CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 0CVE-2008-2306
https://notcve.org/view.php?id=CVE-2008-2306
23 Jun 2008 — Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. Apple Safari anterior a la versión 3.1.2 en Windows no interpreta apropiadamente la configuración de zona de Internet Explorer URLACTION_SHELL_EXECUTE_HIGHRISK, que permite a los atacantes remotos omitir las restricciones de acceso previstas... • http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 31%CPEs: 60EXPL: 0CVE-2008-2307
https://notcve.org/view.php?id=CVE-2008-2307
23 Jun 2008 — Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. Una vulnerabilidad no especificada en WebKit en Apple Safari anterior a la versión 3.1.2, distribuida en Mac OS X anterior a la versión 10.5.4, e independiente para Windows y Mac OS X ver... • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 42%CPEs: 6EXPL: 0CVE-2008-2540
https://notcve.org/view.php?id=CVE-2008-2540
03 Jun 2008 — Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server... • http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0CVE-2008-1999
https://notcve.org/view.php?id=CVE-2008-1999
28 Apr 2008 — Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences. Apple Safari 3.1.1 permite a atacantes remotos falsificar la barra de direcciones colocando varios caracteres "invisibles" en el subcomponente userinfo del componente authority de la URL -también conocido como el fichero del usuario (user file)-; como se ha demostrado con las... • http://es.geocities.com/jplopezy/pruebasafari3.html •
CVSS: 6.5EPSS: 12%CPEs: 1EXPL: 1CVE-2008-2000
https://notcve.org/view.php?id=CVE-2008-2000
28 Apr 2008 — Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. Vulnerabilidad no especificada en Apple Safari 3.1.1 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante un código JavaScript que llama a document.write en un bucle infinito. • http://es.geocities.com/jplopezy/pruebasafari3.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 10%CPEs: 1EXPL: 1CVE-2008-2001
https://notcve.org/view.php?id=CVE-2008-2001
28 Apr 2008 — Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference. Apple Safari 3.1.1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un enlace file:///%E2 que dispara un acceso fuera del límite, posiblemente debido a un puntero a referencia NULL. • http://es.geocities.com/jplopezy/pruebasafari3.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 0CVE-2008-1024
https://notcve.org/view.php?id=CVE-2008-1024
17 Apr 2008 — Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. Apple Safari versiones anteriores a 3.1.1, cuando se está ejecutando en Windows XP o Vista, permite a atacantes remotos provocar una denegación de servicio (caída) y posíblemente ejecutar código de su elección a través de un fichero descargado con un nombre de fichero ma... • http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 1%CPEs: 18EXPL: 0CVE-2008-1025
https://notcve.org/view.php?id=CVE-2008-1025
17 Apr 2008 — Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apple WebKit, como el que se utiliza en Safari anterior a 3.1.1, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección mediante una URL manipulada con una coma en la sección del nombre de máquina (hostn... • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 14%CPEs: 8EXPL: 0CVE-2008-1026 – Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1026
16 Apr 2008 — Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. Desbordamiento de entero en el compilador de expresiones regulares PCRE (JavaScriptCore/pcre/pcre_compile.cpp) en Apple WebKit, como se utiliza en Safari en versiones anteriores a 3.1.1, permite a atacantes re... • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 1%CPEs: 16EXPL: 0CVE-2008-1002
https://notcve.org/view.php?id=CVE-2008-1002
19 Mar 2008 — Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apple Safari antes de 3.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un javascript: URL manipulado. • http://docs.info.apple.com/article.html?artnum=307563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •