Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2003-06-09 |
| Product | Safari | Last view | 2021-04-02 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.8 | 2021-04-02 | CVE-2021-1844 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 6.5 | 2021-04-02 | CVE-2021-1799 | A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. |
| 8.8 | 2021-04-02 | CVE-2021-1788 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 5.5 | 2021-03-26 | CVE-2020-7463 | In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. |
| 5.9 | 2021-02-16 | CVE-2021-23841 | The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). |
| 4.3 | 2020-12-08 | CVE-2020-9993 | The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing. |
| 4.3 | 2020-12-08 | CVE-2020-9987 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing. |
| 8.8 | 2020-12-08 | CVE-2020-9950 | A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 8.8 | 2020-12-08 | CVE-2020-9947 | A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 4.3 | 2020-12-08 | CVE-2020-9945 | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing. |
| 4.3 | 2020-12-08 | CVE-2020-9942 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing. |
| 7.8 | 2020-12-08 | CVE-2020-27918 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 8.8 | 2020-11-03 | CVE-2020-15969 | Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-10-27 | CVE-2020-9932 | A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 5.4 | 2020-10-27 | CVE-2020-9860 | A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. |
| 7.8 | 2020-10-27 | CVE-2020-3864 | A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. |
| 5.3 | 2020-10-27 | CVE-2020-3852 | A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL scheme may be incorrectly ignored when determining multimedia permission for a website. |
| 4.3 | 2020-10-27 | CVE-2019-8898 | An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited. |
| 7.8 | 2020-10-27 | CVE-2019-8848 | This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An application may be able to gain elevated privileges. |
| 8.8 | 2020-10-27 | CVE-2019-8846 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 8.8 | 2020-10-27 | CVE-2019-8844 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 8.8 | 2020-10-27 | CVE-2019-8835 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 4.3 | 2020-10-27 | CVE-2019-8827 | The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited. |
| 8.8 | 2020-10-27 | CVE-2019-8773 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 6.1 | 2020-10-27 | CVE-2019-8771 | This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 42% (481) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 7% (90) | CWE-20 | Improper Input Validation |
| 7% (89) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 7% (88) | CWE-399 | Resource Management Errors |
| 7% (87) | CWE-416 | Use After Free |
| 7% (81) | CWE-200 | Information Exposure |
| 4% (52) | CWE-787 | Out-of-bounds Write |
| 3% (36) | CWE-264 | Permissions, Privileges, and Access Controls |
| 1% (17) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 1% (15) | CWE-189 | Numeric Errors |
| 0% (10) | CWE-310 | Cryptographic Issues |
| 0% (10) | CWE-125 | Out-of-bounds Read |
| 0% (7) | CWE-362 | Race Condition |
| 0% (6) | CWE-704 | Incorrect Type Conversion or Cast |
| 0% (6) | CWE-287 | Improper Authentication |
| 0% (6) | CWE-254 | Security Features |
| 0% (5) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 0% (5) | CWE-346 | Origin Validation Error |
| 0% (4) | CWE-255 | Credentials Management |
| 0% (4) | CWE-190 | Integer Overflow or Wraparound |
| 0% (4) | CWE-19 | Data Handling |
| 0% (3) | CWE-284 | Access Control (Authorization) Issues |
| 0% (3) | CWE-16 | Configuration |
| 0% (2) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
| 0% (2) | CWE-522 | Insufficiently Protected Credentials |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:8509 | Blended Threat Remote Code Execution Vulnerability |
| oval:org.mitre.oval:def:6108 | Blended Threat Remote Code Execution Vulnerability |
| oval:org.mitre.oval:def:5782 | Blended Threat Elevation of Privilege Vulnerability |
| oval:org.mitre.oval:def:6091 | Apple Safari Malformed URI Remote Denial of Service Vulnerability |
| oval:org.mitre.oval:def:6066 | Apple Safari Malformed URI Remote Denial of Service Vulnerability |
| oval:org.mitre.oval:def:5559 | Apple Safari Denial of Service Vulnerability |
