Safari@* Security Vulnerabilities and Issues — Page 10 of Safari@* CVE List

Lucene search

AppleSafari*

1421 matches found

CVE•added 2017/07/20 4:29 p.m.•83 views

CVE-2017-7048

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote at...

8.8CVSS8.1AI score0.0481EPSS

CVE•added 2017/10/23 1:29 a.m.•83 views

CVE-2017-7092

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execu...

8.8CVSS7.7AI score0.29833EPSS

CVE•added 2017/10/23 1:29 a.m.•83 views

CVE-2017-7104

8.8CVSS7.7AI score0.00513EPSS

CVE•added 2019/04/03 6:29 p.m.•83 views

CVE-2018-4374

A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

6.1CVSS6.4AI score0.00643EPSS

CVE•added 2020/10/27 8:15 p.m.•83 views

CVE-2019-8827

The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. ...

4.3CVSS5.2AI score0.00609EPSS

CVE•added 2016/09/25 10:59 a.m.•82 views

CVE-2016-4766

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767,...

8.8CVSS8.7AI score0.00976EPSS

CVE•added 2017/07/20 4:29 p.m.•82 views

CVE-2017-7011

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements.

6.5CVSS6.1AI score0.00835EPSS

CVE•added 2017/07/20 4:29 p.m.•82 views

CVE-2017-7038

A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.

6.1CVSS5.8AI score0.0561EPSS

CVE•added 2017/07/20 4:29 p.m.•82 views

CVE-2017-7041

9.3CVSS8.1AI score0.1308EPSS

CVE•added 2017/10/23 1:29 a.m.•82 views

CVE-2017-7081

8.8CVSS8AI score0.00513EPSS

CVE•added 2017/10/23 1:29 a.m.•82 views

CVE-2017-7099

8.8CVSS8AI score0.00513EPSS

CVE•added 2017/10/23 1:29 a.m.•82 views

CVE-2017-7120

8.8CVSS7.7AI score0.00513EPSS

CVE•added 2020/12/08 8:15 p.m.•82 views

CVE-2020-9945

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS4.5AI score0.0034EPSS

CVE•added 2009/06/10 6:0 p.m.•81 views

CVE-2009-1699

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///e...

7.5CVSS6.9AI score0.05627EPSS

CVE•added 2010/11/17 1:0 a.m.•81 views

CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a...

4.3CVSS5.6AI score0.00728EPSS

CVE•added 2016/09/25 10:59 a.m.•81 views

CVE-2016-4735

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734.

9.3CVSS8.4AI score0.08398EPSS

CVE•added 2017/02/20 8:59 a.m.•81 views

CVE-2016-7632

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of ser...

8.8CVSS8.1AI score0.00769EPSS

CVE•added 2017/04/02 1:59 a.m.•81 views

CVE-2017-2394

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicati...

8.8CVSS8AI score0.00986EPSS

CVE•added 2017/07/20 4:29 p.m.•81 views

CVE-2017-7006

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obta...

5.3CVSS5.4AI score0.00644EPSS

CVE•added 2017/10/23 1:29 a.m.•81 views

CVE-2017-7090

7.5CVSS5.6AI score0.00613EPSS

CVE•added 2020/04/01 6:15 p.m.•81 views

CVE-2020-3887

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated.

4.3CVSS5.3AI score0.00492EPSS

CVE•added 2020/10/16 5:15 p.m.•81 views

CVE-2020-9936

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lea...

7.8CVSS8.2AI score0.00318EPSS

CVE•added 2024/06/10 9:15 p.m.•81 views

CVE-2024-27820

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.

8.8CVSS7.1AI score0.00424EPSS

CVE•added 2025/01/27 10:15 p.m.•81 views

CVE-2025-24113

The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing.

4.3CVSS5.6AI score0.0005EPSS

CVE•added 2010/03/19 9:30 p.m.•80 views

CVE-2010-1029

Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary co...

5CVSS8.7AI score0.3762EPSS

CVE•added 2015/05/08 12:59 a.m.•80 views

CVE-2015-1152

WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.

6.8CVSS8.8AI score0.01171EPSS

CVE•added 2017/04/02 1:59 a.m.•80 views

CVE-2017-2460

8.8CVSS8AI score0.04408EPSS

CVE•added 2017/04/02 1:59 a.m.•80 views

CVE-2017-2480

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to...

6.5CVSS6.2AI score0.19072EPSS

CVE•added 2017/07/20 4:29 p.m.•80 views

CVE-2017-7046

8.8CVSS8.1AI score0.0481EPSS

CVE•added 2017/07/20 4:29 p.m.•80 views

CVE-2017-7055

8.8CVSS8.1AI score0.00927EPSS

CVE•added 2017/10/23 1:29 a.m.•80 views

CVE-2017-7094

8.8CVSS8AI score0.00513EPSS

CVE•added 2017/10/23 1:29 a.m.•80 views

CVE-2017-7095

8.8CVSS7.7AI score0.00513EPSS

CVE•added 2018/04/03 6:29 a.m.•80 views

CVE-2017-7153

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" comp...

6.1CVSS5.5AI score0.00324EPSS

CVE•added 2018/04/03 6:29 a.m.•80 views

CVE-2018-4128

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers ...

8.8CVSS8.7AI score0.00579EPSS

CVE•added 2025/03/10 7:15 p.m.•80 views

CVE-2024-44192

The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.

6.5CVSS5.8AI score0.00056EPSS

CVE•added 2017/04/02 1:59 a.m.•79 views

CVE-2017-2405

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a ...

8.8CVSS8AI score0.00752EPSS

CVE•added 2017/05/22 5:29 a.m.•79 views

CVE-2017-2539

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we...

8.8CVSS8AI score0.008EPSS

CVE•added 2020/10/27 8:15 p.m.•79 views

CVE-2019-8728

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS8.8AI score0.00588EPSS

CVE•added 2024/07/29 11:15 p.m.•79 views

CVE-2024-40776

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process cr...

6.5CVSS6AI score0.0319EPSS

CVE•added 2008/08/27 8:41 p.m.•78 views

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

6.5CVSS6.3AI score0.00802EPSS

CVE•added 2011/07/21 11:55 p.m.•78 views

CVE-2011-0216

Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.

9.3CVSS8.5AI score0.01308EPSS

CVE•added 2016/09/25 10:59 a.m.•78 views

CVE-2016-4734

9.6CVSS8.4AI score0.08398EPSS

CVE•added 2017/04/02 1:59 a.m.•78 views

CVE-2017-2386

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web sit...

6.5CVSS6.1AI score0.00427EPSS

CVE•added 2017/04/02 1:59 a.m.•78 views

CVE-2017-2446

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of stri...

8.8CVSS7.4AI score0.25094EPSS

CVE•added 2017/07/20 4:29 p.m.•78 views

CVE-2017-7019

8.8CVSS8.1AI score0.00513EPSS

CVE•added 2017/10/23 1:29 a.m.•78 views

CVE-2017-7096

8.8CVSS7.7AI score0.00513EPSS

CVE•added 2018/04/03 6:29 a.m.•78 views

CVE-2018-4088

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affect...

8.8CVSS7.6AI score0.00673EPSS

CVE•added 2018/06/08 6:29 p.m.•78 views

CVE-2018-4247

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site.

6.5CVSS6.2AI score0.01134EPSS

CVE•added 2020/10/27 8:15 p.m.•78 views

CVE-2019-8734

8.8CVSS8.8AI score0.00588EPSS

CVE•added 2020/10/27 9:15 p.m.•78 views

CVE-2020-9932

A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.2AI score0.00874EPSS

Total number of security vulnerabilities1421