Lucene search

K
AppleSafari

1524 matches found

CVE
CVE
added 2010/12/07 9:0 p.m.129 views

CVE-2010-4494

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

7.5CVSS7.8AI score0.0197EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.128 views

CVE-2010-5070

The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than ...

5CVSS5.3AI score0.00732EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.128 views

CVE-2014-4415

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

6.8CVSS7.8AI score0.01118EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.128 views

CVE-2018-4361

A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

8.8CVSS7.5AI score0.00704EPSS
CVE
CVE
added 2012/04/05 10:2 p.m.127 views

CVE-2011-3068

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.

6.8CVSS6.9AI score0.02507EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.127 views

CVE-2018-4197

A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

8.8CVSS7.6AI score0.15917EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.126 views

CVE-2018-4204

An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" compone...

8.8CVSS8.7AI score0.03579EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.126 views

CVE-2018-4309

A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

6.1CVSS6.1AI score0.01123EPSS
CVE
CVE
added 2020/06/09 5:15 p.m.125 views

CVE-2020-9800

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitr...

8.8CVSS8.8AI score0.00765EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.124 views

CVE-2016-1762

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

8.1CVSS7AI score0.05589EPSS
CVE
CVE
added 2016/09/25 10:59 a.m.124 views

CVE-2016-4618

Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

6.1CVSS5.8AI score0.005EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.123 views

CVE-2005-0234

The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

5CVSS6.5AI score0.00495EPSS
CVE
CVE
added 2022/11/01 8:15 p.m.123 views

CVE-2022-42823

A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.4AI score0.0041EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.123 views

CVE-2025-30427

A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

4.3CVSS5.9AI score0.00083EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.123 views

CVE-2025-31257

This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

4.7CVSS5.8AI score0.00083EPSS
CVE
CVE
added 2022/11/01 8:15 p.m.121 views

CVE-2022-42824

A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information.

5.5CVSS5.7AI score0.00026EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.119 views

CVE-2004-1122

Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.

7.5CVSS9.3AI score0.00968EPSS
CVE
CVE
added 2023/02/27 8:15 p.m.119 views

CVE-2022-32891

The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing.

6.1CVSS5.2AI score0.00076EPSS
CVE
CVE
added 2024/03/08 2:15 a.m.118 views

CVE-2024-23284

A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being...

6.5CVSS5.1AI score0.00534EPSS
CVE
CVE
added 2012/07/25 8:55 p.m.117 views

CVE-2012-1520

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS
CVE
CVE
added 2024/03/08 2:15 a.m.117 views

CVE-2024-23273

This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.

4.3CVSS4.3AI score0.00087EPSS
CVE
CVE
added 2017/12/25 9:29 p.m.116 views

CVE-2017-13856

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.00947EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.116 views

CVE-2017-2363

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sen...

6.5CVSS5.7AI score0.22777EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.116 views

CVE-2018-4117

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allow...

6.5CVSS6.2AI score0.01004EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.115 views

CVE-2017-2356

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arb...

8.8CVSS8.1AI score0.00584EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.115 views

CVE-2018-4222

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" co...

8.8CVSS8AI score0.68543EPSS
CVE
CVE
added 2022/09/23 7:15 p.m.115 views

CVE-2022-22610

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution.

8.8CVSS8.5AI score0.00385EPSS
CVE
CVE
added 2022/09/20 9:15 p.m.114 views

CVE-2022-32912

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.00782EPSS
CVE
CVE
added 2009/08/11 6:30 p.m.113 views

CVE-2009-2416

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Cod...

6.5CVSS6.7AI score0.00296EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.113 views

CVE-2018-4121

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compon...

8.8CVSS8.6AI score0.39723EPSS
CVE
CVE
added 2022/09/20 9:15 p.m.113 views

CVE-2022-32868

A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions.

4.3CVSS4.9AI score0.00207EPSS
CVE
CVE
added 2024/05/14 3:13 p.m.113 views

CVE-2024-27834

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

8.1CVSS5.4AI score0.00007EPSS
CVE
CVE
added 2013/09/19 10:27 a.m.112 views

CVE-2013-1047

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.02313EPSS
CVE
CVE
added 2008/09/12 4:56 p.m.111 views

CVE-2008-3529

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

10CVSS7.3AI score0.58863EPSS
CVE
CVE
added 2017/12/25 9:29 p.m.111 views

CVE-2017-13866

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.00947EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.110 views

CVE-2018-4192

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" co...

7.5CVSS8AI score0.54904EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.109 views

CVE-2017-2369

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and app...

8.8CVSS7.8AI score0.04575EPSS
CVE
CVE
added 2024/03/08 2:15 a.m.109 views

CVE-2024-23263

A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enfor...

8.1CVSS5.4AI score0.00374EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.108 views

CVE-2017-2350

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted w...

6.5CVSS5.6AI score0.00522EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.108 views

CVE-2017-7156

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.00947EPSS
CVE
CVE
added 2022/11/01 8:15 p.m.108 views

CVE-2022-32923

A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app.

6.5CVSS6.3AI score0.00193EPSS
CVE
CVE
added 2023/12/12 1:15 a.m.108 views

CVE-2023-42890

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.

8.8CVSS8.4AI score0.00413EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.107 views

CVE-2018-4232

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attacker...

4.3CVSS5.2AI score0.01337EPSS
CVE
CVE
added 2024/03/08 2:15 a.m.107 views

CVE-2024-23280

An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.

7.5CVSS5AI score0.0053EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.106 views

CVE-2017-2364

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

6.5CVSS5.9AI score0.18057EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.106 views

CVE-2017-2366

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of...

8.8CVSS8.1AI score0.00728EPSS
CVE
CVE
added 2010/06/30 6:30 p.m.105 views

CVE-2010-2249

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

6.5CVSS7.4AI score0.01567EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.105 views

CVE-2017-2355

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arb...

8.8CVSS7.9AI score0.00824EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.105 views

CVE-2017-2373

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and app...

8.8CVSS7.5AI score0.06651EPSS
CVE
CVE
added 2017/10/23 1:29 a.m.105 views

CVE-2017-7089

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandl...

6.1CVSS5.4AI score0.04871EPSS
Total number of security vulnerabilities1524