| oval:org.mitre.oval:def:8224 | DSA-1784 freetype -- integer overflows |
| oval:org.mitre.oval:def:13797 | USN-767-1 -- freetype vulnerability |
| oval:org.mitre.oval:def:13395 | DSA-1784-1 freetype -- integer overflows |
| oval:org.mitre.oval:def:10149 | Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attacke... |
| oval:org.mitre.oval:def:22787 | ELSA-2009:1061: freetype security update (Important) |
| oval:org.mitre.oval:def:29091 | RHSA-2009:1061 -- freetype security update (Important) |
| oval:org.mitre.oval:def:11584 | Array index error in the insertItemBefore method in WebKit, as used in Apple ... |
| oval:org.mitre.oval:def:8086 | DSA-1867 kdelibs -- several vulnerabilities |
| oval:org.mitre.oval:def:7524 | DSA-1868 kde4libs -- several vulnerabilities |
| oval:org.mitre.oval:def:13290 | DSA-1867-1 kdelibs -- several vulnerabilities |
| oval:org.mitre.oval:def:13176 | DSA-1868-1 kde4libs -- several vulnerabilities |
| oval:org.mitre.oval:def:10260 | The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone... |
| oval:org.mitre.oval:def:11009 | Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, i... |
| oval:org.mitre.oval:def:9484 | WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS... |
| oval:org.mitre.oval:def:13862 | USN-822-1 -- kde4libs, kdelibs vulnerabilities |
| oval:org.mitre.oval:def:22057 | ELSA-2009:1127: kdelibs security update (Critical) |
| oval:org.mitre.oval:def:29301 | RHSA-2009:1127 -- kdelibs security update (Critical) |
| oval:org.mitre.oval:def:8135 | DSA-1866 kdegraphics -- several vulnerabilities |
| oval:org.mitre.oval:def:13597 | DSA-1866-1 kdegraphics -- several vulnerabilities |
SAINT Exploits
| Description | Link |
|---|---|
| Apple Safari parent.close() Invalid Pointer Code Execution | More info here |
| QuickTime RTSP Content-Type header buffer overflow | More info here |
| Safari WebKit floating point number buffer overflow | More info here |
| Apple Safari libxslt File Create | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 78547 | Google Chrome Tree Builder Remote Overflow |
| 78545 | Google Chrome Use-after-free DOM Handling Unspecified Remote DoS |
| 78544 | Google Chrome Use-after-free DOM Selections Unspecified Remote DoS |
| 77715 | Google Chrome Range Handling Use-after-free Remote Code Execution |
| 77711 | Google Chrome CSS Property Array Unspecified Remote Memory Corruption |
| 77710 | Google Chrome SVG Parsing Out-of-bounds Read Remote DoS |
| 77621 | Google Chrome WebKit Cache Objects Image Handling Browsing History Disclosure |
| 77618 | Apple Safari WebKit Cache Objects Image Handling Browsing History Disclosure |
| 77605 | Apple Safari JavaScript Implementation getComputedStyle Method Page Handling ... |
| 77037 | Google Chrome Editing Unspecified Use-after-free Remote Issue |
| 76559 | Google Chrome Use-after-free Plug-ins and Editing Remote Code Execution |
| 76558 | Google Chrome Javascript URI Cookie Disclosure |
| 76556 | Google Chrome Multiple Use-after-free Stale Style Sheet Handling Remote Code ... |
| 76552 | Google Chrome Multiple Unspecified Same Origin Policy Bypass |
| 76545 | Google Chrome History Handling URL Bar Spoofing |
| 76391 | Apple Safari WebKit Private Browsing Mode Cookie Block Bypass |
| 76390 | Apple Safari SSL Certificate Handling Unitialized Memory Access Remote Code E... |
| 76389 | Apple Safari file:// URL Handling Remote Code Execution |
| 76388 | Apple Safari safari-extension:// URL Handling Traversal Remote Code Execution |
| 76353 | Apple iOS WebKit Inactive DOM Window Handling XSS |
| 76062 | Google Chrome Stale Font SVG Text Handling Remote Code Execution |
| 75562 | Google Chrome Use-after-free Table Style Handling Remote Code Execution |
| 75559 | Google Chrome Use-after-free Focus Controller Remote Code Execution |
| 75557 | Google Chrome Stale Node Stylesheet Handling Remote Code Execution |
| 75556 | Google Chrome Use-after-free ruby / table Style Handling Remote Code Execution |
ExploitDB Exploits
| id | Description |
|---|---|
| 28081 | Apple Safari 6.0.1 for iOS 6.0 and OS X 10.7/8 - Heap Buffer Overflow |
| 22406 | Konqueror 4.7.3 Memory Corruption |
| 18446 | Webkit normalize bug for android 2.2 (CVE-2010-1759) |
| 17986 | Apple Safari file:// Arbitrary Code Execution |
| 17575 | Safari 5.0.5 SVG Remote Code Execution Exploit (DEP bypass) |
| 17567 | Safari SVG DOM processing PoC |
| 15548 | Android 2.0/2.1 Use-After-Free Remote Code Execution on Webkit |
