VYPR

Safari

by Apple Inc.

CVEs (1,615)

  • CVE-2008-1004Mar 19, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.

  • CVE-2008-1005Mar 19, 2008
    risk 0.00cvss epss 0.00

    WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.

  • CVE-2008-1011Mar 19, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame.

  • CVE-2008-1006Mar 19, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.

  • CVE-2008-1007Mar 19, 2008
    risk 0.00cvss epss 0.03

    WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

  • CVE-2008-1008Mar 19, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.

  • CVE-2008-1010Mar 19, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.

  • CVE-2008-1001Mar 19, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.

  • CVE-2008-1002Mar 19, 2008
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL.

  • CVE-2008-1009Mar 19, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.

  • CVE-2008-0894Feb 21, 2008
    risk 0.00cvss epss 0.01

    Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420.

  • CVE-2008-0035Jan 16, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that…

  • CVE-2007-6592Dec 28, 2007
    risk 0.00cvss epss 0.01

    Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into…

  • CVE-2007-5859Dec 19, 2007
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.

  • CVE-2007-5858Dec 19, 2007
    risk 0.00cvss epss 0.03

    WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive…

  • CVE-2007-4701Nov 15, 2007
    risk 0.00cvss epss 0.00

    WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.

  • CVE-2007-4699Nov 15, 2007
    risk 0.00cvss epss 0.02

    The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.

  • CVE-2007-4694Nov 15, 2007
    risk 0.00cvss epss 0.02

    Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.

  • CVE-2007-4698Nov 15, 2007
    risk 0.00cvss epss 0.02

    Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.

  • CVE-2007-4692Nov 15, 2007
    risk 0.00cvss epss 0.02

    The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for…

Page 78 of 81