Vulnerabilities > Apple > Safari
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-18 | CVE-2007-0342 | Resource Management Errors vulnerability in multiple products WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. | 4.3 |
| 2006-12-03 | CVE-2006-6238 | Unspecified vulnerability in Apple Safari 2.0.4 The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077. | 5.0 |
| 2006-07-31 | CVE-2006-3946 | Buffer Errors vulnerability in Apple mac OS X and Safari WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. | 7.5 |
| 2006-07-06 | CVE-2006-3372 | Denial Of Service vulnerability in Apple Safari 2.0.4419.3 Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference. | 5.0 |
| 2006-06-26 | CVE-2006-3224 | Denial-Of-Service vulnerability in Apple Safari 2.0.3417.9.3 Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. | 5.4 |
| 2006-04-25 | CVE-2006-2019 | Denial Of Service vulnerability in Apple Safari Web Browser Rowspan Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute. | 5.0 |
| 2006-04-21 | CVE-2006-1988 | Multiple Security vulnerability in Apple Mac OS X The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE. | 5.0 |
| 2006-04-21 | CVE-2006-1987 | Multiple Security vulnerability in Apple Mac OS X Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. | 7.5 |
| 2006-04-21 | CVE-2006-1986 | Multiple Security vulnerability in Apple Mac OS X Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl. | 7.5 |
| 2006-04-21 | CVE-2006-1985 | Buffer Errors vulnerability in Apple mac OS X, mac OS X Server and Safari Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function. | 5.1 |