| Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-2816 | 6.8 |
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight,
|
08-11-2021 - 21:43 | 13-11-2009 - 15:30 | |
| CVE-2009-3016 | 4.3 |
Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contain
|
19-09-2017 - 01:29 | 31-08-2009 - 16:30 | |
| CVE-2009-2842 | 4.3 |
Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.
|
19-09-2017 - 01:29 | 13-11-2009 - 15:30 | |
| CVE-2009-3384 | 9.3 |
Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing
|
19-09-2017 - 01:29 | 13-11-2009 - 15:30 |