Safari Security Vulnerabilities and Issues — Page 9 of Safari CVE List

Lucene search

AppleSafari

1538 matches found

CVE•added 2023/06/23 6:15 p.m.•97 views

CVE-2023-32423

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.

6.5CVSS6.4AI score0.00172EPSS

CVE•added 2023/12/12 1:15 a.m.•97 views

CVE-2023-42883

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.

5.5CVSS5.7AI score0.00024EPSS

CVE•added 2024/06/10 9:15 p.m.•97 views

CVE-2024-27838

The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.

6.5CVSS5.9AI score0.00187EPSS

CVE•added 2018/04/03 6:29 a.m.•96 views

CVE-2018-4113

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore fu...

6.5CVSS6.1AI score0.01156EPSS

CVE•added 2021/08/24 7:15 p.m.•96 views

CVE-2021-31008

A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 15.1, tvOS 15.1, iOS 15 and iPadOS 15, macOS Monterey 12.0.1, watchOS 8.1. Processing maliciously crafted web content may lead to code execution.

8.8CVSS7.9AI score0.01231EPSS

CVE•added 2025/01/15 8:15 p.m.•96 views

CVE-2024-27856

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.

7.8CVSS6.6AI score0.00051EPSS

CVE•added 2024/12/12 2:15 a.m.•96 views

CVE-2024-54508

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.

7.5CVSS5.8AI score0.00667EPSS

CVE•added 2007/02/01 12:28 a.m.•95 views

CVE-2007-0646

Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppK...

7.1CVSS6.9AI score0.16243EPSS

CVE•added 2024/01/23 1:15 a.m.•95 views

CVE-2024-23206

An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.

6.5CVSS6AI score0.00516EPSS

CVE•added 2024/06/10 9:15 p.m.•95 views

CVE-2024-27833

An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS7.4AI score0.0025EPSS

CVE•added 2024/06/10 9:15 p.m.•95 views

CVE-2024-27851

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS7.1AI score0.00284EPSS

CVE•added 2021/08/24 7:15 p.m.•94 views

CVE-2021-30861

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may bypass Gatekeeper checks.

5.5CVSS5.8AI score0.00236EPSS

CVE•added 2023/09/27 3:18 p.m.•94 views

CVE-2023-35074

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

8.8CVSS8.6AI score0.00598EPSS

CVE•added 2025/03/10 7:15 p.m.•94 views

CVE-2024-54467

A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.

6.5CVSS5.6AI score0.00082EPSS

CVE•added 2016/07/22 2:59 a.m.•93 views

CVE-2016-4623

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624.

8.8CVSS8.3AI score0.72851EPSS

CVE•added 2016/07/22 2:59 a.m.•93 views

CVE-2016-4624

8.8CVSS8.3AI score0.72851EPSS

CVE•added 2016/09/25 11:0 a.m.•93 views

CVE-2016-4767

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766,...

8.8CVSS8.8AI score0.00976EPSS

CVE•added 2017/07/20 4:29 p.m.•93 views

CVE-2017-7056

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote at...

8.8CVSS8.1AI score0.08109EPSS

CVE•added 2017/10/23 1:29 a.m.•93 views

CVE-2017-7107

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execu...

8.8CVSS7.7AI score0.00513EPSS

CVE•added 2017/10/23 1:29 a.m.•93 views

CVE-2017-7109

6.1CVSS5.4AI score0.00723EPSS

CVE•added 2018/06/08 6:29 p.m.•93 views

CVE-2018-4214

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" co...

8.8CVSS8.4AI score0.07557EPSS

CVE•added 2024/10/24 5:15 p.m.•93 views

CVE-2024-44185

The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

5.5CVSS5.5AI score0.00092EPSS

CVE•added 2024/12/12 2:15 a.m.•93 views

CVE-2024-54479

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.

7.5CVSS5.8AI score0.00708EPSS

CVE•added 2024/12/12 2:15 a.m.•93 views

CVE-2024-54502

The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.

6.5CVSS5.8AI score0.00369EPSS

CVE•added 2017/04/02 1:59 a.m.•92 views

CVE-2017-2367

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web sit...

