Apple

Safari

1622 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.21%
  • Veröffentlicht 14.07.2008 18:41:00
  • Zuletzt bearbeitet 16.06.2026 22:52:02

Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web site...

  • EPSS 12.99%
  • Veröffentlicht 14.07.2008 18:41:00
  • Zuletzt bearbeitet 16.06.2026 22:53:30

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an ...

  • EPSS 7.7%
  • Veröffentlicht 14.07.2008 18:41:00
  • Zuletzt bearbeitet 16.06.2026 22:53:32

WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ...

  • EPSS 3.81%
  • Veröffentlicht 23.06.2008 20:41:00
  • Zuletzt bearbeitet 16.06.2026 22:53:30

Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and exec...

  • EPSS 7.33%
  • Veröffentlicht 23.06.2008 20:41:00
  • Zuletzt bearbeitet 16.06.2026 22:53:30

Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary co...

  • EPSS 8.32%
  • Veröffentlicht 03.06.2008 15:32:00
  • Zuletzt bearbeitet 16.06.2026 22:53:57

Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downlo...

  • EPSS 1.3%
  • Veröffentlicht 02.06.2008 21:30:00
  • Zuletzt bearbeitet 16.06.2026 22:52:01

CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifi...

  • EPSS 1.41%
  • Veröffentlicht 28.04.2008 20:05:00
  • Zuletzt bearbeitet 16.06.2026 22:52:54

Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.

Exploit
  • EPSS 1.31%
  • Veröffentlicht 28.04.2008 20:05:00
  • Zuletzt bearbeitet 16.06.2026 22:52:54

Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.

Exploit
  • EPSS 1.94%
  • Veröffentlicht 28.04.2008 20:05:00
  • Zuletzt bearbeitet 16.06.2026 22:52:55

Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference.