Apple

Safari

1574 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-1006

  • EPSS 0.84%
  • Veröffentlicht 19.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.

4.3

CVE-2008-1007

  • EPSS 0.95%
  • Veröffentlicht 19.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

4.3

CVE-2008-1008

  • EPSS 0.84%
  • Veröffentlicht 19.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.

4.3

CVE-2008-1009

  • EPSS 0.84%
  • Veröffentlicht 19.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.

6.8

CVE-2008-1010

  • EPSS 6.72%
  • Veröffentlicht 19.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.

4.3

CVE-2008-1011

  • EPSS 2.16%
  • Veröffentlicht 19.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame.

6.8

CVE-2008-0894

  • EPSS 0.75%
  • Veröffentlicht 21.02.2008 21:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420.

4.3

CVE-2008-0298

Exploit
  • EPSS 6.67%
  • Veröffentlicht 16.01.2008 23:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.

6.8

CVE-2008-0035

  • EPSS 29.26%
  • Veröffentlicht 16.01.2008 02:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary co...

4.3

CVE-2007-6592

  • EPSS 0.15%
  • Veröffentlicht 28.12.2007 21:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attacke...