Apple

Safari

1536 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-1580

  • EPSS 0.19%
  • Published 02.06.2008 21:30:00
  • Last modified 09.04.2025 00:30:58

CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifi...

5

CVE-2008-1999

  • EPSS 0.52%
  • Published 28.04.2008 20:05:00
  • Last modified 09.04.2025 00:30:58

Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.

4.3

CVE-2008-2000

Exploit
  • EPSS 0.69%
  • Published 28.04.2008 20:05:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.

4.3

CVE-2008-2001

Exploit
  • EPSS 0.84%
  • Published 28.04.2008 20:05:00
  • Last modified 09.04.2025 00:30:58

Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference.

6.8

CVE-2008-1024

  • EPSS 2.4%
  • Published 17.04.2008 19:05:00
  • Last modified 09.04.2025 00:30:58

Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption.

4.3

CVE-2008-1025

  • EPSS 1.13%
  • Published 17.04.2008 19:05:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.

6.8

CVE-2008-1026

  • EPSS 5.27%
  • Published 17.04.2008 19:05:00
  • Last modified 09.04.2025 00:30:58

Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition ...

4.3

CVE-2008-1001

  • EPSS 0.47%
  • Published 19.03.2008 00:44:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.

4.3

CVE-2008-1002

  • EPSS 1.92%
  • Published 19.03.2008 00:44:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL.

4.3

CVE-2008-1003

  • EPSS 0.98%
  • Published 19.03.2008 00:44:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same docume...