Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Safari
Total 1382 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4231 1 Apple 3 Iphone Os, Ipod Touch, Safari 2022-08-09 9.3 HIGH N/A
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
CVE-2008-4233 1 Apple 3 Iphone Os, Ipod Touch, Safari 2022-08-09 2.6 LOW N/A
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.
CVE-2009-1702 1 Apple 3 Iphone Os, Ipod Touch, Safari 2022-08-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.
CVE-2007-3757 1 Apple 3 Iphone, Iphone Os, Safari 2022-08-09 4.3 MEDIUM N/A
Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed.
CVE-2007-3756 2 Apple, Microsoft 5 Iphone Os, Mac Os X, Safari and 2 more 2022-08-09 4.3 MEDIUM N/A
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain.
CVE-2008-2303 1 Apple 4 Iphone, Iphone Os, Ipod Touch and 1 more 2022-08-09 10.0 HIGH N/A
Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.
CVE-2008-0035 1 Apple 5 Iphone, Iphone Os, Ipod Touch and 2 more 2022-08-09 6.8 MEDIUM N/A
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.
CVE-2008-1588 1 Apple 4 Iphone, Iphone Os, Ipod Touch and 1 more 2022-08-09 4.3 MEDIUM N/A
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL.
CVE-2008-2317 1 Apple 4 Iphone, Iphone Os, Ipod Touch and 1 more 2022-08-09 9.3 HIGH N/A
WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590.
CVE-2007-4671 2 Apple, Microsoft 5 Iphone Os, Mac Os X, Safari and 2 more 2022-08-09 6.8 MEDIUM N/A
Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain.
CVE-2007-3760 2 Apple, Microsoft 5 Iphone Os, Mac Os X, Safari and 2 more 2022-08-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags.
CVE-2007-2400 2 Apple, Microsoft 5 Iphone Os, Mac Os X, Safari and 2 more 2022-08-09 4.3 MEDIUM N/A
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.
CVE-2007-3758 2 Apple, Microsoft 5 Iphone Os, Mac Os X, Safari and 2 more 2022-08-09 4.3 MEDIUM N/A
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks.
CVE-2007-5450 1 Apple 3 Iphone Os, Ipod Touch, Safari 2022-08-09 9.3 HIGH N/A
Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.
CVE-2008-1589 1 Apple 4 Iphone, Iphone Os, Ipod Touch and 1 more 2022-08-09 4.3 MEDIUM N/A
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.
CVE-2007-3759 1 Apple 3 Iphone, Iphone Os, Safari 2022-08-09 6.8 MEDIUM N/A
Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect.
CVE-2007-5858 1 Apple 5 Iphone, Iphone Os, Ipod Touch and 2 more 2022-08-09 4.3 MEDIUM N/A
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
CVE-2007-3761 1 Apple 3 Iphone, Iphone Os, Safari 2022-08-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain.
CVE-2020-9952 2 Apple, Webkit 7 Icloud, Ipad Os, Iphone Os and 4 more 2022-07-23 5.8 MEDIUM 7.1 HIGH
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.
CVE-2020-9951 3 Apple, Debian, Webkit 9 Icloud, Ipados, Iphone Os and 6 more 2022-07-23 6.8 MEDIUM 8.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.