Total
1523 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0478 | 1 Apple | 3 Mac Os X, Safari, Webcore | 2025-04-09 | 4.3 MEDIUM | N/A |
| WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. | |||||
| CVE-2007-3759 | 1 Apple | 3 Iphone, Iphone Os, Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
| Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect. | |||||
| CVE-2009-1042 | 1 Apple | 2 Mac Os X, Safari | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. | |||||
| CVE-2008-3644 | 1 Apple | 1 Safari | 2025-04-09 | 1.9 LOW | N/A |
| Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache. | |||||
| CVE-2009-1707 | 1 Apple | 1 Safari | 2025-04-09 | 1.2 LOW | N/A |
| Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. | |||||
| CVE-2009-0070 | 1 Apple | 1 Safari | 2025-04-09 | 9.3 HIGH | N/A |
| Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307. | |||||
| CVE-2007-3514 | 1 Apple | 1 Safari | 2025-04-09 | 8.5 HIGH | N/A |
| Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. | |||||
| CVE-2007-2175 | 1 Apple | 1 Safari | 2025-04-09 | 7.6 HIGH | N/A |
| Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007. | |||||
| CVE-2009-1713 | 1 Apple | 1 Safari | 2025-04-09 | 7.1 HIGH | N/A |
| The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors. | |||||
| CVE-2009-1702 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects. | |||||
| CVE-2009-1699 | 3 Apple, Canonical, Opensuse | 4 Iphone Os, Safari, Ubuntu Linux and 1 more | 2025-04-09 | 7.1 HIGH | 7.5 HIGH |
| The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack." | |||||
| CVE-2009-3455 | 1 Apple | 1 Safari | 2025-04-09 | 7.5 HIGH | N/A |
| Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2009-0744 | 1 Apple | 1 Safari | 2025-04-09 | 5.0 MEDIUM | N/A |
| Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character. | |||||
| CVE-2008-1001 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. | |||||
| CVE-2007-3274 | 2 Apple, Microsoft | 2 Safari, Windows Xp | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. | |||||
| CVE-2009-2419 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload function. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1681 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. | |||||
| CVE-2007-3185 | 1 Apple | 1 Safari | 2025-04-09 | 7.8 HIGH | N/A |
| Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. | |||||
| CVE-2009-1704 | 1 Apple | 1 Safari | 2025-04-09 | 9.3 HIGH | N/A |
| CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file. | |||||
| CVE-2007-2408 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
| WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. | |||||