Total
1594 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5858 | 1 Apple | 5 Iphone, Iphone Os, Ipod Touch and 2 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. | |||||
| CVE-2009-1708 | 1 Apple | 1 Safari | 2025-04-09 | 9.3 HIGH | N/A |
| Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call. | |||||
| CVE-2009-1681 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. | |||||
| CVE-2009-1682 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. | |||||
| CVE-2008-0298 | 1 Apple | 2 Mac Os X, Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. | |||||
| CVE-2009-1701 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute. | |||||
| CVE-2008-1026 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-1001 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. | |||||
| CVE-2009-2195 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers. | |||||
| CVE-2008-3644 | 1 Apple | 1 Safari | 2025-04-09 | 1.9 LOW | N/A |
| Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache. | |||||
| CVE-2007-2408 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
| WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. | |||||
| CVE-2007-2163 | 1 Apple | 1 Safari | 2025-04-09 | 5.0 MEDIUM | N/A |
| Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | |||||
| CVE-2008-2307 | 2 Apple, Microsoft | 5 Mac Os X, Safari, Windows and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. | |||||
| CVE-2007-6592 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. | |||||
| CVE-2009-1686 | 1 Apple | 1 Safari | 2025-04-09 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
| CVE-2009-4186 | 2 Apple, Microsoft | 2 Safari, Windows | 2025-04-09 | 9.3 HIGH | N/A |
| Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. | |||||
| CVE-2009-1714 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. | |||||
| CVE-2009-3271 | 1 Apple | 2 Iphone Os, Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element. | |||||
| CVE-2008-1025 | 1 Apple | 2 Safari, Webkit | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion. | |||||
| CVE-2007-2843 | 1 Apple | 1 Safari | 2025-04-09 | 10.0 HIGH | N/A |
| Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. | |||||