NotCVE - vendor:"Apple" product:"Safari" version:"2.0.4

Page 253 of 1284 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

CVE-2008-1002

https://notcve.org/view.php?id=CVE-2008-1002

Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apple Safari antes de 3.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un javascript: URL manipulado. • http://docs.info.apple.com/article.html?artnum=307563 http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html http://secunia.com/advisories/29393 http://www.kb.cert.org/vuls/id/766019 http://www.securityfocus.com/bid/28290 http://www.securityfocus.com/bid/28328 http://www.securitytracker.com/id?1019653 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0920/references https://exchange.xforce.ibmcloud.com/vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 12%CPEs: 16EXPL: 0

CVE-2008-1010

https://notcve.org/view.php?id=CVE-2008-1010

Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript. Desbordamiento de búfer en WebKit, usado en Apple Safari anterior a 3.1, permite a atacantes remotos ejecutar secuencias de comandos de su elección a través de expresiones regulares Javascript manipuladas. • http://docs.info.apple.com/article.html?artnum=307563 http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html http://secunia.com/advisories/29393 http://secunia.com/advisories/29924 http://www.securityfocus.com/bid/28290 http://www.securityfocus.com/bid/28338 http://www.securitytracker.com/id?1019654 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0920/references https://exchange.xforce.ibmcloud.com/vulnerabilities&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 4%CPEs: 6EXPL: 3

CVE-2008-0298 – Apple Safari 2.0.4 - KHTML WebKit Remote Denial of Service

https://notcve.org/view.php?id=CVE-2008-0298

KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. KHTML WebKit como el utilizado en Apple Safari 2.x permite a atacantes remotos provocar una denegación de servicio (caída del navegador) mediante una página web manipulada, posiblemente implicando un atributo STYLE en una elemento DIV. • https://www.exploit-db.com/exploits/31021 http://securityreason.com/securityalert/3549 http://www.s21sec.com/avisos/s21sec-039-en.txt http://www.securityfocus.com/archive/1/486202/100/0/threaded http://www.securityfocus.com/bid/27261 https://exchange.xforce.ibmcloud.com/vulnerabilities/39635 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 1%CPEs: 26EXPL: 0

CVE-2007-4692

https://notcve.org/view.php?id=CVE-2007-4692

The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. La funcionalidad de navegación de pestañas en Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos falsificar la autenticación HTTP para otros sitios y posiblemente conducir ataques de phishing causando que se muestre una hoja de autenticación para una pestaña que no está activa, lo que hace que parezca como si está asociada con la pestaña activa. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2007/Nov/msg00003.html http://osvdb.org/40662 http://secunia.com/advisories/27643 http://www.securityfocus.com/bid/26444 http://www.securityfocus.com/bid/26447 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com&#x • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

CVE-2007-4698

https://notcve.org/view.php?id=CVE-2007-4698

Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos conducir ataques de tipo cross-site scripting (XSS) causando que los eventos de JavaScript sean asociados con la trama incorrecta. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2007/Nov/msg00003.html http://osvdb.org/40663 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.securityfocus.com/bid/26446 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...251 252 253 254 255