Total
1466 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-4671 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Safari and 2 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. | |||||
CVE-2007-0646 | 1 Apple | 3 Imovie, Mac Os X, Safari | 2024-02-28 | 7.1 HIGH | N/A |
Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function. | |||||
CVE-2007-2843 | 1 Apple | 1 Safari | 2024-02-28 | 10.0 HIGH | N/A |
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. | |||||
CVE-2007-2163 | 1 Apple | 1 Safari | 2024-02-28 | 5.0 MEDIUM | N/A |
Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | |||||
CVE-2007-4699 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2024-02-28 | 7.5 HIGH | N/A |
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. | |||||
CVE-2008-0894 | 1 Apple | 1 Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420. | |||||
CVE-2007-3284 | 1 Apple | 1 Safari | 2024-02-28 | 7.8 HIGH | N/A |
corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. | |||||
CVE-2007-3757 | 1 Apple | 3 Iphone, Iphone Os, Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed. | |||||
CVE-2007-3274 | 2 Apple, Microsoft | 2 Safari, Windows Xp | 2024-02-28 | 4.3 MEDIUM | N/A |
Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. | |||||
CVE-2007-3760 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Safari and 2 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. | |||||
CVE-2007-3756 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Safari and 2 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. | |||||
CVE-2007-2580 | 1 Apple | 1 Safari | 2024-02-28 | 1.9 LOW | N/A |
Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script. | |||||
CVE-2007-0342 | 2 Apple, Omnigroup | 4 Mac Os X, Safari, Webkit and 1 more | 2024-02-28 | 4.3 MEDIUM | N/A |
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. | |||||
CVE-2007-0478 | 1 Apple | 3 Mac Os X, Safari, Webcore | 2024-02-28 | 4.3 MEDIUM | N/A |
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. | |||||
CVE-2008-0298 | 1 Apple | 2 Mac Os X, Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. | |||||
CVE-2006-6238 | 1 Apple | 1 Safari | 2024-02-28 | 5.0 MEDIUM | N/A |
The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077. | |||||
CVE-2007-3514 | 1 Apple | 1 Safari | 2024-02-28 | 8.5 HIGH | N/A |
Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. | |||||
CVE-2007-5450 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file. | |||||
CVE-2007-4431 | 1 Apple | 1 Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking." | |||||
CVE-2007-4424 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content. |