Safari@* Security Vulnerabilities and Issues — Page 10 of Safari@* CVE List

Lucene search

AppleSafari*

1435 matches found

CVE•added 2017/04/02 1:59 a.m.•87 views

CVE-2017-2396

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicati...

8.8CVSS8AI score0.00986EPSS

CVE•added 2017/04/02 1:59 a.m.•87 views

CVE-2017-2446

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of stri...

8.8CVSS7.4AI score0.25094EPSS

CVE•added 2017/04/02 1:59 a.m.•87 views

CVE-2017-2454

8.8CVSS8AI score0.04294EPSS

Web

CVE•added 2017/04/02 1:59 a.m.•87 views

CVE-2017-2475

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site.

6.1CVSS5.9AI score0.00601EPSS

CVE•added 2020/10/27 8:15 p.m.•87 views

CVE-2019-8773

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to ar...

8.8CVSS8.8AI score0.00588EPSS

CVE•added 2022/12/15 7:15 p.m.•87 views

CVE-2022-46696

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.9AI score0.00206EPSS

CVE•added 2024/07/29 11:15 p.m.•87 views

CVE-2024-40789

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected proce...

6.5CVSS5.9AI score0.02882EPSS

CVE•added 2025/01/27 10:15 p.m.•87 views

CVE-2024-54542

An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, macOS Sequoia 15.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2. Private Browsing tabs may be accessed without authentication.

9.1CVSS5.9AI score0.00274EPSS

CVE•added 2016/07/22 2:59 a.m.•86 views

CVE-2016-4590

WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

5.4CVSS5.8AI score0.00435EPSS

CVE•added 2017/04/02 1:59 a.m.•86 views

CVE-2017-2395

8.8CVSS8AI score0.00986EPSS

CVE•added 2017/04/02 1:59 a.m.•86 views

CVE-2017-2470

8.8CVSS8AI score0.02682EPSS

CVE•added 2017/07/20 4:29 p.m.•86 views

CVE-2017-7038

A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.

6.1CVSS5.8AI score0.0561EPSS

CVE•added 2017/10/23 1:29 a.m.•86 views

CVE-2017-7098

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execu...

8.8CVSS7.7AI score0.00513EPSS

CVE•added 2017/10/23 1:29 a.m.•86 views

CVE-2017-7104

8.8CVSS7.7AI score0.00513EPSS

CVE•added 2017/10/23 1:29 a.m.•86 views

CVE-2017-7142

An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites.

5.3CVSS5.5AI score0.00254EPSS

CVE•added 2018/04/03 6:29 a.m.•86 views

CVE-2018-4118

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers ...

8.8CVSS8.7AI score0.00579EPSS

CVE•added 2019/12/18 6:15 p.m.•86 views

CVE-2019-8577

An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges.

7.8CVSS7.5AI score0.00244EPSS

CVE•added 2022/11/01 8:15 p.m.•86 views

CVE-2022-32892

An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions.

8.6CVSS7.5AI score0.00145EPSS

CVE•added 2025/04/11 3:15 p.m.•86 views

CVE-2023-42970

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.

8.8CVSS7.1AI score0.00089EPSS

CVE•added 2024/06/10 9:15 p.m.•86 views

CVE-2024-27808

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.

8.8CVSS7.1AI score0.00186EPSS

CVE•added 2024/07/29 11:15 p.m.•86 views

CVE-2024-40780

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS5.9AI score0.00234EPSS

CVE•added 2024/09/17 12:15 a.m.•86 views

CVE-2024-40866

The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.

6.5CVSS6.1AI score0.00112EPSS

CVE•added 2010/11/17 1:0 a.m.•85 views

CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a...

4.3CVSS5.6AI score0.01623EPSS

CVE•added 2017/04/02 1:59 a.m.•85 views

CVE-2017-2447

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a ...

