CVSS: 9.3EPSS: 31%CPEs: 60EXPL: 0CVE-2008-2307
https://notcve.org/view.php?id=CVE-2008-2307
23 Jun 2008 — Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. Una vulnerabilidad no especificada en WebKit en Apple Safari anterior a la versión 3.1.2, distribuida en Mac OS X anterior a la versión 10.5.4, e independiente para Windows y Mac OS X ver... • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 37%CPEs: 6EXPL: 0CVE-2008-2540
https://notcve.org/view.php?id=CVE-2008-2540
03 Jun 2008 — Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server... • http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 1%CPEs: 18EXPL: 0CVE-2008-1025
https://notcve.org/view.php?id=CVE-2008-1025
17 Apr 2008 — Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apple WebKit, como el que se utiliza en Safari anterior a 3.1.1, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección mediante una URL manipulada con una coma en la sección del nombre de máquina (hostn... • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2008-1005
https://notcve.org/view.php?id=CVE-2008-1005
19 Mar 2008 — WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password. Webcore, usado en Apple Safaru anterior a 3.1, no oculta adecuadamente el campo de contraseña cuando una conversión inversa es usada con el método Kotoeri, puede permitir que atacantes que se encuentren cerca del ordenador lean la contraseña. • http://docs.info.apple.com/article.html?artnum=307563 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 16EXPL: 0CVE-2008-1002
https://notcve.org/view.php?id=CVE-2008-1002
19 Mar 2008 — Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apple Safari antes de 3.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un javascript: URL manipulado. • http://docs.info.apple.com/article.html?artnum=307563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 16EXPL: 0CVE-2008-1003
https://notcve.org/view.php?id=CVE-2008-1003
19 Mar 2008 — Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebCore, usado en Apple Safari anterior a 3.1, permite a atacantes remotos inyectar secuencias de comandos web o html de su elección a través de vectores desconocidos en relación a s... • http://docs.info.apple.com/article.html?artnum=307563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 16EXPL: 0CVE-2008-1004
https://notcve.org/view.php?id=CVE-2008-1004
19 Mar 2008 — Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebCore, como el utilizado en Apple Safari anterior a 3.1, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de vectores desconocidos relacionados con Web Inspector. • http://docs.info.apple.com/article.html?artnum=307563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 16EXPL: 0CVE-2008-1006
https://notcve.org/view.php?id=CVE-2008-1006
19 Mar 2008 — Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webcore, usado en Apple Safari anterior a 3.1, permite a atacantes remotos inyectar secuencias de comandos web o html de su elección empleando la función windows.open para cambiar el contexto de seguridad de una... • http://docs.info.apple.com/article.html?artnum=307563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 16EXPL: 0CVE-2008-1007
https://notcve.org/view.php?id=CVE-2008-1007
19 Mar 2008 — WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks. WebCore, como es usado en Apple Safari versiones anteriores a 3.1, no aplica la política de navegación de tramas para applets de Java, que permite a los atacantes remotos conducir ataques de tipo cross-site scripting (XSS). • http://docs.info.apple.com/article.html?artnum=307563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 16EXPL: 0CVE-2008-1008
https://notcve.org/view.php?id=CVE-2008-1008
19 Mar 2008 — Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en WebCore, usado en Apple Safari versiones anteriores a la 3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de la propiedad document.domain. • http://docs.info.apple.com/article.html?artnum=307563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •