Apple

Safari

1536 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-1580

  • EPSS 0.19%
  • Veröffentlicht 02.06.2008 21:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifi...

5

CVE-2008-1999

  • EPSS 0.52%
  • Veröffentlicht 28.04.2008 20:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.

4.3

CVE-2008-2000

Exploit
  • EPSS 0.69%
  • Veröffentlicht 28.04.2008 20:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.

4.3

CVE-2008-2001

Exploit
  • EPSS 0.84%
  • Veröffentlicht 28.04.2008 20:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference.

6.8

CVE-2008-1024

  • EPSS 2.4%
  • Veröffentlicht 17.04.2008 19:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption.

4.3

CVE-2008-1025

  • EPSS 1.13%
  • Veröffentlicht 17.04.2008 19:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.

6.8

CVE-2008-1026

  • EPSS 5.27%
  • Veröffentlicht 17.04.2008 19:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition ...

4.3

CVE-2008-1001

  • EPSS 0.47%
  • Veröffentlicht 19.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.

4.3

CVE-2008-1002

  • EPSS 1.92%
  • Veröffentlicht 19.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL.

4.3

CVE-2008-1003

  • EPSS 0.98%
  • Veröffentlicht 19.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same docume...