Apple Safari vulnerabilities

1,592 known vulnerabilities affecting apple/safari.

Total CVEs

1,592

CISA KEV

actively exploited

Public exploits

157

Exploited in wild

Severity breakdown

CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1

Vulnerabilities

Page 75 of 80

CVE-2009-1694MEDIUMCVSS 5.8≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1694 [MEDIUM] CVE-2009-1694: WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 thr WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue."

nvd

CVE-2009-1681MEDIUMCVSS 4.3≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1681 [MEDIUM] CVE-2009-1681: WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 thr WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.

nvd

CVE-2009-1715MEDIUMCVSS 4.3≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1715 [MEDIUM] CWE-79 CVE-2009-1715: Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allow Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges.

nvd

CVE-2009-1684MEDIUMCVSS 4.3PoC≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1684 [MEDIUM] CWE-79 CVE-2009-1684: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.

nvd

CVE-2009-1691MEDIUMCVSS 4.3≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1691 [MEDIUM] CWE-79 CVE-2009-1691: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains.

nvd

CVE-2009-1682MEDIUMCVSS 4.3≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1682 [MEDIUM] CWE-255 CVE-2009-1682: Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, w Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.

nvd

CVE-2009-1706MEDIUMCVSS 5.0≤ 3.2.3v3.0+10 more2009-06-10

CVE-2009-1706 [MEDIUM] CWE-200 CVE-2009-1706: The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.

nvd

CVE-2009-1697MEDIUMCVSS 4.3≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1697 [MEDIUM] CWE-20 CVE-2009-1697: CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on

nvd

CVE-2009-1700MEDIUMCVSS 4.3≤ 3.2.2v2.0+22 more2009-06-10

CVE-2009-1700 [MEDIUM] CWE-200 CVE-2009-1700: The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhon The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.

nvd

CVE-2009-1696MEDIUMCVSS 5.0≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1696 [MEDIUM] CWE-310 CVE-2009-1696: WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 thr WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.

nvd

CVE-2009-1702MEDIUMCVSS 4.3≤ 3.2.2v2.0+22 more2009-06-10

CVE-2009-1702 [MEDIUM] CWE-79 CVE-2009-1702: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.

nvd

CVE-2009-1689MEDIUMCVSS 4.3≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1689 [MEDIUM] CWE-79 CVE-2009-1689: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement.

nvd

CVE-2009-1685MEDIUMCVSS 4.3≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1685 [MEDIUM] CWE-79 CVE-2009-1685: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document.

nvd

CVE-2009-1688MEDIUMCVSS 4.3≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1688 [MEDIUM] CWE-79 CVE-2009-1688: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method."

nvd

CVE-2009-1693MEDIUMCVSS 5.8≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1693 [MEDIUM] CVE-2009-1693: WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 thr WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."

nvd

CVE-2009-1695MEDIUMCVSS 4.3≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1695 [MEDIUM] CWE-79 CVE-2009-1695: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition.

nvd

CVE-2009-1714MEDIUMCVSS 4.3≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1714 [MEDIUM] CWE-79 CVE-2009-1714: Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allow Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.

nvd

CVE-2009-1716LOWCVSS 2.1≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1716 [LOW] CWE-264 CVE-2009-1716: CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files create CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.

nvd

CVE-2009-1707LOWCVSS 1.2≤ 3.2.3v3.0+10 more2009-06-10

CVE-2009-1707 [LOW] CWE-362 CVE-2009-1707: Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.

nvd

CVE-2009-1710LOWCVSS 2.6≤ 4.0_betav0.8+24 more2009-06-10

CVE-2009-1710 [LOW] CVE-2009-1710: WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.

nvd

← Previous75 / 80Next →