Apple Safari vulnerabilities
1,592 known vulnerabilities affecting apple/safari.
Total CVEs
1,592
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1
Vulnerabilities
Page 70 of 80
CVE-2010-1385CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1385 [CRITICAL] CWE-399 CVE-2010-1385: Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, a
Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
nvd
CVE-2010-1398CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1398 [CRITICAL] CWE-119 CVE-2010-1398: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac O
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an uns
nvd
CVE-2010-1414CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1414 [CRITICAL] CWE-399 CVE-2010-1414: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.
nvd
CVE-2010-1412CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1412 [CRITICAL] CWE-399 CVE-2010-1412: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.
nvd
CVE-2010-1402CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1402 [CRITICAL] CWE-399 CVE-2010-1402: Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Win
Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and a
nvd
CVE-2010-1397CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1397 [CRITICAL] CWE-399 CVE-2010-1397: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attrib
nvd
CVE-2010-1405CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1405 [CRITICAL] CWE-399 CVE-2010-1405: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.
nvd
CVE-2010-1750CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1750 [CRITICAL] CWE-399 CVE-2010-1750: Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execut
Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.
nvd
CVE-2010-1749CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1749 [CRITICAL] CWE-399 CVE-2010-1749: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructo
nvd
CVE-2010-1401CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1401 [CRITICAL] CWE-399 CVE-2010-1401: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple S
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element.
nvd
CVE-2010-1771CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1771 [CRITICAL] CWE-399 CVE-2010-1771: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts.
nvd
CVE-2010-1770CRITICALCVSS 9.3≤ 4.0.52010-06-11
CVE-2010-1770 [CRITICAL] CWE-94 CVE-2010-1770: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption
nvd
CVE-2010-1399CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1399 [CRITICAL] CWE-119 CVE-2010-1399: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac O
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
nvd
CVE-2010-1404CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1404 [CRITICAL] CWE-399 CVE-2010-1404: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruc
nvd
CVE-2010-1392CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1392 [CRITICAL] CWE-399 CVE-2010-1392: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style.
nvd
CVE-2010-1410CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1410 [CRITICAL] CWE-119 CVE-2010-1410: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac O
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.
nvd
CVE-2010-1417CRITICALCVSS 9.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1417 [CRITICAL] CWE-119 CVE-2010-1417: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.
nvd
CVE-2010-1416MEDIUMCVSS 4.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1416 [MEDIUM] CWE-264 CVE-2010-1416: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac O
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue."
nvd
CVE-2010-1762MEDIUMCVSS 4.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1762 [MEDIUM] CWE-79 CVE-2010-1762: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 throu
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.
nvd
CVE-2010-1764MEDIUMCVSS 4.3≤ 4.0.5v4.0+5 more2010-06-11
CVE-2010-1764 [MEDIUM] CVE-2010-1764: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac O
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.
nvd