Safari Security Vulnerabilities and Issues — Page 2 of Safari CVE List

Lucene search

AppleSafari

134 matches found

CVE•added 2015/04/10 2:59 p.m.•59 views

CVE-2015-1127

The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.

2.1CVSS7.3AI score0.00062EPSS

CVE•added 2015/08/16 11:59 p.m.•59 views

CVE-2015-3731

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.5AI score0.00998EPSS

CVE•added 2015/08/16 11:59 p.m.•59 views

CVE-2015-3744

6.8CVSS8.4AI score0.01081EPSS

CVE•added 2015/08/16 11:59 p.m.•59 views

CVE-2015-3752

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive informatio...

5CVSS6.9AI score0.01115EPSS

CVE•added 2015/09/18 10:59 a.m.•59 views

CVE-2015-5794

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-S...

6.8CVSS8.8AI score0.01009EPSS

CVE•added 2015/10/23 9:59 p.m.•59 views

CVE-2015-5929

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S...

6.8CVSS8.9AI score0.0108EPSS

CVE•added 2015/12/11 11:59 a.m.•59 views

CVE-2015-7098

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2...

6.8CVSS7.6AI score0.01093EPSS

CVE•added 2015/12/11 11:59 a.m.•59 views

CVE-2015-7102

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/03/18 10:59 p.m.•58 views

CVE-2015-1076

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.00805EPSS

CVE•added 2015/05/08 12:59 a.m.•58 views

CVE-2015-1155

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

4.3CVSS7.7AI score0.5513EPSS

CVE•added 2015/09/18 10:59 a.m.•58 views

CVE-2015-3801

The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.

5CVSS5.8AI score0.00977EPSS

CVE•added 2015/09/18 10:59 a.m.•58 views

CVE-2015-5806

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•58 views

CVE-2015-5814

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-0...

6.8CVSS8.8AI score0.01009EPSS

CVE•added 2015/10/23 9:59 p.m.•58 views

CVE-2015-5931

WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 an...

6.8CVSS8.8AI score0.01529EPSS

CVE•added 2015/09/18 10:59 a.m.•57 views

CVE-2015-5809

6.8CVSS8.8AI score0.01009EPSS

CVE•added 2015/12/11 11:59 a.m.•57 views

CVE-2015-7048

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/03/18 10:59 p.m.•56 views

CVE-2015-1079

6.8CVSS7.8AI score0.00843EPSS

CVE•added 2015/07/03 1:59 a.m.•56 views

CVE-2015-3659

The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause...

6.8CVSS8.8AI score0.01109EPSS

CVE•added 2015/08/16 11:59 p.m.•56 views

CVE-2015-3729

Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site.

4.3CVSS8AI score0.00652EPSS

CVE•added 2015/09/18 10:59 a.m.•56 views

CVE-2015-5817

6.8CVSS8.8AI score0.01093EPSS

CVE•added 2015/10/23 9:59 p.m.•56 views

CVE-2015-7011

6.8CVSS7.9AI score0.01655EPSS

CVE•added 2015/12/11 11:59 a.m.•56 views

CVE-2015-7095

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/03/18 10:59 p.m.•55 views

CVE-2015-1082

6.8CVSS8.8AI score0.00913EPSS

CVE•added 2015/04/10 2:59 p.m.•55 views

CVE-2015-1121

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerabi...

6.8CVSS8.9AI score0.00843EPSS

CVE•added 2015/08/16 11:59 p.m.•55 views

CVE-2015-3734

6.8CVSS8.4AI score0.01643EPSS

CVE•added 2015/08/16 11:59 p.m.•55 views

CVE-2015-3739

6.8CVSS8.4AI score0.01643EPSS

CVE•added 2015/10/23 9:59 p.m.•55 views

CVE-2015-5930

6.8CVSS8.9AI score0.0108EPSS

CVE•added 2015/12/11 11:59 a.m.•55 views

CVE-2015-7097

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/03/18 10:59 p.m.•54 views

CVE-2015-1081

6.8CVSS8.8AI score0.00861EPSS

CVE•added 2015/04/10 2:59 p.m.•54 views

CVE-2015-1119

6.8CVSS8.9AI score0.00913EPSS

CVE•added 2015/04/10 2:59 p.m.•54 views

CVE-2015-1122

6.8CVSS8.9AI score0.00836EPSS

CVE•added 2015/07/03 2:0 a.m.•54 views

CVE-2015-3727

WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.

6.8CVSS7.6AI score0.00942EPSS

CVE•added 2015/08/16 11:59 p.m.•54 views

CVE-2015-3735

6.8CVSS8.4AI score0.01643EPSS

CVE•added 2015/08/16 11:59 p.m.•54 views

CVE-2015-3737

6.8CVSS8.4AI score0.01643EPSS

CVE•added 2015/09/18 10:59 a.m.•54 views

CVE-2015-5765

The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.

4.3CVSS5.9AI score0.00846EPSS

CVE•added 2015/09/18 10:59 a.m.•54 views

CVE-2015-5797

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•54 views

CVE-2015-5802

6.8CVSS7.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•54 views

CVE-2015-5811

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•54 views

CVE-2015-5812

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2015/12/11 11:59 a.m.•54 views

CVE-2015-7099

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 12:0 p.m.•54 views

CVE-2015-7103

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/03/18 10:59 p.m.•53 views

CVE-2015-1070

6.8CVSS8.8AI score0.00787EPSS

CVE•added 2015/08/16 11:59 p.m.•53 views

CVE-2015-3736

6.8CVSS8.4AI score0.01643EPSS

CVE•added 2015/08/16 11:59 p.m.•53 views

CVE-2015-3746

6.8CVSS8.4AI score0.01081EPSS

CVE•added 2015/08/16 11:59 p.m.•53 views

CVE-2015-3750

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to...

6.4CVSS6.8AI score0.00771EPSS

CVE•added 2015/09/18 10:59 a.m.•53 views

CVE-2015-5795

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•53 views

CVE-2015-5799

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•53 views

CVE-2015-5807

6.8CVSS8.8AI score0.01009EPSS

CVE•added 2015/09/18 10:59 a.m.•53 views

CVE-2015-5815

WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-...

6.8CVSS8.6AI score0.00651EPSS

CVE•added 2015/09/18 10:59 a.m.•53 views

CVE-2015-5826

WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

4.3CVSS5.8AI score0.00664EPSS

Total number of security vulnerabilities134