VYPR

Safari

by Apple Inc.

CVEs (1,615)

  • CVE-2010-1179Mar 29, 2010
    risk 0.04cvss epss 0.09

    Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to…

  • CVE-2010-1177Mar 29, 2010
    risk 0.04cvss epss 0.07

    Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings.

  • CVE-2010-1176Mar 29, 2010
    risk 0.04cvss epss 0.09

    Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a…

  • CVE-2010-1029Mar 19, 2010
    risk 0.04cvss epss 0.10

    Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly…

  • CVE-2010-0049Mar 15, 2010
    risk 0.04cvss epss 0.11

    Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.

  • CVE-2010-0314Jan 14, 2010
    risk 0.04cvss epss 0.07

    Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.

  • CVE-2009-4186Dec 3, 2009
    risk 0.04cvss epss 0.07

    Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.

  • CVE-2009-3272Sep 21, 2009
    risk 0.04cvss epss 0.06

    Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.

  • CVE-2009-2195Aug 12, 2009
    risk 0.04cvss epss 0.13

    Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.

  • CVE-2009-2419Jul 9, 2009
    risk 0.04cvss epss 0.09

    Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a…

  • CVE-2009-1684Jun 10, 2009
    risk 0.04cvss epss 0.09

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the…

  • CVE-2009-0744Feb 27, 2009
    risk 0.04cvss epss 0.07

    Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or…

  • CVE-2008-3950Sep 16, 2008
    risk 0.04cvss epss 0.07

    Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an…

  • CVE-2008-2303Jul 14, 2008
    risk 0.04cvss epss 0.13

    Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a…

  • CVE-2007-0646Feb 1, 2007
    risk 0.04cvss epss 0.10

    Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the…

  • CVE-2006-3372Jul 6, 2006
    risk 0.04cvss epss 0.09

    Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference.

  • CVE-2006-1985Apr 21, 2006
    risk 0.04cvss epss 0.14

    Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop…

  • CVE-2005-4504Dec 22, 2005
    risk 0.04cvss epss 0.12

    The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute…

  • CVE-2012-5851Nov 15, 2012
    risk 0.03cvss epss 0.02

    html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a…

  • CVE-2011-0167Mar 11, 2011
    risk 0.03cvss epss 0.03

    The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.

Page 42 of 81