Total
1402 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1682 | 1 Apple | 1 Safari | 2009-06-18 | 4.3 MEDIUM | N/A |
Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. | |||||
CVE-2009-1706 | 1 Apple | 1 Safari | 2009-06-18 | 5.0 MEDIUM | N/A |
The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. | |||||
CVE-2009-1705 | 1 Apple | 1 Safari | 2009-06-12 | 9.3 HIGH | N/A |
CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data. | |||||
CVE-2008-5914 | 1 Apple | 1 Safari | 2009-01-23 | 2.1 LOW | N/A |
An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2007-4431 | 1 Apple | 1 Safari | 2008-11-14 | 6.8 MEDIUM | N/A |
Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking." | |||||
CVE-2007-3718 | 1 Apple | 1 Safari | 2008-11-14 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher. | |||||
CVE-2007-2843 | 1 Apple | 1 Safari | 2008-11-14 | 10.0 HIGH | N/A |
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. | |||||
CVE-2007-3482 | 2 Apple, Microsoft | 2 Safari, Windows Nt | 2008-11-14 | 7.8 HIGH | N/A |
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. | |||||
CVE-2004-1122 | 1 Apple | 1 Safari | 2008-09-10 | 7.5 HIGH | N/A |
Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314. | |||||
CVE-2003-0370 | 4 Apple, Kde, Redhat and 1 more | 6 Safari, Kde, Konqueror Embedded and 3 more | 2008-09-10 | 7.5 HIGH | N/A |
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. | |||||
CVE-2007-0644 | 1 Apple | 1 Safari | 2008-09-05 | 7.1 HIGH | N/A |
Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. | |||||
CVE-2006-6238 | 1 Apple | 1 Safari | 2008-09-05 | 5.0 MEDIUM | N/A |
The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077. | |||||
CVE-2005-4678 | 1 Apple | 1 Safari | 2008-09-05 | 5.0 MEDIUM | N/A |
Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-2594 | 1 Apple | 1 Safari | 2008-09-05 | 5.0 MEDIUM | N/A |
Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body. | |||||
CVE-2005-2517 | 1 Apple | 2 Mac Os X, Safari | 2008-09-05 | 2.6 LOW | N/A |
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site. | |||||
CVE-2005-2516 | 1 Apple | 2 Mac Os X, Safari | 2008-09-05 | 7.5 HIGH | N/A |
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands. | |||||
CVE-2005-2522 | 1 Apple | 2 Mac Os X, Safari | 2008-09-05 | 5.1 MEDIUM | N/A |
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file. | |||||
CVE-2005-2524 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2008-09-05 | 5.0 MEDIUM | N/A |
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site. | |||||
CVE-2005-0976 | 3 Apple, Hmdt, Omnigroup | 3 Safari, Shiira, Omniweb | 2008-09-05 | 5.0 MEDIUM | N/A |
AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs. | |||||
CVE-2003-0514 | 1 Apple | 1 Safari | 2008-09-05 | 7.5 HIGH | N/A |
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. |