| 15423 | Android 2.0-2.1 Reverse Shell Exploit |
| 14422 | libpng <= 1.4.2 Denial of Service Vulnerability |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0374-1 (update) File : nvt/gb_suse_2012_0374_1.nasl |
| 2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0466-1 (update) File : nvt/gb_suse_2012_0466_1.nasl |
| 2012-11-21 | Name : Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X) File : nvt/gb_apple_safari_webcore_webkit_xss_vuln_macosx.nasl |
| 2012-11-21 | Name : Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) File : nvt/gb_apple_safari_webcore_webkit_xss_vuln_win.nasl |
| 2012-11-21 | Name : Google Chrome Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Linux) File : nvt/gb_google_chrome_webcore_webkit_xss_vuln_lin.nasl |
| 2012-11-21 | Name : Google Chrome Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X) File : nvt/gb_google_chrome_webcore_webkit_xss_vuln_macosx.nasl |
| 2012-11-21 | Name : Google Chrome Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) File : nvt/gb_google_chrome_webcore_webkit_xss_vuln_win.nasl |
| 2012-11-19 | Name : Fedora Update for kdelibs FEDORA-2012-17388 File : nvt/gb_fedora_2012_17388_kdelibs_fc16.nasl |
| 2012-11-02 | Name : Apple Safari Multiple Vulnerabilities (APPLE-SA-2012-09-19-3) File : nvt/gb_apple_safari_mult_vuln_nov12_macosx.nasl |
| 2012-10-26 | Name : Ubuntu Update for webkit USN-1617-1 File : nvt/gb_ubuntu_USN_1617_1.nasl |
| 2012-10-03 | Name : Fedora Update for libxml2 FEDORA-2012-13824 File : nvt/gb_fedora_2012_13824_libxml2_fc16.nasl |
| 2012-10-01 | Name : Apple Safari Multiple Vulnerabilities - Oct 2012 (Mac OS X) File : nvt/gb_apple_safari_mult_vuln_oct12_macosx.nasl |
| 2012-09-27 | Name : Fedora Update for libxml2 FEDORA-2012-13820 File : nvt/gb_fedora_2012_13820_libxml2_fc17.nasl |
| 2012-09-17 | Name : Apple iTunes Multiple Vulnerabilities - Sep 12 (Windows) File : nvt/gb_apple_itunes_mult_vuln_sep12_win.nasl |
| 2012-08-09 | Name : Ubuntu Update for webkit USN-1524-1 File : nvt/gb_ubuntu_USN_1524_1.nasl |
| 2012-08-01 | Name : Apple Safari Multiple Vulnerabilities - Aug 2012 (Windows) File : nvt/gb_apple_safari_mult_vuln_aug12_win.nasl |
| 2012-07-30 | Name : CentOS Update for libxml2 CESA-2012:0016 centos4 File : nvt/gb_CESA-2012_0016_libxml2_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for libxml2 CESA-2012:0017 centos5 File : nvt/gb_CESA-2012_0017_libxml2_centos5.nasl |
| 2012-07-30 | Name : Apple Safari Multiple Vulnerabilities - July 2012 (Mac OS X) File : nvt/gb_apple_safari_mult_vuln_jul12_macosx.nasl |
| 2012-07-13 | Name : VMSA-2012-0012 VMware ESXi update addresses several security issues. File : nvt/gb_VMSA-2012-0012.nasl |
| 2012-07-09 | Name : RedHat Update for libxml2 RHSA-2011:1749-03 File : nvt/gb_RHSA-2011_1749-03_libxml2.nasl |
| 2012-06-05 | Name : RedHat Update for webkitgtk RHSA-2011:0177-01 File : nvt/gb_RHSA-2011_0177-01_webkitgtk.nasl |
| 2012-05-31 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium13.nasl |
| 2012-05-31 | Name : Gentoo Security Advisory GLSA 201205-01 (chromium) File : nvt/glsa_201205_01.nasl |
| 2012-05-24 | Name : Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows) File : nvt/secpod_apple_safari_mult_vuln_win_oct11.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0222 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0061471 |
| 2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity: Category I - VMSKEY: V0061337 |
| 2015-A-0158 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0061089 |
| 2014-B-0083 | Multiple Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0052903 |
| 2014-B-0048 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0050015 |
| 2014-B-0024 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0046157 |
| 2012-A-0153 | Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity: Category I - VMSKEY: V0033884 |
| 2012-A-0073 | Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity: Category I - VMSKEY: V0032171 |
| 2009-T-0021 | Microsoft Windows SearchPath Blended Threat Vulnerability Severity: Category II - VMSKEY: V0018776 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2021-01-12 | file URI redirect attempt RuleID : 56580 - Type : POLICY-OTHER - Revision : 1 |
