Apple

Safari

1563 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-1007

  • EPSS 0.95%
  • Veröffentlicht 19.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

4.3

CVE-2008-1008

  • EPSS 0.84%
  • Veröffentlicht 19.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.

4.3

CVE-2008-1009

  • EPSS 0.84%
  • Veröffentlicht 19.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.

6.8

CVE-2008-1010

  • EPSS 6.72%
  • Veröffentlicht 19.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.

4.3

CVE-2008-1011

  • EPSS 2.16%
  • Veröffentlicht 19.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame.

6.8

CVE-2008-0894

  • EPSS 0.67%
  • Veröffentlicht 21.02.2008 21:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420.

4.3

CVE-2008-0298

Exploit
  • EPSS 6.67%
  • Veröffentlicht 16.01.2008 23:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.

6.8

CVE-2008-0035

  • EPSS 29.26%
  • Veröffentlicht 16.01.2008 02:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary co...

4.3

CVE-2007-6592

  • EPSS 0.15%
  • Veröffentlicht 28.12.2007 21:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attacke...

4.3

CVE-2007-5858

  • EPSS 1.03%
  • Veröffentlicht 19.12.2007 21:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) atta...