Total
1453 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-2200 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2023-12-10 | 7.1 HIGH | N/A |
WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. | |||||
CVE-2009-1688 | 1 Apple | 1 Safari | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method." | |||||
CVE-2009-1706 | 1 Apple | 1 Safari | 2023-12-10 | 5.0 MEDIUM | N/A |
The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. | |||||
CVE-2009-0137 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2023-12-10 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues." | |||||
CVE-2008-3644 | 1 Apple | 1 Safari | 2023-12-10 | 1.9 LOW | N/A |
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache. | |||||
CVE-2009-1694 | 1 Apple | 1 Safari | 2023-12-10 | 5.8 MEDIUM | N/A |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." | |||||
CVE-2008-2000 | 1 Apple | 1 Safari | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. | |||||
CVE-2009-1724 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. | |||||
CVE-2009-1233 | 2 Apple, Microsoft | 2 Safari, Windows | 2023-12-10 | 4.3 MEDIUM | N/A |
Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. | |||||
CVE-2009-1700 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2023-12-10 | 4.3 MEDIUM | N/A |
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. | |||||
CVE-2009-2027 | 1 Apple | 1 Safari | 2023-12-10 | 7.2 HIGH | N/A |
The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. | |||||
CVE-2008-1002 | 1 Apple | 1 Safari | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. | |||||
CVE-2008-1001 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. | |||||
CVE-2009-1060 | 1 Apple | 2 Mac Os X, Safari | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009. | |||||
CVE-2009-1703 | 1 Apple | 1 Safari | 2023-12-10 | 7.1 HIGH | N/A |
WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document. | |||||
CVE-2009-1687 | 1 Apple | 1 Safari | 2023-12-10 | 9.3 HIGH | N/A |
The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." | |||||
CVE-2009-1698 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2023-12-10 | 9.3 HIGH | N/A |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
CVE-2009-1709 | 1 Apple | 1 Safari | 2023-12-10 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches." | |||||
CVE-2008-4216 | 1 Apple | 1 Safari | 2023-12-10 | 4.3 MEDIUM | N/A |
The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files." | |||||
CVE-2009-2421 | 1 Apple | 1 Safari | 2023-12-10 | 5.0 MEDIUM | N/A |
The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol. |