ReportizFlow
Filtered by vendor Apple
Subscriptions
Filtered by product Safari
Subscriptions
Total
1613 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2580 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script. | ||||
| CVE-2008-1011 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame. | ||||
| CVE-2007-3376 | 2 Apple, Microsoft | 2 Safari, Windows Xp | 2026-04-23 | N/A |
| Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark. | ||||
| CVE-2007-2408 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. | ||||
| CVE-2008-0894 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420. | ||||
| CVE-2008-3623 | 2 Apple, Microsoft | 3 Safari, Windows, Windows Vista | 2026-04-23 | N/A |
| Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces. | ||||
| CVE-2009-0137 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues." | ||||
| CVE-2009-1718 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. | ||||
| CVE-2007-3718 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher. | ||||
| CVE-2007-4431 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking." | ||||
| CVE-2010-0314 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value. | ||||
| CVE-2007-4698 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. | ||||
| CVE-2007-3284 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. | ||||
| CVE-2009-1716 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. | ||||
| CVE-2007-3757 | 1 Apple | 3 Iphone, Iphone Os, Safari | 2026-04-23 | N/A |
| Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed. | ||||
| CVE-2007-0342 | 2 Apple, Omnigroup | 4 Mac Os X, Safari, Webkit and 1 more | 2026-04-23 | 7.5 High |
| WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. | ||||
| CVE-2009-1060 | 1 Apple | 2 Mac Os X, Safari | 2026-04-23 | N/A |
| Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009. | ||||
| CVE-2009-1706 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. | ||||
| CVE-2009-2842 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. | ||||
| CVE-2009-0744 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character. | ||||