Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Safari
Total 1474 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-1008 1 Apple 1 Safari 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.
CVE-2008-1007 1 Apple 1 Safari 2024-11-21 4.3 MEDIUM N/A
WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
CVE-2008-1006 1 Apple 1 Safari 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.
CVE-2008-1005 1 Apple 1 Safari 2024-11-21 2.1 LOW N/A
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.
CVE-2008-1004 1 Apple 1 Safari 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.
CVE-2008-1003 1 Apple 1 Safari 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.
CVE-2008-1002 1 Apple 1 Safari 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL.
CVE-2008-1001 2 Apple, Microsoft 3 Safari, Windows Vista, Windows Xp 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.
CVE-2008-0894 1 Apple 1 Safari 2024-11-21 6.8 MEDIUM N/A
Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420.
CVE-2008-0298 1 Apple 2 Mac Os X, Safari 2024-11-21 4.3 MEDIUM N/A
KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.
CVE-2008-0035 1 Apple 5 Iphone, Iphone Os, Ipod Touch and 2 more 2024-11-21 6.8 MEDIUM N/A
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.
CVE-2007-6592 1 Apple 1 Safari 2024-11-21 4.3 MEDIUM N/A
Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
CVE-2007-6166 2 Apple, Microsoft 5 Mac Os X, Quicktime, Safari and 2 more 2024-11-21 9.3 HIGH N/A
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
CVE-2007-5859 1 Apple 2 Mac Os X, Safari 2024-11-21 9.3 HIGH N/A
Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.
CVE-2007-5858 1 Apple 5 Iphone, Iphone Os, Ipod Touch and 2 more 2024-11-21 4.3 MEDIUM N/A
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
CVE-2007-5450 1 Apple 3 Iphone Os, Ipod Touch, Safari 2024-11-21 9.3 HIGH N/A
Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.
CVE-2007-4812 1 Apple 1 Safari 2024-11-21 5.0 MEDIUM N/A
Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method.
CVE-2007-4699 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2024-11-21 7.5 HIGH N/A
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.
CVE-2007-4698 1 Apple 1 Safari 2024-11-21 4.3 MEDIUM N/A
Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.
CVE-2007-4692 2 Apple, Microsoft 4 Mac Os X, Mac Os X Server, Safari and 1 more 2024-11-21 4.3 MEDIUM N/A
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab.