Safari

safari

Vendor: Apple • 1,598 CVEs

CVEs (1,598)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-2163 1Apple 1Safari Apr 23, 2026 Apr 22, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
CVE-2007-0646 1Apple 3Imovie Mac Os XSafari Apr 23, 2026 Feb 1, 2007 N/A· v4 N/A· v3 7.1 HIGH· v2 Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, wh...Show more Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.Show less
CVE-2007-0644 1Apple 1Safari Apr 23, 2026 Feb 1, 2007 N/A· v4 N/A· v3 7.1 HIGH· v2 Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling th...Show more Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.Show less
CVE-2007-0478 1Apple 2Safari Webcore Apr 23, 2026 Jan 25, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS pr...Show more WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.Show less
CVE-2007-0342 2Apple Omnigroup 4Mac Os X OmniwebSafari+1 more Apr 23, 2026 Jan 18, 2007 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash...Show more WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.Show less
CVE-2006-6238 1Apple 1Safari Apr 23, 2026 Dec 3, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames a...Show more The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077.Show less
CVE-2006-3946 1Apple 2Mac Os X Safari Apr 16, 2026 Jul 31, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebK...Show more WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag.Show less
CVE-2006-3372 1Apple 1Safari Apr 16, 2026 Jul 6, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference.
CVE-2006-3224 1Apple 1Safari Apr 16, 2026 Jun 26, 2006 N/A· v4 N/A· v3 5.4 MEDIUM· v2 Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability,...Show more Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of Safari itself.Show less
CVE-2006-2019 1Apple 1Safari Apr 16, 2026 Apr 25, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.
CVE-2006-1988 1Apple 1Safari Apr 16, 2026 Apr 21, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list i...Show more The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE.Show less
CVE-2006-1987 1Apple 1Safari Apr 16, 2026 Apr 21, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no...Show more Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which vector is responsible.Show less
CVE-2006-1986 1Apple 1Safari Apr 16, 2026 Apr 21, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl.
CVE-2006-1985 1Apple 3Mac Os X Mac Os X ServerSafari Apr 16, 2026 Apr 21, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains...Show more Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.Show less
CVE-2006-1552 1Apple 4Imageio Mac Os XMac Os X Server+1 more Apr 16, 2026 Mar 31, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-...Show more Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".Show less
CVE-2005-4678 1Apple 1Safari Apr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this informat...Show more Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2005-4504 1Apple 4Mac Os X Mac Os X ServerSafari+1 more Apr 16, 2026 Dec 22, 2005 N/A· v4 N/A· v3 7.8 HIGH· v2 The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and applica...Show more The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.Show less
CVE-2005-3897 1Apple 1Safari Apr 16, 2026 Nov 29, 2005 N/A· v4 N/A· v3 7.8 HIGH· v2 Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function.
CVE-2005-2524 1Apple 3Mac Os X Mac Os X ServerSafari Apr 16, 2026 Oct 26, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.
CVE-2005-3018 1Apple 1Safari Apr 16, 2026 Sep 21, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL.

Previous 1...76 77 787980 Next