Apple

Safari

1536 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2010-0047

  • EPSS 6.26%
  • Published 15.03.2010 13:28:25
  • Last modified 11.04.2025 00:51:21

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content."

9.3

CVE-2010-0048

  • EPSS 4.72%
  • Published 15.03.2010 13:28:25
  • Last modified 11.04.2025 00:51:21

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

5

CVE-2010-0924

Exploit
  • EPSS 0.48%
  • Published 03.03.2010 19:30:00
  • Last modified 11.04.2025 00:51:21

cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element...

5

CVE-2010-0925

Exploit
  • EPSS 0.48%
  • Published 03.03.2010 19:30:00
  • Last modified 11.04.2025 00:51:21

cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element...

2.6

CVE-2010-0650

Exploit
  • EPSS 1.57%
  • Published 18.02.2010 18:00:00
  • Last modified 11.04.2025 00:51:21

WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.

4.3

CVE-2010-0651

  • EPSS 2.26%
  • Published 18.02.2010 18:00:00
  • Last modified 11.04.2025 00:51:21

WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, whi...

5

CVE-2010-0314

Exploit
  • EPSS 7.85%
  • Published 14.01.2010 19:30:00
  • Last modified 09.04.2025 00:30:58

Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].hre...

9.3

CVE-2009-4186

Exploit
  • EPSS 4.77%
  • Published 03.12.2009 17:30:01
  • Last modified 09.04.2025 00:30:58

Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.

6.8

CVE-2009-2816

  • EPSS 2.15%
  • Published 13.11.2009 15:30:00
  • Last modified 09.04.2025 00:30:58

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight,...

5

CVE-2009-2841

  • EPSS 3.88%
  • Published 13.11.2009 15:30:00
  • Last modified 09.04.2025 00:30:58

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs f...