VYPR

Safari

by Apple Inc.

CVEs (1,615)

  • CVE-2010-1131Mar 27, 2010
    risk 0.03cvss epss 0.04

    JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the substring.

  • CVE-2009-3271Sep 21, 2009
    risk 0.03cvss epss 0.04

    Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.

  • CVE-2009-1724Jul 9, 2009
    risk 0.03cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top…

  • CVE-2009-0162May 13, 2009
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.

  • CVE-2009-1233Apr 2, 2009
    risk 0.03cvss epss 0.04

    Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.

  • CVE-2009-0321Jan 28, 2009
    risk 0.03cvss epss 0.02

    Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence.

  • CVE-2009-0070Jan 8, 2009
    risk 0.03cvss epss 0.03

    Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function,…

  • CVE-2008-5821Jan 2, 2009
    risk 0.03cvss epss 0.04

    Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.

  • CVE-2008-0298Jan 16, 2008
    risk 0.03cvss epss 0.03

    KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.

  • CVE-2007-5450Oct 14, 2007
    risk 0.03cvss epss 0.05

    Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.

  • CVE-2007-4812Sep 11, 2007
    risk 0.03cvss epss 0.03

    Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might…

  • CVE-2007-3284Jun 19, 2007
    risk 0.03cvss epss 0.03

    corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name.

  • CVE-2007-3186Jun 12, 2007
    risk 0.03cvss epss 0.05

    Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.

  • CVE-2007-2843May 24, 2007
    risk 0.03cvss epss 0.03

    Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed…

  • CVE-2007-2580May 9, 2007
    risk 0.03cvss epss 0.01

    Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script.

  • CVE-2007-0644Feb 1, 2007
    risk 0.03cvss epss 0.02

    Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit…

  • CVE-2006-6015Nov 21, 2006
    risk 0.03cvss epss 0.04

    Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.

  • CVE-2006-2019Apr 25, 2006
    risk 0.03cvss epss 0.04

    Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.

  • CVE-2005-3018Sep 21, 2005
    risk 0.03cvss epss 0.03

    Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL.

  • CVE-2005-2594Aug 17, 2005
    risk 0.03cvss epss 0.03

    Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body.

Page 43 of 81