Safari
by Apple Inc.
CVEs (1,615)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-3185 | 0.00 | — | 0.02 | Jun 12, 2007 | Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. | |||
| CVE-2007-3187 | 0.00 | — | 0.03 | Jun 12, 2007 | Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original… | |||
| CVE-2007-2163 | 0.00 | — | 0.01 | Apr 22, 2007 | Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | |||
| CVE-2007-0478 | 0.00 | — | 0.02 | Jan 25, 2007 | WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an… | |||
| CVE-2006-6238 | 0.00 | — | 0.01 | Dec 3, 2006 | The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of… | |||
| CVE-2006-3946 | 0.00 | — | 0.05 | Jul 31, 2006 | WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally… | |||
| CVE-2006-3224 | 0.00 | — | 0.01 | Jun 26, 2006 | Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system… | |||
| CVE-2006-1457 | 0.00 | — | 0.02 | May 12, 2006 | Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink. | |||
| CVE-2006-1986 | 0.00 | — | 0.04 | Apr 21, 2006 | Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl. | |||
| CVE-2006-1987 | 0.00 | — | 0.04 | Apr 21, 2006 | Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher,… | |||
| CVE-2006-1988 | 0.00 | — | 0.02 | Apr 21, 2006 | The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in… | |||
| CVE-2006-1552 | 0.00 | — | 0.04 | Mar 31, 2006 | Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom". | |||
| CVE-2006-0388 | 0.00 | — | 0.01 | Mar 3, 2006 | Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources. | |||
| CVE-2005-4678 | 0.00 | — | 0.01 | Dec 31, 2005 | Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third… | |||
| CVE-2005-3702 | 0.00 | — | 0.02 | Dec 1, 2005 | Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name. | |||
| CVE-2005-3897 | 0.00 | — | 0.01 | Nov 29, 2005 | Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function. | |||
| CVE-2005-2524 | 0.00 | — | 0.01 | Oct 26, 2005 | Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site. | |||
| CVE-2005-2522 | 0.00 | — | 0.04 | Aug 19, 2005 | Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file. | |||
| CVE-2005-2517 | 0.00 | — | 0.01 | Aug 19, 2005 | Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site. | |||
| CVE-2005-2516 | 0.00 | — | 0.05 | Aug 19, 2005 | Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands. |
- CVE-2007-3185Jun 12, 2007risk 0.00cvss —epss 0.02
Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi.
- CVE-2007-3187Jun 12, 2007risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original…
- CVE-2007-2163Apr 22, 2007risk 0.00cvss —epss 0.01
Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
- CVE-2007-0478Jan 25, 2007risk 0.00cvss —epss 0.02
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an…
- CVE-2006-6238Dec 3, 2006risk 0.00cvss —epss 0.01
The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of…
- CVE-2006-3946Jul 31, 2006risk 0.00cvss —epss 0.05
WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally…
- CVE-2006-3224Jun 26, 2006risk 0.00cvss —epss 0.01
Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system…
- CVE-2006-1457May 12, 2006risk 0.00cvss —epss 0.02
Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink.
- CVE-2006-1986Apr 21, 2006risk 0.00cvss —epss 0.04
Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl.
- CVE-2006-1987Apr 21, 2006risk 0.00cvss —epss 0.04
Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher,…
- CVE-2006-1988Apr 21, 2006risk 0.00cvss —epss 0.02
The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in…
- CVE-2006-1552Mar 31, 2006risk 0.00cvss —epss 0.04
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
- CVE-2006-0388Mar 3, 2006risk 0.00cvss —epss 0.01
Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.
- CVE-2005-4678Dec 31, 2005risk 0.00cvss —epss 0.01
Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third…
- CVE-2005-3702Dec 1, 2005risk 0.00cvss —epss 0.02
Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name.
- CVE-2005-3897Nov 29, 2005risk 0.00cvss —epss 0.01
Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function.
- CVE-2005-2524Oct 26, 2005risk 0.00cvss —epss 0.01
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.
- CVE-2005-2522Aug 19, 2005risk 0.00cvss —epss 0.04
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
- CVE-2005-2517Aug 19, 2005risk 0.00cvss —epss 0.01
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.
- CVE-2005-2516Aug 19, 2005risk 0.00cvss —epss 0.05
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.
Page 80 of 81