The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-08-17
Updated
2017-09-21
The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-04-10
Updated
2016-12-03
Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2013-12-17
Updated
2017-08-29
WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.
Max CVSS
2.6
EPSS Score
0.29%
Published
2011-03-11
Updated
2017-08-17
The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.
Max CVSS
2.6
EPSS Score
0.36%
Published
2010-07-30
Updated
2017-09-19
WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.
Max CVSS
2.6
EPSS Score
0.21%
Published
2010-02-18
Updated
2018-11-16
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2009-06-10
Updated
2009-06-19
WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.
Max CVSS
2.6
EPSS Score
0.58%
Published
2009-06-10
Updated
2017-08-17
An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Max CVSS
2.1
EPSS Score
0.19%
Published
2009-01-20
Updated
2009-01-23
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.
Max CVSS
2.6
EPSS Score
1.99%
Published
2008-11-25
Updated
2022-08-09
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.
Max CVSS
2.1
EPSS Score
0.08%
Published
2008-03-19
Updated
2017-08-08
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.
Max CVSS
2.6
EPSS Score
0.06%
Published
2005-08-19
Updated
2008-09-05
Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
Max CVSS
2.6
EPSS Score
1.52%
Published
2005-07-13
Updated
2017-07-11
Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference.
Max CVSS
2.6
EPSS Score
1.60%
Published
2005-05-03
Updated
2016-10-18
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!