDIUMCVSS 6.8fixed in 5.1.12011-08-03
CVE-2011-2790 [MEDIUM] CWE-416 CVE-2011-2790: Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles.
nvd
CVE-2011-0237CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0237 [CRITICAL] CWE-119 CVE-2011-0237: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-1797CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-1797 [CRITICAL] CWE-119 CVE-2011-1797: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-0215CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0215 [CRITICAL] CWE-20 CVE-2011-0215: ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which
ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file.
nvd
CVE-2011-0235CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0235 [CRITICAL] CWE-119 CVE-2011-0235: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-0241CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0241 [CRITICAL] CWE-119 CVE-2011-0241: Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execut
Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding.
nvd
CVE-2011-0253CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0253 [CRITICAL] CWE-119 CVE-2011-0253: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-0233CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0233 [CRITICAL] CWE-119 CVE-2011-0233: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-1288CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-1288 [CRITICAL] CWE-119 CVE-2011-1288: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-0255CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0255 [CRITICAL] CWE-119 CVE-2011-0255: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-0240CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0240 [CRITICAL] CWE-119 CVE-2011-0240: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-0218CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0218 [CRITICAL] CWE-119 CVE-2011-0218: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2010-1383CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2010-1383 [CRITICAL] CWE-255 CVE-2010-1383: CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary cod
CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.
nvd