Safari@* Security Vulnerabilities and Issues — Page 20 of Safari@* CVE List

CVE•added 2015/09/18 10:59 a.m.•54 views

CVE-2015-5812

CVE•added 2015/12/11 11:59 a.m.•54 views

CVE-2015-7099

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2...

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 12:0 p.m.•54 views

CVE-2015-7103

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2016/02/01 11:59 a.m.•54 views

CVE-2016-1725

WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726.

9.3CVSS7.7AI score0.01632EPSS

CVE•added 2017/05/22 5:29 a.m.•54 views

CVE-2017-2531

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and app...

8.8CVSS8AI score0.06379EPSS

CVE•added 2018/04/03 6:29 a.m.•54 views

CVE-2018-4102

An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.

6.5CVSS6.2AI score0.00527EPSS

CVE•added 2019/04/03 6:29 p.m.•54 views

CVE-2018-4440

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

4.3CVSS5.3AI score0.00344EPSS

CVE•added 2025/03/31 11:15 p.m.•54 views

CVE-2025-24192

A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a website may leak sensitive data.

6.5CVSS5.5AI score0.00044EPSS

CVE•added 2007/09/27 9:17 p.m.•53 views

CVE-2007-3756

Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain.

4.3CVSS6.6AI score0.00991EPSS

CVE•added 2008/06/02 9:30 p.m.•53 views

CVE-2008-1580

CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates...

4.3CVSS5.8AI score0.01429EPSS

CVE•added 2008/11/25 11:30 p.m.•53 views

CVE-2008-4231

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

9.3CVSS7.8AI score0.07665EPSS

CVE•added 2009/06/10 6:0 p.m.•53 views

CVE-2009-1710

WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.

2.6CVSS7.8AI score0.00741EPSS

CVE•added 2010/03/15 1:28 p.m.•53 views

CVE-2010-0048

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

9.3CVSS8.6AI score0.04724EPSS

9.3CVSS8.7AI score0.12489EPSS

CVE-2010-1397

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection re...

9.3CVSS8.8AI score0.09518EPSS

CVE-2010-1398

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft...

5.8CVSS8.1AI score0.00883EPSS

CVE-2010-1409

Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.

9.3CVSS9AI score0.34318EPSS

CVE-2010-1415

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API ...

CVE•added 2010/06/11 7:30 p.m.•53 views

CVE-2010-1418

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preced...

4.3CVSS6.8AI score0.01199EPSS

CVE•added 2010/06/11 7:30 p.m.•53 views

CVE-2010-1761

9.3CVSS8.6AI score0.08374EPSS

CVE•added 2010/07/30 8:30 p.m.•53 views

CVE-2010-1780

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to ele...

9.3CVSS9.1AI score0.06495EPSS

CVE•added 2010/07/30 8:30 p.m.•53 views

CVE-2010-1788

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document...

9.3CVSS9.3AI score0.06539EPSS

CVE•added 2010/10/04 9:0 p.m.•53 views

CVE-2010-1822

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-...

8.8CVSS8.7AI score0.02967EPSS

CVE•added 2011/07/21 11:55 p.m.•53 views

CVE-2011-0233

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•53 views

CVE-2011-1774

WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.

8.8CVSS6.7AI score0.81631EPSS

CVE•added 2011/08/03 12:55 a.m.•53 views

CVE-2011-2788

Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.

6.8CVSS6.5AI score0.03148EPSS

CVE•added 2012/02/16 8:55 p.m.•53 views

CVE-2011-3027

Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

4.3CVSS6.8AI score0.01656EPSS

CVE•added 2012/04/05 10:2 p.m.•53 views

CVE-2011-3071

Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7AI score0.02863EPSS

CVE•added 2012/04/05 10:2 p.m.•53 views

CVE-2011-3074

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.

6.8CVSS6.9AI score0.02128EPSS

CVE•added 2011/10/25 7:55 p.m.•53 views

CVE-2011-3885

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.

7.5CVSS7AI score0.02414EPSS

CVE•added 2012/02/09 4:10 a.m.•53 views

CVE-2011-3968

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.

4.3CVSS7AI score0.01891EPSS

CVE•added 2012/07/25 8:55 p.m.•53 views

CVE-2012-3626

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.02013EPSS

CVE•added 2012/07/25 7:55 p.m.•53 views

CVE-2012-3691

WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

5.8CVSS6AI score0.00227EPSS

CVE•added 2013/09/19 10:27 a.m.•53 views

CVE-2013-1037

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2014/04/02 4:17 p.m.•53 views

CVE-2014-1313

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8CVSS7.8AI score0.00909EPSS

CVE•added 2014/08/14 11:15 a.m.•53 views

CVE-2014-1384

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.

6.8CVSS7.9AI score0.01645EPSS

CVE•added 2014/08/14 11:15 a.m.•53 views

CVE-2014-1388

6.8CVSS7.9AI score0.01645EPSS

CVE•added 2014/12/10 9:59 p.m.•53 views

CVE-2014-4473

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

6.8CVSS7.8AI score0.00843EPSS

CVE•added 2015/03/18 10:59 p.m.•53 views

CVE-2015-1070

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.00787EPSS

CVE•added 2015/08/16 11:59 p.m.•53 views

CVE-2015-3736

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.4AI score0.01643EPSS

CVE•added 2015/08/16 11:59 p.m.•53 views

CVE-2015-3746

6.8CVSS8.4AI score0.01081EPSS

CVE•added 2015/08/16 11:59 p.m.•53 views

CVE-2015-3750

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to...

6.4CVSS6.8AI score0.00771EPSS

CVE-2015-5795

CVE-2015-5799

6.8CVSS8.8AI score0.01009EPSS

CVE-2015-5807

6.8CVSS8.6AI score0.00651EPSS

CVE-2015-5815

WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-...