| 2020-11-19 | Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt RuleID : 56044 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-11-19 | Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt RuleID : 56043 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-11-19 | Apple Safari Webkit attribute child removal code execution attempt RuleID : 56042 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-11-18 | Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt RuleID : 56009 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-11-18 | Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt RuleID : 56008 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-10-22 | Apple Safari WebKit HTMLFrameElementBase isURLAllowed Subframe exploit attempt RuleID : 55799 - Type : FILE-OTHER - Revision : 1 |
| 2020-10-22 | Apple Safari WebKit HTMLFrameElementBase isURLAllowed Subframe exploit attempt RuleID : 55798 - Type : FILE-OTHER - Revision : 1 |
| 2020-10-06 | WebKit AudioArray allocate out of bounds access attempt RuleID : 55013 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-10-06 | WebKit AudioArray allocate out of bounds access attempt RuleID : 55012 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-09-02 | WebKit JIT compiler common subexpression elimination out of bounds access att... RuleID : 54666 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2020-09-02 | WebKit JIT compiler common subexpression elimination out of bounds access att... RuleID : 54665 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2020-06-13 | WebKit use-after-free remote code execution attempt RuleID : 53976 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53474 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53473 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-19 | Apple Safari WebKit cached page memory corruption attempt RuleID : 53122 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-19 | Apple Safari WebKit cached page memory corruption attempt RuleID : 53121 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-17 | Apple Safari Webkit WebCore memory corruption attempt RuleID : 53101 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-17 | Apple Safari Webkit WebCore memory corruption attempt RuleID : 53100 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-21 | Apple Webkit updateMinimumColumnHeight use-after-free attempt RuleID : 52486 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-21 | Apple Webkit updateMinimumColumnHeight use-after-free attempt RuleID : 52485 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52307 - Type : FILE-IMAGE - Revision : 1 |
| 2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52306 - Type : FILE-IMAGE - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-118b9abf99.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-1a8582a7ee.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-499f2dbc96.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-509fc4a5c8.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-97c58e29e4.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-a1f37d2f08.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e2e8a07a01.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1_1.nasl - Type: ACT_GATHER_INFO |
| 2018-12-19 | Name: An application installed on remote host is affected by multiple vulnerabilities File: itunes_12_9_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_Safari12_0_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-03 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201812-04.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1_banner.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_Safari12_0_1.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_8_banner.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_banner.nasl - Type: ACT_GATHER_INFO |
| 2018-09-24 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4a16e37c81.nasl - Type: ACT_GATHER_INFO |
| 2018-09-20 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_safari12.nasl - Type: ACT_GATHER_INFO |
| 2018-08-23 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201808-01.nasl - Type: ACT_GATHER_INFO |
| 2018-08-23 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201808-04.nasl - Type: ACT_GATHER_INFO |
| 2018-07-30 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_b9c525d9919811e8beba080027ef1a23.nasl - Type: ACT_GATHER_INFO |
| 2018-07-27 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4256.nasl - Type: ACT_GATHER_INFO |
| 2018-07-17 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_13_6.nasl - Type: ACT_GATHER_INFO |