8.1CVSS6.4AI score0.09604EPSS

Web

CVE•added 2017/04/02 1:59 a.m.•85 views

CVE-2017-2469

8.8CVSS8AI score0.02682EPSS

Web

CVE•added 2017/07/20 4:29 p.m.•85 views

CVE-2017-7039

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote at...

8.8CVSS8.1AI score0.03473EPSS

CVE•added 2017/07/20 4:29 p.m.•85 views

CVE-2017-7048

8.8CVSS8.1AI score0.0481EPSS

Web

CVE•added 2016/09/06 10:59 a.m.•84 views

CVE-2016-7152

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

5.3CVSS4.9AI score0.03915EPSS

CVE•added 2017/04/02 1:59 a.m.•84 views

CVE-2017-2445

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects.

6.1CVSS5.8AI score0.01127EPSS

Web

CVE•added 2017/04/02 1:59 a.m.•84 views

CVE-2017-2464

8.8CVSS8AI score0.09024EPSS

Web

CVE•added 2017/04/02 1:59 a.m.•84 views

CVE-2017-2481

8.8CVSS8AI score0.01255EPSS

CVE•added 2017/07/20 4:29 p.m.•84 views

CVE-2017-7006

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obta...

5.3CVSS5.4AI score0.00644EPSS

CVE•added 2017/07/20 4:29 p.m.•84 views

CVE-2017-7011

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements.

6.5CVSS6.1AI score0.00835EPSS

CVE•added 2017/07/20 4:29 p.m.•84 views

CVE-2017-7041

9.3CVSS8.1AI score0.1308EPSS

CVE•added 2017/10/23 1:29 a.m.•84 views

CVE-2017-7081

8.8CVSS8AI score0.00513EPSS

CVE•added 2017/10/23 1:29 a.m.•84 views

CVE-2017-7099

8.8CVSS8AI score0.00513EPSS

CVE•added 2017/10/23 1:29 a.m.•84 views

CVE-2017-7120

8.8CVSS7.7AI score0.00513EPSS

CVE•added 2019/04/03 6:29 p.m.•84 views

CVE-2018-4374

A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

6.1CVSS6.4AI score0.0054EPSS

CVE•added 2020/10/27 8:15 p.m.•84 views

CVE-2019-8827

The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. ...

4.3CVSS5.2AI score0.00609EPSS

CVE•added 2008/08/27 8:41 p.m.•83 views

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

6.5CVSS6.3AI score0.00802EPSS

CVE•added 2016/09/25 10:59 a.m.•83 views

CVE-2016-4766

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767,...

8.8CVSS8.7AI score0.00976EPSS

CVE•added 2017/02/20 8:59 a.m.•83 views

CVE-2016-7632

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of ser...

8.8CVSS8.1AI score0.00769EPSS

CVE•added 2017/04/02 1:59 a.m.•83 views

CVE-2017-2394

8.8CVSS8AI score0.00986EPSS

CVE•added 2017/07/20 4:29 p.m.•83 views

CVE-2017-7046

8.8CVSS8.1AI score0.0481EPSS

CVE•added 2017/10/23 1:29 a.m.•83 views

CVE-2017-7090

7.5CVSS5.6AI score0.00613EPSS

CVE•added 2020/12/08 8:15 p.m.•83 views

CVE-2020-9945

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS4.5AI score0.0034EPSS

CVE•added 2025/01/27 10:15 p.m.•83 views

CVE-2025-24113

The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing.

4.3CVSS5.6AI score0.00058EPSS

CVE•added 2009/06/10 6:0 p.m.•82 views

CVE-2009-1699

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///e...

7.5CVSS6.9AI score0.05627EPSS

CVE•added 2017/04/02 1:59 a.m.•82 views

CVE-2017-2468

8.8CVSS8AI score0.02755EPSS

CVE•added 2017/04/02 1:59 a.m.•82 views

CVE-2017-2479

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to...

6.5CVSS6.2AI score0.15758EPSS

Web

Total number of security vulnerabilities1435