National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:apple:safari:4.1
There are 805 matching records.
Displaying matches 801 through 805.
Vuln ID Summary CVSS Severity
CVE-2007-0646

Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.

Published: January 31, 2007; 07:28:00 PM -05:00
    V2: 7.1 HIGH
CVE-2007-0478

WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.

Published: January 24, 2007; 07:28:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2005-2516

Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.

Published: August 19, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2005-2517

Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.

Published: August 19, 2005; 12:00:00 AM -04:00
    V2: 2.6 LOW
CVE-2005-2522

Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.

Published: August 19, 2005; 12:00:00 AM -04:00
    V2: 5.1 MEDIUM