Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:apple:safari:2.0.4:-:mac:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2007-0646 |
Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function. Published: January 31, 2007; 7:28:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2007-0478 |
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. Published: January 24, 2007; 7:28:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2006-6238 |
The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077. Published: December 03, 2006; 2:28:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-3946 |
WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. Published: July 31, 2006; 7:04:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-2516 |
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands. Published: August 19, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-2517 |
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site. Published: August 19, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.6 LOW |
CVE-2005-2522 |
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file. Published: August 19, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.1 MEDIUM |