6.5CVSS6.1AI score0.12422EPSS

CVE•added 2017/10/23 1:29 a.m.•92 views

CVE-2017-7092

8.8CVSS7.7AI score0.29833EPSS

CVE•added 2017/10/23 1:29 a.m.•92 views

CVE-2017-7111

8.8CVSS7.7AI score0.00513EPSS

CVE•added 2020/04/01 6:15 p.m.•92 views

CVE-2020-9783

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.

8.8CVSS8.6AI score0.00547EPSS

CVE•added 2024/07/29 11:15 p.m.•92 views

CVE-2024-40782

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process cr...

9.8CVSS6AI score0.02112EPSS

CVE•added 2010/11/22 1:0 p.m.•91 views

CVE-2010-3804

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a relat...

5CVSS8.2AI score0.18677EPSS

CVE•added 2013/12/17 3:21 p.m.•91 views

CVE-2013-7127

Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file.

2.1CVSS5.2AI score0.00121EPSS

CVE•added 2018/04/03 6:29 a.m.•91 views

CVE-2018-4101

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers ...

8.8CVSS8.7AI score0.00579EPSS

CVE•added 2018/04/03 6:29 a.m.•91 views

CVE-2018-4120

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers ...

8.8CVSS8.7AI score0.00579EPSS

CVE•added 2020/10/27 8:15 p.m.•91 views

CVE-2019-8751

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to ar...

8.8CVSS8.8AI score0.00588EPSS

CVE•added 2020/10/27 8:15 p.m.•91 views

CVE-2019-8752

8.8CVSS8.8AI score0.00588EPSS

CVE•added 2020/10/27 8:15 p.m.•91 views

CVE-2019-8762

A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting.

6.1CVSS6.3AI score0.00721EPSS

CVE•added 2009/04/17 12:30 a.m.•90 views

CVE-2009-0946

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

7.5CVSS8.8AI score0.11816EPSS

CVE•added 2016/09/25 10:59 a.m.•90 views

CVE-2016-4735

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734.

9.3CVSS8.4AI score0.08398EPSS

CVE•added 2017/04/03 5:59 a.m.•90 views

CVE-2017-5949

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory...

9.8CVSS9.9AI score0.01816EPSS

CVE•added 2017/07/20 4:29 p.m.•90 views

CVE-2017-7034

8.8CVSS8.1AI score0.00513EPSS

CVE•added 2017/10/23 1:29 a.m.•90 views

CVE-2017-7093

8.8CVSS7.7AI score0.00513EPSS

CVE•added 2017/10/23 1:29 a.m.•90 views

CVE-2017-7102

8.8CVSS7.7AI score0.00513EPSS

CVE•added 2020/10/16 5:15 p.m.•90 views

CVE-2020-9916

A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destin...

5.3CVSS5.8AI score0.00526EPSS

CVE•added 2024/02/19 11:15 a.m.•90 views

CVE-2024-1580

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

8.8CVSS7.3AI score0.00331EPSS

CVE•added 2017/07/20 4:29 p.m.•89 views

CVE-2017-7064

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read ...

5.5CVSS5.5AI score0.03323EPSS

CVE•added 2019/12/18 6:15 p.m.•89 views

CVE-2019-8602

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to elevate privileges.

7.8CVSS7.7AI score0.0077EPSS

CVE•added 2024/06/10 9:15 p.m.•89 views

CVE-2024-27820

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.

8.8CVSS7.1AI score0.00412EPSS

CVE•added 2009/06/19 4:30 p.m.•88 views

CVE-2009-1692

WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large le...

7.1CVSS5.5AI score0.03998EPSS

Web

CVE•added 2017/04/02 1:59 a.m.•88 views

CVE-2017-2460

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicati...

8.8CVSS8AI score0.04408EPSS

Web

CVE•added 2017/04/02 1:59 a.m.•88 views

CVE-2017-2480

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to...

6.5CVSS6.2AI score0.19072EPSS

Total number of security vulnerabilities1538