Vulnerabilities > Apple > Safari > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-12 | CVE-2009-2200 | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. | 7.1 |
2009-06-19 | CVE-2009-1692 | Resource Management Errors vulnerability in Apple Iphone OS, Ipod Touch and Safari WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object. | 7.1 |
2009-06-10 | CVE-2009-2027 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. | 7.2 |
2009-06-10 | CVE-2009-1718 | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. | 7.1 |
2009-06-10 | CVE-2009-1713 | Information Exposure vulnerability in Apple Safari The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors. | 7.1 |
2009-06-10 | CVE-2009-1703 | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document. | 7.1 |
2009-06-10 | CVE-2009-1699 | XXE vulnerability in multiple products The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack." | 7.5 |
2009-04-17 | CVE-2009-0946 | Integer Overflow OR Wraparound vulnerability in multiple products Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. | 7.5 |
2009-01-15 | CVE-2009-0123 | Information Exposure vulnerability in Apple Safari Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. | 7.1 |
2007-11-15 | CVE-2007-4699 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. | 7.5 |