Total
1453 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1552 | 1 Apple | 4 Imageio, Mac Os X, Mac Os X Server and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom". | |||||
CVE-2004-1314 | 1 Apple | 1 Safari | 2023-12-10 | 7.5 HIGH | N/A |
Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122. | |||||
CVE-2005-2516 | 1 Apple | 2 Mac Os X, Safari | 2023-12-10 | 7.5 HIGH | N/A |
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands. | |||||
CVE-2005-4504 | 1 Apple | 4 Mac Os X, Mac Os X Server, Safari and 1 more | 2023-12-10 | 7.8 HIGH | N/A |
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag. | |||||
CVE-2005-4678 | 1 Apple | 1 Safari | 2023-12-10 | 5.0 MEDIUM | N/A |
Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-0976 | 3 Apple, Hmdt, Omnigroup | 3 Safari, Shiira, Omniweb | 2023-12-10 | 5.0 MEDIUM | N/A |
AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs. | |||||
CVE-2004-1121 | 1 Apple | 1 Safari | 2023-12-10 | 5.0 MEDIUM | N/A |
Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags. | |||||
CVE-2004-0361 | 1 Apple | 1 Safari | 2023-12-10 | 5.0 MEDIUM | N/A |
The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array. | |||||
CVE-2003-0975 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2023-12-10 | 5.0 MEDIUM | N/A |
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | |||||
CVE-2004-0720 | 1 Apple | 1 Safari | 2023-12-10 | 7.5 HIGH | N/A |
Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
CVE-2003-0370 | 4 Apple, Kde, Redhat and 1 more | 6 Safari, Kde, Konqueror Embedded and 3 more | 2023-12-10 | 7.5 HIGH | N/A |
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. | |||||
CVE-2003-0355 | 2 Apple, Kde | 2 Safari, Konqueror Embedded | 2023-12-10 | 5.0 MEDIUM | N/A |
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates. | |||||
CVE-2003-0514 | 1 Apple | 1 Safari | 2023-12-10 | 7.5 HIGH | N/A |
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. |