Apple Safari vulnerabilities
1,592 known vulnerabilities affecting apple/safari.
Total CVEs
1,592
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1
Vulnerabilities
Page 69 of 80
CVE-2010-1793CRITICALCVSS 9.3≤ 5.0v4.0+7 more2010-07-30
CVE-2010-1793 [CRITICAL] CWE-399 CVE-2010-1793: Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 thro
Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document.
nvd
CVE-2010-1787CRITICALCVSS 9.3≤ 5.0v4.0+7 more2010-07-30
CVE-2010-1787 [CRITICAL] CWE-119 CVE-2010-1787: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on M
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document.
nvd
CVE-2010-1782CRITICALCVSS 9.3≤ 5.0v4.0+7 more2010-07-30
CVE-2010-1782 [CRITICAL] CWE-119 CVE-2010-1782: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on M
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element.
nvd
CVE-2010-1783CRITICALCVSS 9.3≤ 5.0v4.0+7 more2010-07-30
CVE-2010-1783 [CRITICAL] CWE-119 CVE-2010-1783: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on M
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML d
nvd
CVE-2010-1790CRITICALCVSS 9.3≤ 5.0v4.0+7 more2010-07-30
CVE-2010-1790 [CRITICAL] CVE-2010-1790: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on M
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a
nvd
CVE-2010-1789CRITICALCVSS 9.3≤ 5.0v4.0+7 more2010-07-30
CVE-2010-1789 [CRITICAL] CWE-119 CVE-2010-1789: Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and
Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.
nvd
CVE-2010-1780CRITICALCVSS 9.3≤ 5.0v4.0+7 more2010-07-30
CVE-2010-1780 [CRITICAL] CWE-399 CVE-2010-1780: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 an
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus.
nvd
CVE-2010-1778MEDIUMCVSS 4.3≤ 5.0v4.0+7 more2010-07-30
CVE-2010-1778 [MEDIUM] CWE-79 CVE-2010-1778: Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6
Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.
nvd
CVE-2010-1796LOWCVSS 2.6≤ 5.0v4.0+7 more2010-07-30
CVE-2010-1796 [LOW] CWE-200 CVE-2010-1796: The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and bef
The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.
nvd
CVE-2010-1205CRITICALCVSS 9.8PoCfixed in 5.0.42010-06-30
CVE-2010-1205 [CRITICAL] CWE-120 CVE-2010-1205: Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
nvd
CVE-2010-2249MEDIUMCVSS 6.5fixed in 5.0.42010-06-30
CVE-2010-2249 [MEDIUM] CWE-401 CVE-2010-2249: Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers t
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
nvd
CVE-2010-1400CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1400 [CRITICAL] CWE-399 CVE-2010-1400: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements.
nvd
CVE-2010-1758CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1758 [CRITICAL] CWE-399 CVE-2010-1758: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects.
nvd
CVE-2010-1759CRITICALCVSS 9.3PoC≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1759 [CRITICAL] CWE-399 CVE-2010-1759: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method.
nvd
CVE-2010-1761CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1761 [CRITICAL] CWE-399 CVE-2010-1761: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees.
nvd
CVE-2010-1403CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1403 [CRITICAL] CWE-119 CVE-2010-1403: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac O
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that trigge
nvd
CVE-2010-1774CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1774 [CRITICAL] CWE-119 CVE-2010-1774: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac O
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
nvd
CVE-2010-1419CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1419 [CRITICAL] CWE-399 CVE-2010-1419: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation.
nvd
CVE-2010-1415CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1415 [CRITICAL] CWE-94 CVE-2010-1415: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac O
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."
nvd
CVE-2010-1396CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1396 [CRITICAL] CWE-399 CVE-2010-1396: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements.
nvd