Apple

Safari

1536 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2009-1712

Exploit
  • EPSS 4.82%
  • Veröffentlicht 10.06.2009 18:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.

7.1

CVE-2009-1713

Exploit
  • EPSS 0.86%
  • Veröffentlicht 10.06.2009 18:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.

4.3

CVE-2009-1714

Exploit
  • EPSS 0.65%
  • Veröffentlicht 10.06.2009 18:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML at...

4.3

CVE-2009-1715

Exploit
  • EPSS 2.16%
  • Veröffentlicht 10.06.2009 18:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect ...

2.1

CVE-2009-1716

Exploit
  • EPSS 0.1%
  • Veröffentlicht 10.06.2009 18:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.

7.1

CVE-2009-1718

Exploit
  • EPSS 0.66%
  • Veröffentlicht 10.06.2009 18:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.

4.3

CVE-2009-1681

Exploit
  • EPSS 0.26%
  • Veröffentlicht 10.06.2009 14:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy...

4.3

CVE-2009-1682

Exploit
  • EPSS 0.39%
  • Veröffentlicht 10.06.2009 14:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.

4.3

CVE-2009-1684

Exploit
  • EPSS 1.96%
  • Veröffentlicht 10.06.2009 14:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that trigge...

4.3

CVE-2009-1685

Exploit
  • EPSS 0.61%
  • Veröffentlicht 10.06.2009 14:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.impl...