VYPR

Safari

by Apple Inc.

CVEs (1,615)

  • CVE-2010-0051Mar 15, 2010
    risk 0.00cvss epss 0.03

    WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.

  • CVE-2010-0046Mar 15, 2010
    risk 0.00cvss epss 0.06

    The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.

  • CVE-2010-0045Mar 15, 2010
    risk 0.00cvss epss 0.04

    Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.

  • CVE-2010-0044Mar 15, 2010
    risk 0.00cvss epss 0.02

    PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.

  • CVE-2010-0043Mar 15, 2010
    risk 0.00cvss epss 0.06

    ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

  • CVE-2010-0042Mar 15, 2010
    risk 0.00cvss epss 0.03

    ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.

  • CVE-2010-0041Mar 15, 2010
    risk 0.00cvss epss 0.03

    ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.

  • CVE-2010-0925Mar 3, 2010
    risk 0.00cvss epss 0.01

    cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element.

  • CVE-2010-0924Mar 3, 2010
    risk 0.00cvss epss 0.01

    cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element.

  • CVE-2010-0651Feb 18, 2010
    risk 0.00cvss epss 0.02

    WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to…

  • CVE-2010-0650Feb 18, 2010
    risk 0.00cvss epss 0.02

    WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.

  • CVE-2009-3384Nov 13, 2009
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.

  • CVE-2009-2842Nov 13, 2009
    risk 0.00cvss epss 0.02

    Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.

  • CVE-2009-2841Nov 13, 2009
    risk 0.00cvss epss 0.03

    The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which…

  • CVE-2009-2816Nov 13, 2009
    risk 0.00cvss epss 0.02

    The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for…

  • CVE-2009-3455Sep 29, 2009
    risk 0.00cvss epss 0.01

    Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued…

  • CVE-2009-2804Sep 14, 2009
    risk 0.00cvss epss 0.04

    Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a…

  • CVE-2009-3016Aug 31, 2009
    risk 0.00cvss epss 0.01

    Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2)…

  • CVE-2009-2200Aug 12, 2009
    risk 0.00cvss epss 0.02

    WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.

  • CVE-2009-2199Aug 12, 2009
    risk 0.00cvss epss 0.03

    Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified…

Page 74 of 81