Total
1474 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2317 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590. | |||||
CVE-2009-2200 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2024-02-28 | 7.1 HIGH | N/A |
WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. | |||||
CVE-2008-1011 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame. | |||||
CVE-2009-0123 | 2 Apple, Microsoft | 3 Mac Os X, Safari, Windows | 2024-02-28 | 7.1 HIGH | N/A |
Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2009-1693 | 1 Apple | 1 Safari | 2024-02-28 | 5.8 MEDIUM | N/A |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." | |||||
CVE-2008-5914 | 1 Apple | 1 Safari | 2024-02-28 | 2.1 LOW | N/A |
An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2009-2416 | 11 Apple, Canonical, Debian and 8 more | 19 Iphone Os, Mac Os X, Mac Os X Server and 16 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | |||||
CVE-2009-2027 | 1 Apple | 1 Safari | 2024-02-28 | 7.2 HIGH | N/A |
The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. | |||||
CVE-2009-3272 | 1 Apple | 1 Safari | 2024-02-28 | 5.0 MEDIUM | N/A |
Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences. | |||||
CVE-2009-1687 | 1 Apple | 1 Safari | 2024-02-28 | 9.3 HIGH | N/A |
The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." | |||||
CVE-2008-3281 | 7 Apple, Canonical, Debian and 4 more | 11 Iphone Os, Safari, Ubuntu Linux and 8 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | |||||
CVE-2008-4232 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2024-02-28 | 5.0 MEDIUM | N/A |
Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. | |||||
CVE-2008-3171 | 1 Apple | 1 Safari | 2024-02-28 | 5.0 MEDIUM | N/A |
Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
CVE-2009-1685 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document. | |||||
CVE-2008-1010 | 1 Apple | 1 Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript. | |||||
CVE-2009-1704 | 1 Apple | 1 Safari | 2024-02-28 | 9.3 HIGH | N/A |
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file. | |||||
CVE-2008-1025 | 1 Apple | 2 Safari, Webkit | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion. | |||||
CVE-2009-1715 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges. | |||||
CVE-2009-1713 | 1 Apple | 1 Safari | 2024-02-28 | 7.1 HIGH | N/A |
The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors. | |||||
CVE-2008-1588 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL. |