Total
1524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1682 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. | |||||
| CVE-2008-0035 | 1 Apple | 5 Iphone, Iphone Os, Ipod Touch and 2 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. | |||||
| CVE-2009-3455 | 1 Apple | 1 Safari | 2025-04-09 | 7.5 HIGH | N/A |
| Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2009-2195 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers. | |||||
| CVE-2008-4231 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | 9.3 HIGH | N/A |
| Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
| CVE-2009-2816 | 4 Apple, Fedoraproject, Google and 1 more | 5 Iphone Os, Safari, Fedora and 2 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. | |||||
| CVE-2008-1009 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object. | |||||
| CVE-2009-2842 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. | |||||
| CVE-2007-4431 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking." | |||||
| CVE-2008-1024 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2025-04-09 | 6.8 MEDIUM | N/A |
| Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. | |||||
| CVE-2009-1060 | 1 Apple | 2 Mac Os X, Safari | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009. | |||||
| CVE-2007-3284 | 1 Apple | 1 Safari | 2025-04-09 | 7.8 HIGH | N/A |
| corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. | |||||
| CVE-2009-1725 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
| CVE-2009-1600 | 2 Adobe, Apple | 2 Acrobat Reader, Safari | 2025-04-09 | 9.3 HIGH | N/A |
| Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." | |||||
| CVE-2009-1693 | 1 Apple | 1 Safari | 2025-04-09 | 5.8 MEDIUM | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." | |||||
| CVE-2009-2416 | 11 Apple, Canonical, Debian and 8 more | 19 Iphone Os, Mac Os X, Mac Os X Server and 16 more | 2025-04-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | |||||
| CVE-2008-2303 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
| Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307. | |||||
| CVE-2007-4812 | 1 Apple | 1 Safari | 2025-04-09 | 5.0 MEDIUM | N/A |
| Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method. | |||||
| CVE-2008-1010 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript. | |||||
| CVE-2009-1699 | 3 Apple, Canonical, Opensuse | 4 Iphone Os, Safari, Ubuntu Linux and 1 more | 2025-04-09 | 7.1 HIGH | 7.5 HIGH |
| The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack." | |||||