Lucene search

K

39 matches found

CVE
CVE
added 2009/06/10 2:30 p.m.76 views

CVE-2009-1690

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupti...

9.3CVSS7.3AI score0.1222EPSS
CVE
CVE
added 2009/05/13 5:30 p.m.72 views

CVE-2009-0945

Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitra...

9.3CVSS7.7AI score0.11718EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.68 views

CVE-2009-1709

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG ...

9.3CVSS8.8AI score0.08085EPSS
CVE
CVE
added 2009/09/29 6:0 p.m.67 views

CVE-2009-3455

Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certi...

7.5CVSS5.7AI score0.01808EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.63 views

CVE-2009-1711

WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

9.3CVSS7.7AI score0.064EPSS
CVE
CVE
added 2009/11/13 3:30 p.m.63 views

CVE-2009-2841

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers...

5CVSS6.8AI score0.03879EPSS
CVE
CVE
added 2009/11/13 3:30 p.m.63 views

CVE-2009-2842

Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.

4.3CVSS5.9AI score0.00796EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.62 views

CVE-2009-1712

WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.

9.3CVSS7.4AI score0.04819EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.62 views

CVE-2009-1713

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.

7.1CVSS6.9AI score0.00861EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.61 views

CVE-2009-1687

The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption an...

9.3CVSS7.3AI score0.0736EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.61 views

CVE-2009-1714

Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.

4.3CVSS6.5AI score0.00648EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.59 views

CVE-2009-1694

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site i...

5.8CVSS6.9AI score0.00637EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.59 views

CVE-2009-1695

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transit...

4.3CVSS6.3AI score0.00573EPSS
CVE
CVE
added 2009/08/12 7:30 p.m.59 views

CVE-2009-2195

Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.

9.3CVSS8.7AI score0.2882EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.57 views

CVE-2009-1693

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."

5.8CVSS7AI score0.00573EPSS
CVE
CVE
added 2009/09/14 4:30 p.m.57 views

CVE-2009-2804

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.

6.8CVSS7.9AI score0.09194EPSS
CVE
CVE
added 2009/06/15 7:30 p.m.56 views

CVE-2009-2072

Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy serve...

5.4CVSS6.1AI score0.00041EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.55 views

CVE-2009-0162

Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.

4.3CVSS6.1AI score0.0195EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.55 views

CVE-2009-1697

CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks ...

4.3CVSS6.6AI score0.00192EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.54 views

CVE-2009-1681

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted...

4.3CVSS6.8AI score0.00261EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.54 views

CVE-2009-1684

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next lo...

4.3CVSS6.4AI score0.01963EPSS
CVE
CVE
added 2009/11/13 3:30 p.m.54 views

CVE-2009-3384

Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.

9.3CVSS7.3AI score0.01257EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.53 views

CVE-2009-1710

WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.

2.6CVSS7.8AI score0.00741EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.51 views

CVE-2009-1691

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript protot...

4.3CVSS6.2AI score0.00614EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.50 views

CVE-2009-1686

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or c...

9.3CVSS8AI score0.05858EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.49 views

CVE-2009-1718

WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.

7.1CVSS7.3AI score0.00661EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.48 views

CVE-2009-1703

WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document.

7.1CVSS7.6AI score0.00871EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.47 views

CVE-2009-1685

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document o...

4.3CVSS6.3AI score0.00614EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.46 views

CVE-2009-1688

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is...

4.3CVSS6.3AI score0.00614EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.46 views

CVE-2009-1715

Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges.

4.3CVSS6.6AI score0.02163EPSS
CVE
CVE
added 2009/06/15 7:30 p.m.46 views

CVE-2009-2062

Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

6.8CVSS6.6AI score0.00299EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.45 views

CVE-2009-1696

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.

5CVSS7.1AI score0.00953EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.44 views

CVE-2009-1689

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to sec...

4.3CVSS6.3AI score0.00614EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.42 views

CVE-2009-1716

CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.

2.1CVSS5.1AI score0.00104EPSS
CVE
CVE
added 2009/08/12 7:30 p.m.40 views

CVE-2009-2200

WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.

7.1CVSS7.5AI score0.00614EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.39 views

CVE-2009-1708

Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.

9.3CVSS7.1AI score0.03272EPSS
CVE
CVE
added 2009/06/15 7:30 p.m.39 views

CVE-2009-2066

Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, re...

6.8CVSS6.6AI score0.00299EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.38 views

CVE-2009-1704

CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.

9.3CVSS6.8AI score0.02364EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.35 views

CVE-2009-1682

Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.

4.3CVSS6.8AI score0.00387EPSS