Max CVSS | 10.0 | Min CVSS | 1.2 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2009-1699 | 7.1 |
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files
|
10-02-2024 - 02:48 | 10-06-2009 - 18:00 | |
CVE-2009-0040 | 6.8 |
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cr
|
09-02-2024 - 03:25 | 22-02-2009 - 22:30 | |
CVE-2008-3281 | 4.3 |
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
|
02-02-2024 - 15:02 | 27-08-2008 - 20:41 | |
CVE-2008-3529 | 10.0 |
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
|
13-02-2023 - 02:19 | 12-09-2008 - 16:56 | |
CVE-2009-1179 | 6.8 |
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
|
13-02-2023 - 02:19 | 23-04-2009 - 17:30 | |
CVE-2008-4231 | 9.3 |
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicati
|
09-08-2022 - 13:48 | 25-11-2008 - 23:30 | |
CVE-2009-1700 | 4.3 |
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages v
|
09-08-2022 - 13:48 | 10-06-2009 - 18:00 | |
CVE-2009-1702 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper
|
09-08-2022 - 13:48 | 10-06-2009 - 18:00 | |
CVE-2009-1701 | 9.3 |
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of
|
09-08-2022 - 13:48 | 10-06-2009 - 18:00 | |
CVE-2009-1698 | 9.3 |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which a
|
09-08-2022 - 13:48 | 10-06-2009 - 18:00 | |
CVE-2008-1588 | 4.3 |
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL.
|
09-08-2022 - 13:46 | 14-07-2008 - 18:41 | |
CVE-2008-3632 | 9.3 |
Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style
|
09-08-2022 - 13:46 | 11-09-2008 - 01:13 | |
CVE-2009-0946 | 7.5 |
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
|
05-04-2021 - 19:25 | 17-04-2009 - 00:30 | |
CVE-2009-1690 | 9.3 |
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary c
|
26-09-2019 - 17:05 | 10-06-2009 - 14:30 | |
CVE-2006-2783 | 4.3 |
Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the mi
|
18-10-2018 - 16:42 | 02-06-2006 - 19:02 | |
CVE-2008-2320 | 9.3 |
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (app
|
11-10-2018 - 20:40 | 04-08-2008 - 01:41 | |
CVE-2009-1709 | 9.3 |
Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG an
|
03-10-2018 - 22:00 | 10-06-2009 - 18:00 | |
CVE-2009-1687 | 9.3 |
The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code o
|
29-09-2017 - 01:34 | 10-06-2009 - 14:30 | |
CVE-2009-0153 | 4.3 |
International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems,
|
29-09-2017 - 01:33 | 13-05-2009 - 15:30 | |
CVE-2008-4226 | 10.0 |
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
|
29-09-2017 - 01:32 | 25-11-2008 - 23:30 | |
CVE-2008-4225 | 7.8 |
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
|
29-09-2017 - 01:32 | 25-11-2008 - 23:30 | |
CVE-2009-1710 | 2.6 |
WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.
|
17-08-2017 - 01:30 | 10-06-2009 - 18:00 | |
CVE-2009-1711 | 9.3 |
WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
|
17-08-2017 - 01:30 | 10-06-2009 - 18:00 | |
CVE-2009-1712 | 9.3 |
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.
|
17-08-2017 - 01:30 | 10-06-2009 - 18:00 | |
CVE-2009-1714 | 4.3 |
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML at
|
17-08-2017 - 01:30 | 10-06-2009 - 18:00 | |
CVE-2009-1713 | 7.1 |
The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.
|
17-08-2017 - 01:30 | 10-06-2009 - 18:00 | |
CVE-2009-0145 | 6.8 |
CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafte
|
08-08-2017 - 01:33 | 13-05-2009 - 15:30 | |
CVE-2008-4409 | 5.0 |
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a c
|
08-08-2017 - 01:32 | 03-10-2008 - 17:41 | |
CVE-2008-2321 | 9.3 |
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of argum
|
08-08-2017 - 01:30 | 04-08-2008 - 01:41 | |
CVE-2009-1694 | 5.8 |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS el
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
CVE-2009-1703 | 7.1 |
WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document.
|
17-02-2011 - 06:43 | 10-06-2009 - 18:00 | |
CVE-2009-1696 | 5.0 |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari
|
17-02-2011 - 06:43 | 10-06-2009 - 18:00 | |
CVE-2009-1685 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.impl
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
CVE-2009-1684 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that trigge
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
CVE-2009-1689 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
CVE-2009-1695 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to
|
17-02-2011 - 06:43 | 10-06-2009 - 18:00 | |
CVE-2009-1686 | 9.3 |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allow
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
CVE-2009-1693 | 5.8 |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capt
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
CVE-2009-1688 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determini
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
CVE-2009-1718 | 7.1 |
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.
|
17-02-2011 - 06:43 | 10-06-2009 - 18:00 | |
CVE-2009-1681 | 4.3 |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
CVE-2009-1697 | 4.3 |
CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML documen
|
17-02-2011 - 06:43 | 10-06-2009 - 18:00 | |
CVE-2009-1691 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insuffici
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
CVE-2009-1715 | 4.3 |
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect
|
17-02-2011 - 06:43 | 10-06-2009 - 18:00 | |
CVE-2009-1707 | 1.2 |
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.
|
10-12-2010 - 06:30 | 10-06-2009 - 18:00 | |
CVE-2009-1682 | 4.3 |
Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.
|
19-06-2009 - 05:32 | 10-06-2009 - 14:30 | |
CVE-2009-1716 | 2.1 |
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.
|
19-06-2009 - 05:32 | 10-06-2009 - 18:00 | |
CVE-2009-1708 | 9.3 |
Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.
|
19-06-2009 - 05:32 | 10-06-2009 - 18:00 | |
CVE-2009-1706 | 5.0 |
The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote
|
19-06-2009 - 05:32 | 10-06-2009 - 18:00 | |
CVE-2009-1704 | 9.3 |
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.
|
19-06-2009 - 05:32 | 10-06-2009 - 18:00 | |
CVE-2009-1705 | 9.3 |
CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cr
|
13-06-2009 - 05:33 | 10-06-2009 - 18:00 |