Safari

safari

Vendor: Apple • 1,598 CVEs

CVEs (1,598)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-5914 1Apple 1Safari Apr 23, 2026 Jan 20, 2009 N/A· v4 N/A· v3 2.1 LOW· v2 An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user...Show more An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.Show less
CVE-2009-0123 1Apple 1Safari Apr 23, 2026 Jan 15, 2009 N/A· v4 N/A· v3 7.1 HIGH· v2 Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, an...Show more Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.Show less
CVE-2009-0070 1Apple 1Safari Apr 23, 2026 Jan 8, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array...Show more Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307.Show less
CVE-2008-5821 1Apple 1Safari Apr 23, 2026 Jan 2, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY elem...Show more Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.Show less
CVE-2008-4233 1Apple 2Iphone Os Safari Apr 23, 2026 Nov 25, 2008 N/A· v4 N/A· v3 2.6 LOW· v2 Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbit...Show more Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.Show less
CVE-2008-4232 1Apple 2Iphone Os Safari Apr 23, 2026 Nov 25, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interfac...Show more Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.Show less
CVE-2008-4231 1Apple 2Iphone Os Safari Apr 23, 2026 Nov 25, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (m...Show more Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.Show less
CVE-2008-4216 1Apple 1Safari Apr 23, 2026 Nov 17, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files."
CVE-2008-3644 1Apple 1Safari Apr 23, 2026 Nov 17, 2008 N/A· v4 N/A· v3 1.9 LOW· v2 Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
CVE-2008-3623 1Apple 1Safari Apr 23, 2026 Nov 17, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cau...Show more Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces.Show less
CVE-2008-3950 1Apple 3Iphone Ipod TouchSafari Apr 23, 2026 Sep 16, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service...Show more Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.Show less
CVE-2008-3529 4Apple CanonicalDebian+1 more 6Debian Linux Iphone OsLibxml2+3 more Apr 23, 2026 Sep 12, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML enti...Show more Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.Show less
CVE-2008-3281 7Apple CanonicalDebian+4 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+8 more Apr 23, 2026 Aug 27, 2008 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafte...Show more libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.Show less
CVE-2008-3171 1Apple 1Safari Apr 23, 2026 Jul 14, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
CVE-2008-3170 1Apple 1Safari Apr 23, 2026 Jul 14, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka...Show more Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867.Show less
CVE-2008-2317 1Apple 1Safari Apr 23, 2026 Jul 14, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application...Show more WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590.Show less
CVE-2008-2303 1Apple 1Safari Apr 23, 2026 Jul 14, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript...Show more Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.Show less
CVE-2008-1589 1Apple 1Safari Apr 23, 2026 Jul 14, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remo...Show more Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.Show less
CVE-2008-1588 1Apple 1Safari Apr 23, 2026 Jul 14, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL.
CVE-2008-2307 1Apple 1Safari Apr 23, 2026 Jun 23, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application...Show more Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.Show less

Previous 1...747576...80 Next