Vulnerabilities (CVE)

Vendor filter

Apple Subscribe

Product filter

Safari Subscribe

Filter

1022 total CVE
CVE Vendors Products Updated CVSS
CVE-2009-1704 1 Apple 1 Safari 2009-06-19 9.3
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.
CVE-2009-1682 1 Apple 1 Safari 2009-06-19 4.3
Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.
CVE-2009-1705 1 Apple 1 Safari 2009-06-13 9.3
CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and...
CVE-2008-5914 1 Apple 1 Safari 2009-01-23 2.1
An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a...
CVE-2007-4431 1 Apple 1 Safari 2008-11-15 6.8
Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic...
CVE-2007-3718 1 Apple 1 Safari 2008-11-15 7.5
Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher.
CVE-2007-2843 1 Apple 1 Safari 2008-11-15 10.0
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably...
CVE-2007-3482 1 Apple 1 Safari 2008-11-15 7.8
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets...
CVE-2004-1122 1 Apple 1 Safari 2008-09-10 7.5
Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different...
CVE-2003-0370 4 Turbolinux, Kde, Apple and 1 more 6 Konqueror Embedded, Kde, Linux and 3 more 2008-09-10 7.5
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
CVE-2007-0644 1 Apple 1 Safari 2008-09-05 7.1
Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2)...
CVE-2006-6238 1 Apple 1 Safari 2008-09-05 5.0
The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input...
CVE-2005-4678 1 Apple 1 Safari 2008-09-05 5.0
Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the...
CVE-2005-2594 1 Apple 1 Safari 2008-09-05 5.0
Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body.
CVE-2005-2524 1 Apple 3 Mac Os X, Safari, Mac Os X Server 2008-09-05 5.0
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.
CVE-2005-2522 1 Apple 2 Mac Os X, Safari 2008-09-05 5.1
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
CVE-2005-2517 1 Apple 2 Mac Os X, Safari 2008-09-05 2.6
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.
CVE-2005-2516 1 Apple 2 Mac Os X, Safari 2008-09-05 7.5
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.
CVE-2005-0976 3 Omnigroup, Apple, Hmdt 3 Shiira, Safari, Omniweb 2008-09-05 5.0
AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted...
CVE-2003-0514 1 Apple 1 Safari 2008-09-05 7.5
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL...