Safari@* Security Vulnerabilities and Issues — Page 10 of Safari@* CVE List

Lucene search

AppleSafari*

792 matches found

CVE•added 2008/08/27 8:41 p.m.•84 views

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

6.5CVSS6.3AI score0.00802EPSS

CVE•added 2017/07/20 4:29 p.m.•84 views

CVE-2017-7041

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote at...

9.3CVSS8.1AI score0.1308EPSS

CVE•added 2017/07/20 4:29 p.m.•84 views

CVE-2017-7046

8.8CVSS8.1AI score0.0481EPSS

CVE•added 2009/06/10 6:0 p.m.•83 views

CVE-2009-1699

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///e...

7.5CVSS6.9AI score0.05627EPSS

Web

CVE•added 2016/09/25 10:59 a.m.•83 views

CVE-2016-4766

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767,...

8.8CVSS8.7AI score0.00976EPSS

CVE•added 2017/04/02 1:59 a.m.•83 views

CVE-2017-2479

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to...

6.5CVSS6.2AI score0.15758EPSS

CVE•added 2018/04/03 6:29 a.m.•83 views

CVE-2018-4128

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers ...

8.8CVSS8.7AI score0.00579EPSS

CVE•added 2020/12/08 8:15 p.m.•83 views

CVE-2020-9945

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS4.5AI score0.0034EPSS

CVE•added 2025/04/11 3:15 p.m.•83 views

CVE-2023-42875

Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.

7.3CVSS6.7AI score0.00033EPSS

CVE•added 2025/01/27 10:15 p.m.•83 views

CVE-2025-24113

The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing.

4.3CVSS5.6AI score0.0008EPSS

CVE•added 2010/03/19 9:30 p.m.•82 views

CVE-2010-1029

Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary co...

5CVSS8.7AI score0.3762EPSS

CVE•added 2017/07/20 4:29 p.m.•82 views

CVE-2017-7019

8.8CVSS8.1AI score0.00513EPSS

CVE•added 2017/07/20 4:29 p.m.•82 views

CVE-2017-7055

8.8CVSS8.1AI score0.00927EPSS

CVE•added 2018/04/03 6:29 a.m.•82 views

CVE-2017-7153

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" comp...

6.1CVSS5.5AI score0.00779EPSS

CVE•added 2020/04/01 6:15 p.m.•82 views

CVE-2020-3887

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated.

4.3CVSS5.3AI score0.00492EPSS

CVE•added 2020/10/16 5:15 p.m.•82 views

CVE-2020-9936

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lea...

7.8CVSS8.2AI score0.00318EPSS

CVE•added 2017/11/13 3:29 a.m.•81 views

CVE-2017-13792

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.21364EPSS

CVE•added 2018/04/03 6:29 a.m.•81 views

CVE-2017-2493

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain s...

6.5CVSS6.1AI score0.00281EPSS

CVE•added 2018/04/03 6:29 a.m.•81 views

CVE-2018-4088

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affect...

8.8CVSS7.6AI score0.00673EPSS

CVE•added 2017/07/20 4:29 p.m.•80 views

CVE-2017-7043

8.8CVSS8.1AI score0.03473EPSS

CVE•added 2018/06/08 6:29 p.m.•80 views

CVE-2018-4247

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site.

6.5CVSS6.2AI score0.01134EPSS

CVE•added 2020/10/27 8:15 p.m.•80 views

CVE-2019-8728

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS8.8AI score0.00588EPSS

CVE•added 2020/10/27 9:15 p.m.•80 views

CVE-2020-9932

A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.2AI score0.00874EPSS

CVE•added 2020/10/27 8:15 p.m.•79 views

CVE-2019-8734

8.8CVSS8.8AI score0.00588EPSS

CVE•added 2011/10/14 10:55 a.m.•78 views

CVE-2011-3243

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.

4.3CVSS5AI score0.00521EPSS

CVE•added 2016/09/25 10:59 a.m.•78 views

CVE-2016-4765

8.8CVSS8.8AI score0.00976EPSS

CVE•added 2017/11/13 3:29 a.m.•78 views

CVE-2017-13794

8.8CVSS7.7AI score0.21364EPSS

Web

CVE•added 2017/07/20 4:29 p.m.•78 views

CVE-2017-7018

8.8CVSS8.1AI score0.03472EPSS

CVE•added 2017/07/20 4:29 p.m.•78 views

CVE-2017-7030

8.8CVSS8.1AI score0.00513EPSS

CVE•added 2017/07/20 4:29 p.m.•78 views

CVE-2017-7052

8.8CVSS8.1AI score0.00927EPSS

CVE•added 2018/04/03 6:29 a.m.•78 views

CVE-2018-4130

8.8CVSS8.6AI score0.00831EPSS

CVE•added 2025/03/31 11:15 p.m.•78 views

CVE-2025-24167

This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A download's origin may be incorrectly associated.

9.8CVSS5.9AI score0.00056EPSS

CVE•added 2017/11/13 3:29 a.m.•77 views

CVE-2017-13798

8.8CVSS7.7AI score0.19928EPSS

CVE•added 2017/04/02 1:59 a.m.•77 views

CVE-2017-2476

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicati...

8.8CVSS8AI score0.05257EPSS

CVE•added 2019/01/11 6:29 p.m.•77 views

CVE-2018-4277

In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

7.5CVSS5.7AI score0.00562EPSS

CVE•added 2020/10/27 8:15 p.m.•77 views

CVE-2019-8749

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 ...

9.8CVSS7.9AI score0.01253EPSS

CVE•added 2016/09/25 10:59 a.m.•76 views

CVE-2016-4611

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.

8.8CVSS8.3AI score0.08398EPSS

CVE•added 2017/07/20 4:29 p.m.•76 views

CVE-2017-7040

8.8CVSS8.1AI score0.03473EPSS

CVE•added 2017/07/20 4:29 p.m.•76 views

CVE-2017-7059

A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.

6.1CVSS5.8AI score0.00489EPSS

CVE•added 2020/12/08 8:15 p.m.•76 views

CVE-2020-9950

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.1AI score0.0078EPSS

CVE•added 2016/05/20 11:0 a.m.•75 views

CVE-2016-1854

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.

8.8CVSS8.4AI score0.01359EPSS

CVE•added 2017/11/13 3:29 a.m.•75 views

CVE-2017-13791

8.8CVSS7.7AI score0.21364EPSS

CVE•added 2017/11/13 3:29 a.m.•75 views

CVE-2017-13795

8.8CVSS7.7AI score0.21364EPSS

CVE•added 2017/05/22 5:29 a.m.•75 views

CVE-2017-2504

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly in...

6.1CVSS5.8AI score0.00793EPSS

CVE•added 2019/04/03 6:29 p.m.•75 views

CVE-2018-4145

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.3, tvOS 11.3, watchOS 4.3, Safari 11.1, iTunes 12.7.4 for Windows, iCloud for Windows 7.4.

8.8CVSS8.1AI score0.00699EPSS

CVE•added 2012/05/01 10:12 a.m.•74 views

CVE-2012-1521

Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7AI score0.07354EPSS

CVE•added 2017/11/13 3:29 a.m.•74 views

CVE-2017-13803

8.8CVSS7.7AI score0.01056EPSS

CVE•added 2017/07/20 4:29 p.m.•74 views

CVE-2017-7012

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute...

8.8CVSS8AI score0.00707EPSS

CVE•added 2017/07/20 4:29 p.m.•74 views

CVE-2017-7020

8.8CVSS8.1AI score0.00513EPSS

CVE•added 2017/07/20 4:29 p.m.•74 views

CVE-2017-7042

9.3CVSS8.1AI score0.1308EPSS

Total number of security vulnerabilities792