Apple

Safari

1582 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.6

CVE-2010-0650

Exploit
  • EPSS 1.57%
  • Veröffentlicht 18.02.2010 18:00:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.

4.3

CVE-2010-0651

  • EPSS 2.26%
  • Veröffentlicht 18.02.2010 18:00:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, whi...

5

CVE-2010-0314

Exploit
  • EPSS 7.85%
  • Veröffentlicht 14.01.2010 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].hre...

9.3

CVE-2009-4186

Exploit
  • EPSS 4.77%
  • Veröffentlicht 03.12.2009 17:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.

6.8

CVE-2009-2816

  • EPSS 2.15%
  • Veröffentlicht 13.11.2009 15:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight,...

5

CVE-2009-2841

  • EPSS 3.88%
  • Veröffentlicht 13.11.2009 15:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs f...

4.3

CVE-2009-2842

  • EPSS 0.83%
  • Veröffentlicht 13.11.2009 15:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.

9.3

CVE-2009-3384

  • EPSS 1.26%
  • Veröffentlicht 13.11.2009 15:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing ...

7.5

CVE-2009-3455

  • EPSS 0.16%
  • Veröffentlicht 29.09.2009 18:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a...

4.3

CVE-2009-3271

Exploit
  • EPSS 5.16%
  • Veröffentlicht 21.09.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.