Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Safari
(Apple)| Repositories | https://github.com/WebKit/webkit |
| #Vulnerabilities | 1491 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-03-15 | CVE-2010-0048 | Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. | Safari | N/A | ||
| 2024-09-17 | CVE-2024-40866 | The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing. | Macos, Safari | 6.5 | ||
| 2018-06-08 | CVE-2018-4233 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux | 8.8 | ||
| 2009-06-10 | CVE-2009-1699 | The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack." | Iphone_os, Safari, Ubuntu_linux, Opensuse | 7.5 | ||
| 2010-03-15 | CVE-2010-0050 | Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. | Iphone_os, Safari, Ubuntu_linux, Fedora, Opensuse | 8.8 | ||
| 2008-08-27 | CVE-2008-3281 | libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | Iphone_os, Safari, Ubuntu_linux, Debian_linux, Fedora, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Esx, Libxml2 | 6.5 | ||
| 2007-08-20 | CVE-2007-4431 | Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking." | Safari | N/A | ||
| 2010-06-30 | CVE-2010-1205 | Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | Iphone_os, Itunes, Mac_os_x, Mac_os_x_server, Safari, Ubuntu_linux, Debian_linux, Fedora, Chrome, Libpng, Firefox, Seamonkey, Thunderbird, Opensuse, Linux_enterprise_server, Player, Workstation | 9.8 | ||
| 2011-06-29 | CVE-2011-2351 | Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements. | Iphone_os, Itunes, Safari, Chrome | N/A | ||
| 2011-07-21 | CVE-2011-1797 | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | Safari, Webkit, Chromium | N/A |