Apple Safari vulnerabilities
1,592 known vulnerabilities affecting apple/safari.
Total CVEs
1,592
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1
Vulnerabilities
Page 65 of 80
CVE-2011-0238CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0238 [CRITICAL] CWE-119 CVE-2011-0238: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-0225CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0225 [CRITICAL] CWE-119 CVE-2011-0225: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-0221CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0221 [CRITICAL] CWE-119 CVE-2011-0221: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-1462CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-1462 [CRITICAL] CWE-119 CVE-2011-1462: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-0222CRITICALCVSS 9.3PoC≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0222 [CRITICAL] CWE-119 CVE-2011-0222: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-0232CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0232 [CRITICAL] CWE-119 CVE-2011-0232: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-0223CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0223 [CRITICAL] CWE-119 CVE-2011-0223: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-1453CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-1453 [CRITICAL] CWE-119 CVE-2011-1453: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-0234CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0234 [CRITICAL] CWE-119 CVE-2011-0234: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-0216CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0216 [CRITICAL] CWE-189 CVE-2011-0216: Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary
Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.
nvd
CVE-2011-1457CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-1457 [CRITICAL] CWE-119 CVE-2011-1457: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-0254CRITICALCVSS 9.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0254 [CRITICAL] CWE-119 CVE-2011-0254: WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
nvd
CVE-2011-1774HIGHCVSS 8.8PoC≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-1774 [HIGH] CVE-2011-1774: WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote atta
WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.
nvd
CVE-2011-0219MEDIUMCVSS 5.8≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0219 [MEDIUM] CWE-264 CVE-2011-0219: Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the r
Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.
nvd
CVE-2010-1420MEDIUMCVSS 4.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2010-1420 [MEDIUM] CWE-79 CVE-2010-1420: Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote att
Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file.
nvd
CVE-2011-0217MEDIUMCVSS 4.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0217 [MEDIUM] CWE-200 CVE-2011-0217: Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form sub
Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields.
nvd
CVE-2011-0242MEDIUMCVSS 4.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0242 [MEDIUM] CWE-79 CVE-2011-0242: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attack
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username.
nvd
CVE-2011-0214MEDIUMCVSS 5.0≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0214 [MEDIUM] CWE-310 CVE-2011-0214: CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of
CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.
nvd
CVE-2011-0244MEDIUMCVSS 4.3≤ 5.0.5v1.0+54 more2011-07-21
CVE-2011-0244 [MEDIUM] CWE-200 CVE-2011-0244: WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files vi
WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds.
nvd
CVE-2011-2351MEDIUMCVSS 6.8fixed in 5.1.12011-06-29
CVE-2011-2351 [MEDIUM] CWE-416 CVE-2011-2351: Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.
nvd