Filtered by vendor Apple
Subscriptions
Filtered by product Safari
Subscriptions
Total
1454 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2522 | 1 Apple | 2 Mac Os X, Safari | 2022-10-03 | N/A |
| Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file. | ||||
| CVE-2005-2517 | 1 Apple | 2 Mac Os X, Safari | 2022-10-03 | N/A |
| Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site. | ||||
| CVE-2005-4678 | 1 Apple | 1 Safari | 2022-10-03 | N/A |
| Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6238 | 1 Apple | 1 Safari | 2022-10-03 | N/A |
| The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077. | ||||
| CVE-2010-0924 | 2 Apple, Microsoft | 2 Safari, Windows | 2022-10-03 | N/A |
| cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element. | ||||
| CVE-2010-0925 | 2 Apple, Microsoft | 2 Safari, Windows | 2022-10-03 | N/A |
| cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element. | ||||
| CVE-2010-5070 | 1 Apple | 1 Safari | 2022-10-03 | N/A |
| The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073. | ||||
| CVE-2010-1131 | 2 Apple, Microsoft | 2 Safari, Windows Xp | 2022-10-03 | N/A |
| JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring. | ||||
| CVE-2010-1120 | 1 Apple | 2 Mac Os X, Safari | 2022-10-03 | N/A |
| Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010. | ||||
| CVE-2010-1383 | 2 Apple, Microsoft | 5 Cfnetwork, Safari, Windows 7 and 2 more | 2022-10-03 | N/A |
| CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue. | ||||
| CVE-2010-1420 | 2 Apple, Microsoft | 5 Cfnetwork, Safari, Windows 7 and 2 more | 2022-10-03 | N/A |
| Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file. | ||||
| CVE-2010-1177 | 1 Apple | 2 Iphone Os, Safari | 2022-10-03 | N/A |
| Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings. | ||||
| CVE-2003-0355 | 2 Apple, Kde | 2 Safari, Konqueror Embedded | 2022-10-03 | N/A |
| Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates. | ||||
| CVE-2012-0678 | 1 Apple | 1 Safari | 2022-10-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL. | ||||
| CVE-2012-0679 | 1 Apple | 1 Safari | 2022-10-03 | N/A |
| Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL. | ||||
| CVE-2012-2647 | 3 Apple, Google, Yahoo | 3 Safari, Chrome, Toolbar | 2022-10-03 | N/A |
| Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. | ||||
| CVE-2012-3690 | 1 Apple | 1 Safari | 2022-10-03 | N/A |
| WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site. | ||||
| CVE-2012-3689 | 1 Apple | 1 Safari | 2022-10-03 | N/A |
| WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| CVE-2012-3694 | 1 Apple | 1 Safari | 2022-10-03 | N/A |
| WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site. | ||||
| CVE-2011-0244 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2022-10-03 | N/A |
| WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds. | ||||