Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Safari
Total 1382 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1682 1 Apple 1 Safari 2009-06-19 4.3 MEDIUM N/A
Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.
CVE-2009-1716 1 Apple 1 Safari 2009-06-19 2.1 LOW N/A
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.
CVE-2009-1705 1 Apple 1 Safari 2009-06-13 9.3 HIGH N/A
CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.
CVE-2008-5914 1 Apple 1 Safari 2009-01-23 2.1 LOW N/A
An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-4431 1 Apple 1 Safari 2008-11-15 6.8 MEDIUM N/A
Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."
CVE-2007-3718 1 Apple 1 Safari 2008-11-15 7.5 HIGH N/A
Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher.
CVE-2007-2843 1 Apple 1 Safari 2008-11-15 10.0 HIGH N/A
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events.
CVE-2007-3482 2 Apple, Microsoft 2 Safari, Windows Nt 2008-11-15 7.8 HIGH N/A
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.
CVE-2004-1122 1 Apple 1 Safari 2008-09-10 7.5 HIGH N/A
Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.
CVE-2003-0370 4 Apple, Kde, Redhat and 1 more 6 Safari, Kde, Konqueror Embedded and 3 more 2008-09-10 7.5 HIGH N/A
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
CVE-2007-0644 1 Apple 1 Safari 2008-09-05 7.1 HIGH N/A
Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.
CVE-2006-6238 1 Apple 1 Safari 2008-09-05 5.0 MEDIUM N/A
The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077.
CVE-2005-4678 1 Apple 1 Safari 2008-09-05 5.0 MEDIUM N/A
Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-2594 1 Apple 1 Safari 2008-09-05 5.0 MEDIUM N/A
Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body.
CVE-2005-2516 1 Apple 2 Mac Os X, Safari 2008-09-05 7.5 HIGH N/A
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.
CVE-2005-2524 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2008-09-05 5.0 MEDIUM N/A
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.
CVE-2005-2522 1 Apple 2 Mac Os X, Safari 2008-09-05 5.1 MEDIUM N/A
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
CVE-2005-2517 1 Apple 2 Mac Os X, Safari 2008-09-05 2.6 LOW N/A
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.
CVE-2005-0976 3 Apple, Hmdt, Omnigroup 3 Safari, Shiira, Omniweb 2008-09-05 5.0 MEDIUM N/A
AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs.
CVE-2003-0514 1 Apple 1 Safari 2008-09-05 7.5 HIGH N/A
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.