Lucene search

K

6 matches found

CVE
CVE
added 2008/04/17 7:5 p.m.53 views

CVE-2008-1025

Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.

4.3CVSS5.2AI score0.01125EPSS
CVE
CVE
added 2008/04/28 8:5 p.m.48 views

CVE-2008-2001

Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference.

4.3CVSS6.3AI score0.00844EPSS
CVE
CVE
added 2008/04/17 7:5 p.m.43 views

CVE-2008-1024

Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption.

6.8CVSS7.5AI score0.02584EPSS
CVE
CVE
added 2008/04/28 8:5 p.m.39 views

CVE-2008-1999

Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.

5CVSS6AI score0.00516EPSS
CVE
CVE
added 2008/04/17 7:5 p.m.37 views

CVE-2008-1026

Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overfl...

6.8CVSS7.5AI score0.04448EPSS
CVE
CVE
added 2008/04/28 8:5 p.m.31 views

CVE-2008-2000

Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.

4.3CVSS6.4AI score0.00694EPSS