Filtered by vendor Apple
Subscriptions
Filtered by product Safari
Subscriptions
Total
1536 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2317 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2025-04-09 | N/A |
| WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590. | ||||
| CVE-2007-0646 | 1 Apple | 3 Imovie, Mac Os X, Safari | 2025-04-09 | N/A |
| Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function. | ||||
| CVE-2007-3482 | 2 Apple, Microsoft | 2 Safari, Windows Nt | 2025-04-09 | N/A |
| Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. | ||||
| CVE-2007-3186 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. | ||||
| CVE-2007-3185 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. | ||||
| CVE-2007-2580 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script. | ||||
| CVE-2007-2391 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. | ||||
| CVE-2007-2163 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | ||||
| CVE-2007-0644 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. | ||||
| CVE-2006-6238 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077. | ||||
| CVE-2008-3170 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. | ||||
| CVE-2008-1026 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2025-04-09 | N/A |
| Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. | ||||
| CVE-2008-1024 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2025-04-09 | N/A |
| Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. | ||||
| CVE-2008-3171 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | ||||
| CVE-2008-3529 | 5 Apple, Canonical, Debian and 2 more | 7 Iphone Os, Mac Os X, Safari and 4 more | 2025-04-09 | N/A |
| Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | ||||
| CVE-2008-3623 | 2 Apple, Microsoft | 3 Safari, Windows, Windows Vista | 2025-04-09 | N/A |
| Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces. | ||||
| CVE-2008-3644 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache. | ||||
| CVE-2008-4216 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files." | ||||
| CVE-2008-5914 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2009-0070 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307. | ||||