Apple

Safari

1536 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2009-2842

  • EPSS 0.83%
  • Published 13.11.2009 15:30:00
  • Last modified 09.04.2025 00:30:58

Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.

9.3

CVE-2009-3384

  • EPSS 1.26%
  • Published 13.11.2009 15:30:00
  • Last modified 09.04.2025 00:30:58

Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing ...

7.5

CVE-2009-3455

  • EPSS 0.16%
  • Published 29.09.2009 18:00:00
  • Last modified 09.04.2025 00:30:58

Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a...

4.3

CVE-2009-3271

Exploit
  • EPSS 2.01%
  • Published 21.09.2009 19:30:00
  • Last modified 09.04.2025 00:30:58

Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.

5

CVE-2009-3272

  • EPSS 4.44%
  • Published 21.09.2009 19:30:00
  • Last modified 09.04.2025 00:30:58

Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string com...

6.8

CVE-2009-2804

  • EPSS 9.19%
  • Published 14.09.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an ...

4.3

CVE-2009-3016

Exploit
  • EPSS 0.28%
  • Published 31.08.2009 16:30:07
  • Last modified 09.04.2025 00:30:58

Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contain...

9.3

CVE-2009-2195

  • EPSS 29.05%
  • Published 12.08.2009 19:30:00
  • Last modified 09.04.2025 00:30:58

Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.

5

CVE-2009-2196

  • EPSS 19.51%
  • Published 12.08.2009 19:30:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.

5.8

CVE-2009-2199

  • EPSS 1.42%
  • Published 12.08.2009 19:30:00
  • Last modified 09.04.2025 00:30:58

Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishi...