Safari Security Vulnerabilities and Issues — Page 10 of Safari CVE List

Lucene search

AppleSafari

1524 matches found

CVE•added 2017/04/02 1:59 a.m.•85 views

CVE-2017-2395

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicati...

8.8CVSS8AI score0.00986EPSS

CVE•added 2017/04/02 1:59 a.m.•85 views

CVE-2017-2470

8.8CVSS8AI score0.02682EPSS

CVE•added 2024/02/19 11:15 a.m.•85 views

CVE-2024-1580

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

8.8CVSS7.3AI score0.00297EPSS

CVE•added 2024/07/29 11:15 p.m.•85 views

CVE-2024-40782

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process cr...

9.8CVSS6AI score0.02112EPSS

CVE•added 2025/01/27 10:15 p.m.•85 views

CVE-2024-54542

An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, macOS Sequoia 15.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2. Private Browsing tabs may be accessed without authentication.

9.1CVSS5.9AI score0.00319EPSS

CVE•added 2025/03/31 11:15 p.m.•85 views

CVE-2025-24208

A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.

6.1CVSS5.4AI score0.00046EPSS

CVE•added 2016/07/22 2:59 a.m.•84 views

CVE-2016-4623

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624.

8.8CVSS8.3AI score0.73233EPSS

CVE•added 2016/07/22 2:59 a.m.•84 views

CVE-2016-4624

8.8CVSS8.3AI score0.73233EPSS

CVE•added 2017/04/02 1:59 a.m.•84 views

CVE-2017-2367

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web sit...

6.5CVSS6.1AI score0.12422EPSS

CVE•added 2017/04/02 1:59 a.m.•84 views

CVE-2017-2469

8.8CVSS8AI score0.02682EPSS

CVE•added 2017/07/20 4:29 p.m.•84 views

CVE-2017-7056

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote at...

8.8CVSS8.1AI score0.08109EPSS

CVE•added 2017/10/23 1:29 a.m.•84 views

CVE-2017-7098

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execu...

8.8CVSS7.7AI score0.00513EPSS

CVE•added 2017/10/23 1:29 a.m.•84 views

CVE-2017-7142

An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites.

5.3CVSS5.5AI score0.00254EPSS

CVE•added 2018/04/03 6:29 a.m.•84 views

CVE-2018-4118

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers ...

8.8CVSS8.7AI score0.00579EPSS

CVE•added 2019/12/18 6:15 p.m.•84 views

CVE-2019-8577

An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges.

7.8CVSS7.5AI score0.00244EPSS

CVE•added 2022/11/01 8:15 p.m.•84 views

CVE-2022-32892

An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions.

8.6CVSS7.5AI score0.00108EPSS

CVE•added 2024/10/24 5:15 p.m.•84 views

CVE-2024-44185

The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

5.5CVSS5.5AI score0.00087EPSS

CVE•added 2024/12/12 2:15 a.m.•84 views

CVE-2024-54502

The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.

6.5CVSS5.8AI score0.00281EPSS

CVE•added 2017/04/02 1:59 a.m.•83 views

CVE-2017-2481

8.8CVSS8AI score0.01255EPSS

CVE•added 2017/07/20 4:29 p.m.•83 views

CVE-2017-7039

8.8CVSS8.1AI score0.03473EPSS

CVE•added 2017/07/20 4:29 p.m.•83 views

CVE-2017-7048

8.8CVSS8.1AI score0.0481EPSS

CVE•added 2017/10/23 1:29 a.m.•83 views

CVE-2017-7092

8.8CVSS7.7AI score0.29833EPSS

CVE•added 2017/10/23 1:29 a.m.•83 views

CVE-2017-7104

8.8CVSS7.7AI score0.00513EPSS

CVE•added 2019/04/03 6:29 p.m.•83 views

CVE-2018-4374

A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

6.1CVSS6.4AI score0.00643EPSS

CVE•added 2020/10/27 8:15 p.m.•83 views

CVE-2019-8827

The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. ...

