Safari

safari

Vendor: Apple • 1,598 CVEs

CVEs (1,598)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-2199 1Apple 2Iphone Os Safari Apr 23, 2026 Aug 12, 2009 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URL...Show more Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.Show less
CVE-2009-2196 2Apple Microsoft 5Mac Os X Mac Os X ServerSafari+2 more Apr 23, 2026 Aug 12, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.
CVE-2009-2195 1Apple 1Safari Apr 23, 2026 Aug 12, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.
CVE-2009-2416 11Apple CanonicalDebian+8 more 19Chrome Debian LinuxEnterprise Linux+16 more Apr 23, 2026 Aug 11, 2009 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notatio...Show more Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.Show less
CVE-2009-1725 1Apple 3Iphone Os Ipod TouchSafari Apr 23, 2026 Jul 9, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not pro...Show more WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.Show less
CVE-2009-1724 1Apple 3Iphone Os Ipod TouchSafari Apr 23, 2026 Jul 9, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary we...Show more Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.Show less
CVE-2009-2421 1Apple 1Safari Apr 23, 2026 Jul 9, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary co...Show more The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol.Show less
CVE-2009-2420 1Apple 1Safari Apr 23, 2026 Jul 9, 2009 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors in...Show more Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703.Show less
CVE-2009-2419 1Apple 1Safari Apr 23, 2026 Jul 9, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary...Show more Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload function. NOTE: some of these details are obtained from third party information.Show less
CVE-2009-1692 1Apple 3Iphone Os Ipod TouchSafari Apr 23, 2026 Jun 19, 2009 N/A· v4 N/A· v3 7.1 HIGH· v2 WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or devi...Show more WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.Show less
CVE-2009-2072 1Apple 1Safari Apr 23, 2026 Jun 15, 2009 N/A· v4 N/A· v3 5.4 MEDIUM· v2 Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx o...Show more Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server.Show less
CVE-2009-2066 1Apple 1Safari Apr 23, 2026 Jun 15, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http pa...Show more Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."Show less
CVE-2009-2062 1Apple 1Safari Apr 23, 2026 Jun 15, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this C...Show more Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.Show less
CVE-2009-2058 1Apple 1Safari Apr 23, 2026 Jun 15, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitr...Show more Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.Show less
CVE-2009-2027 1Apple 1Safari Apr 23, 2026 Jun 10, 2009 N/A· v4 N/A· v3 7.2 HIGH· v2 The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression...Show more The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method.Show less
CVE-2009-1718 1Apple 1Safari Apr 23, 2026 Jun 10, 2009 N/A· v4 N/A· v3 7.1 HIGH· v2 WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.
CVE-2009-1716 1Apple 1Safari Apr 23, 2026 Jun 10, 2009 N/A· v4 N/A· v3 2.1 LOW· v2 CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.
CVE-2009-1715 1Apple 1Safari Apr 23, 2026 Jun 10, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to sc...Show more Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges.Show less
CVE-2009-1714 1Apple 1Safari Apr 23, 2026 Jun 10, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to th...Show more Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.Show less
CVE-2009-1713 1Apple 1Safari Apr 23, 2026 Jun 10, 2009 N/A· v4 N/A· v3 7.1 HIGH· v2 The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones v...Show more The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.Show less

Previous 1...717273...80 Next