CVSS: 6.2EPSS: 0%CPEs: 42EXPL: 0CVE-2008-4216
https://notcve.org/view.php?id=CVE-2008-4216
17 Nov 2008 — The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files." La interface plug-in en WebKit de Apple Safari versiones anteiores a v3.2 no impide que los plug-ins de acceso de URLs local, lo cual permite a atacantes remotos obtener información sensible a través de vectores que "lanzan archivos locales". • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 83%CPEs: 15EXPL: 1CVE-2008-3529 – Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
https://notcve.org/view.php?id=CVE-2008-3529
12 Sep 2008 — Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. Desbordamiento de búfer basado en pila en la función xmlParseAttValueComplex en el módulo parser.c de libxml2 versiones anteriores a 2.7.0 permite a atacantes dependientes del contexto provocar una denegación de servicio (parada inesperada) o la posibilidad de ejecutar código de su ... • https://www.exploit-db.com/exploits/8798 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2008-3281 – libxml2 denial of service
https://notcve.org/view.php?id=CVE-2008-3281
22 Aug 2008 — libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. libxml2 2.6.32 y anteriores, no detecta correctamente la recursividad durante la expansión de una entidad en un valor de un atributo; esto permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de la memoria y la CPU) mediante un documento ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 0CVE-2008-2306
https://notcve.org/view.php?id=CVE-2008-2306
23 Jun 2008 — Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. Apple Safari anterior a la versión 3.1.2 en Windows no interpreta apropiadamente la configuración de zona de Internet Explorer URLACTION_SHELL_EXECUTE_HIGHRISK, que permite a los atacantes remotos omitir las restricciones de acceso previstas... • http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 31%CPEs: 60EXPL: 0CVE-2008-2307
https://notcve.org/view.php?id=CVE-2008-2307
23 Jun 2008 — Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. Una vulnerabilidad no especificada en WebKit en Apple Safari anterior a la versión 3.1.2, distribuida en Mac OS X anterior a la versión 10.5.4, e independiente para Windows y Mac OS X ver... • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 42%CPEs: 6EXPL: 0CVE-2008-2540
https://notcve.org/view.php?id=CVE-2008-2540
03 Jun 2008 — Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server... • http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0CVE-2008-1999
https://notcve.org/view.php?id=CVE-2008-1999
28 Apr 2008 — Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences. Apple Safari 3.1.1 permite a atacantes remotos falsificar la barra de direcciones colocando varios caracteres "invisibles" en el subcomponente userinfo del componente authority de la URL -también conocido como el fichero del usuario (user file)-; como se ha demostrado con las... • http://es.geocities.com/jplopezy/pruebasafari3.html •
CVSS: 6.5EPSS: 12%CPEs: 1EXPL: 1CVE-2008-2000
https://notcve.org/view.php?id=CVE-2008-2000
28 Apr 2008 — Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. Vulnerabilidad no especificada en Apple Safari 3.1.1 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante un código JavaScript que llama a document.write en un bucle infinito. • http://es.geocities.com/jplopezy/pruebasafari3.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 10%CPEs: 1EXPL: 1CVE-2008-2001
https://notcve.org/view.php?id=CVE-2008-2001
28 Apr 2008 — Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference. Apple Safari 3.1.1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un enlace file:///%E2 que dispara un acceso fuera del límite, posiblemente debido a un puntero a referencia NULL. • http://es.geocities.com/jplopezy/pruebasafari3.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 0CVE-2008-1024
https://notcve.org/view.php?id=CVE-2008-1024
17 Apr 2008 — Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. Apple Safari versiones anteriores a 3.1.1, cuando se está ejecutando en Windows XP o Vista, permite a atacantes remotos provocar una denegación de servicio (caída) y posíblemente ejecutar código de su elección a través de un fichero descargado con un nombre de fichero ma... • http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html • CWE-399: Resource Management Errors •