Max CVSS 9.3 Min CVSS 1.2 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2009-1690 9.3
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary c
26-09-2019 - 17:05 10-06-2009 - 14:30
CVE-2009-1701 9.3
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of
10-10-2018 - 19:38 10-06-2009 - 18:00
CVE-2009-1698 9.3
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which a
10-10-2018 - 19:37 10-06-2009 - 18:00
CVE-2009-1709 9.3
Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG an
03-10-2018 - 22:00 10-06-2009 - 18:00
CVE-2009-1687 9.3
The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code o
29-09-2017 - 01:34 10-06-2009 - 14:30
CVE-2009-1699 7.1
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files
29-09-2017 - 01:34 10-06-2009 - 18:00
CVE-2009-1710 2.6
WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.
17-08-2017 - 01:30 10-06-2009 - 18:00
CVE-2009-1711 9.3
WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
17-08-2017 - 01:30 10-06-2009 - 18:00
CVE-2009-1712 9.3
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.
17-08-2017 - 01:30 10-06-2009 - 18:00
CVE-2009-1713 7.1
The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.
17-08-2017 - 01:30 10-06-2009 - 18:00
CVE-2009-1714 4.3
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML at
17-08-2017 - 01:30 10-06-2009 - 18:00
CVE-2009-1700 4.3
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages v
30-03-2012 - 04:00 10-06-2009 - 18:00
CVE-2009-1702 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper
30-03-2012 - 04:00 10-06-2009 - 18:00
CVE-2009-1681 4.3
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy
17-02-2011 - 06:43 10-06-2009 - 14:30
CVE-2009-1684 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that trigge
17-02-2011 - 06:43 10-06-2009 - 14:30
CVE-2009-1685 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.impl
17-02-2011 - 06:43 10-06-2009 - 14:30
CVE-2009-1686 9.3
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allow
17-02-2011 - 06:43 10-06-2009 - 14:30
CVE-2009-1688 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determini
17-02-2011 - 06:43 10-06-2009 - 14:30
CVE-2009-1689 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission
17-02-2011 - 06:43 10-06-2009 - 14:30
CVE-2009-1691 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insuffici
17-02-2011 - 06:43 10-06-2009 - 14:30
CVE-2009-1693 5.8
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capt
17-02-2011 - 06:43 10-06-2009 - 14:30
CVE-2009-1694 5.8
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS el
17-02-2011 - 06:43 10-06-2009 - 14:30
CVE-2009-1695 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to
17-02-2011 - 06:43 10-06-2009 - 18:00
CVE-2009-1696 5.0
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari
17-02-2011 - 06:43 10-06-2009 - 18:00
CVE-2009-1697 4.3
CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML documen
17-02-2011 - 06:43 10-06-2009 - 18:00
CVE-2009-1703 7.1
WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document.
17-02-2011 - 06:43 10-06-2009 - 18:00
CVE-2009-1715 4.3
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect
17-02-2011 - 06:43 10-06-2009 - 18:00
CVE-2009-1718 7.1
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.
17-02-2011 - 06:43 10-06-2009 - 18:00
CVE-2009-1707 1.2
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.
10-12-2010 - 06:30 10-06-2009 - 18:00
CVE-2009-1682 4.3
Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.
19-06-2009 - 05:32 10-06-2009 - 14:30
CVE-2009-1704 9.3
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.
19-06-2009 - 05:32 10-06-2009 - 18:00
CVE-2009-1706 5.0
The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote
19-06-2009 - 05:32 10-06-2009 - 18:00
CVE-2009-1708 9.3
Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.
19-06-2009 - 05:32 10-06-2009 - 18:00
CVE-2009-1716 2.1
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.
19-06-2009 - 05:32 10-06-2009 - 18:00
CVE-2009-1705 9.3
CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cr
13-06-2009 - 05:33 10-06-2009 - 18:00
Back to Top Mark selected
Back to Top