4.3CVSS5.2AI score0.00609EPSS

CVE•added 2005/05/02 4:0 a.m.•82 views

CVE-2005-0976

AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs.

5CVSS6.7AI score0.00362EPSS

CVE•added 2016/09/25 10:59 a.m.•82 views

CVE-2016-4766

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767,...

8.8CVSS8.7AI score0.00976EPSS

CVE•added 2017/07/20 4:29 p.m.•82 views

CVE-2017-7011

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements.

6.5CVSS6.1AI score0.00835EPSS

CVE•added 2017/07/20 4:29 p.m.•82 views

CVE-2017-7038

A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.

6.1CVSS5.8AI score0.0561EPSS

CVE•added 2017/07/20 4:29 p.m.•82 views

CVE-2017-7041

9.3CVSS8.1AI score0.1308EPSS

CVE•added 2017/10/23 1:29 a.m.•82 views

CVE-2017-7081

8.8CVSS8AI score0.00513EPSS

CVE•added 2017/10/23 1:29 a.m.•82 views

CVE-2017-7099

8.8CVSS8AI score0.00513EPSS

CVE•added 2017/10/23 1:29 a.m.•82 views

CVE-2017-7120

8.8CVSS7.7AI score0.00513EPSS

CVE•added 2020/12/08 8:15 p.m.•82 views

CVE-2020-9945

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS4.5AI score0.0034EPSS

CVE•added 2009/06/10 6:0 p.m.•81 views

CVE-2009-1699

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///e...

7.5CVSS6.9AI score0.05627EPSS

CVE•added 2010/11/17 1:0 a.m.•81 views

CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a...

4.3CVSS5.6AI score0.00728EPSS

CVE•added 2016/09/25 10:59 a.m.•81 views

CVE-2016-4735

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734.

9.3CVSS8.4AI score0.08398EPSS

CVE•added 2017/02/20 8:59 a.m.•81 views

CVE-2016-7632

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of ser...

8.8CVSS8.1AI score0.00769EPSS

CVE•added 2017/04/02 1:59 a.m.•81 views

CVE-2017-2394

8.8CVSS8AI score0.00986EPSS

CVE•added 2017/07/20 4:29 p.m.•81 views

CVE-2017-7006

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obta...

5.3CVSS5.4AI score0.00644EPSS

CVE•added 2017/10/23 1:29 a.m.•81 views

CVE-2017-7090

7.5CVSS5.6AI score0.00613EPSS

CVE•added 2020/04/01 6:15 p.m.•81 views

CVE-2020-3887

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated.

4.3CVSS5.3AI score0.00492EPSS

CVE•added 2020/10/16 5:15 p.m.•81 views

CVE-2020-9936

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lea...

7.8CVSS8.2AI score0.00318EPSS

CVE•added 2024/06/10 9:15 p.m.•81 views

CVE-2024-27820

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.

8.8CVSS7.1AI score0.00424EPSS

CVE•added 2025/01/27 10:15 p.m.•81 views

CVE-2025-24113

The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing.

4.3CVSS5.6AI score0.0005EPSS

CVE•added 2010/03/19 9:30 p.m.•80 views

CVE-2010-1029

Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary co...

5CVSS8.7AI score0.3762EPSS

CVE•added 2015/05/08 12:59 a.m.•80 views

CVE-2015-1152

WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.

6.8CVSS8.8AI score0.01171EPSS

CVE•added 2017/04/02 1:59 a.m.•80 views

CVE-2017-2460

8.8CVSS8AI score0.04408EPSS

CVE•added 2017/04/02 1:59 a.m.•80 views

CVE-2017-2480

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to...

6.5CVSS6.2AI score0.19072EPSS

CVE•added 2017/07/20 4:29 p.m.•80 views

CVE-2017-7046

8.8CVSS8.1AI score0.0481EPSS

Total number of security vulnerabilities1524