Filtered by vendor Apple
Subscriptions
Filtered by product Safari
Subscriptions
Total
1466 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2005-2594 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body. | ||||
CVE-2013-1013 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors. | ||||
CVE-2013-0960 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2024-09-17 | N/A |
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961. | ||||
CVE-2003-0355 | 2 Apple, Kde | 2 Safari, Konqueror Embedded | 2024-09-17 | N/A |
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates. | ||||
CVE-2008-7296 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | ||||
CVE-2012-3697 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise. | ||||
CVE-2012-3694 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site. | ||||
CVE-2012-0678 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL. | ||||
CVE-2010-1420 | 2 Apple, Microsoft | 5 Cfnetwork, Safari, Windows 7 and 2 more | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file. | ||||
CVE-2012-3689 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
CVE-2008-5914 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
CVE-2010-5070 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073. | ||||
CVE-2010-0924 | 2 Apple, Microsoft | 2 Safari, Windows | 2024-09-17 | N/A |
cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element. | ||||
CVE-2011-0217 | 2 Apple, Microsoft | 6 Mac Os X, Mac Os X Server, Safari and 3 more | 2024-09-17 | N/A |
Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields. | ||||
CVE-2005-2524 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2024-09-17 | N/A |
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site. | ||||
CVE-2013-5130 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files. | ||||
CVE-2005-2517 | 1 Apple | 2 Mac Os X, Safari | 2024-09-17 | N/A |
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site. | ||||
CVE-2013-1023 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009. | ||||
CVE-2013-1009 | 1 Apple | 1 Safari | 2024-09-16 | N/A |
WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023. | ||||
CVE-2011-0214 | 2 Apple, Microsoft | 5 Cfnetwork, Safari, Windows 7 and 2 more | 2024-09-16 | N/A |
CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority. |