Safari Security Vulnerabilities and Issues — Safari CVE List

Lucene search

AppleSafari

44 matches found

CVE•added 2017/04/24 7:59 p.m.•342 views

CVE-2011-3438

WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution.

8.8CVSS8.8AI score0.00845EPSS

CVE•added 2017/04/02 1:59 a.m.•280 views

CVE-2017-2471

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.

8.8CVSS7.4AI score0.23334EPSS

CVE•added 2017/04/03 5:59 a.m.•89 views

CVE-2017-5949

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory...

9.8CVSS9.9AI score0.01816EPSS

CVE•added 2017/04/02 1:59 a.m.•86 views

CVE-2017-2396

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicati...

8.8CVSS8AI score0.00986EPSS

CVE•added 2017/04/02 1:59 a.m.•86 views

CVE-2017-2454

8.8CVSS8AI score0.04294EPSS

CVE•added 2017/04/02 1:59 a.m.•85 views

CVE-2017-2367

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web sit...

6.5CVSS6.1AI score0.12422EPSS

CVE•added 2017/04/02 1:59 a.m.•85 views

CVE-2017-2395

8.8CVSS8AI score0.00986EPSS

CVE•added 2017/04/02 1:59 a.m.•85 views

CVE-2017-2470

8.8CVSS8AI score0.02682EPSS

CVE•added 2017/04/02 1:59 a.m.•84 views

CVE-2017-2469

8.8CVSS8AI score0.02682EPSS

CVE•added 2017/04/02 1:59 a.m.•83 views

CVE-2017-2481

8.8CVSS8AI score0.01255EPSS

CVE•added 2017/04/02 1:59 a.m.•82 views

CVE-2017-2394

8.8CVSS8AI score0.00986EPSS

CVE•added 2017/04/02 1:59 a.m.•81 views

CVE-2017-2460

8.8CVSS8AI score0.04408EPSS

CVE•added 2017/04/02 1:59 a.m.•81 views

CVE-2017-2480

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to...

6.5CVSS6.2AI score0.19072EPSS

CVE•added 2017/04/02 1:59 a.m.•79 views

CVE-2017-2405

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a ...

8.8CVSS8AI score0.00752EPSS

CVE•added 2017/04/02 1:59 a.m.•79 views

CVE-2017-2446

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of stri...

8.8CVSS7.4AI score0.25094EPSS

CVE•added 2017/04/02 1:59 a.m.•78 views

CVE-2017-2386

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web sit...

6.5CVSS6.1AI score0.00427EPSS

CVE•added 2017/04/02 1:59 a.m.•77 views

CVE-2017-2424

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.

6.5CVSS5.9AI score0.00388EPSS

CVE•added 2017/04/02 1:59 a.m.•77 views

CVE-2017-2447

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a ...

8.1CVSS6.4AI score0.09604EPSS

CVE•added 2017/04/02 1:59 a.m.•77 views

CVE-2017-2475

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site.

6.1CVSS5.9AI score0.00601EPSS

CVE•added 2017/04/02 1:59 a.m.•76 views

CVE-2017-2445

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects.

6.1CVSS5.8AI score0.01127EPSS

CVE•added 2017/04/02 1:59 a.m.•76 views

CVE-2017-2464

8.8CVSS8AI score0.09024EPSS

CVE•added 2017/04/02 1:59 a.m.•75 views

CVE-2017-2476

8.8CVSS8AI score0.05257EPSS

CVE•added 2017/04/02 1:59 a.m.•74 views

CVE-2017-2377

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action dur...

7.5CVSS6.5AI score0.00604EPSS

CVE•added 2017/04/02 1:59 a.m.•74 views

CVE-2017-2433

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web si...

8.8CVSS8AI score0.00752EPSS

CVE•added 2017/04/02 1:59 a.m.•74 views

CVE-2017-2466

8.8CVSS8AI score0.03715EPSS

CVE•added 2017/04/02 1:59 a.m.•74 views

CVE-2017-2468

8.8CVSS8AI score0.04752EPSS

CVE•added 2017/04/02 1:59 a.m.•73 views

CVE-2017-2465

8.8CVSS8AI score0.00986EPSS

CVE•added 2017/04/02 1:59 a.m.•73 views

CVE-2017-2479

6.5CVSS6.2AI score0.15758EPSS

CVE•added 2017/04/02 1:59 a.m.•71 views

CVE-2017-2459

8.8CVSS8AI score0.04294EPSS

CVE•added 2017/04/02 1:59 a.m.•70 views

CVE-2017-2419

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors.

7.5CVSS5.1AI score0.00602EPSS

CVE•added 2017/04/02 1:59 a.m.•68 views

CVE-2017-2442

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

6.5CVSS6.1AI score0.12422EPSS

CVE•added 2017/04/02 1:59 a.m.•68 views

CVE-2017-2444

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of se...

8.8CVSS8.6AI score0.00844EPSS

CVE•added 2017/04/02 1:59 a.m.•67 views

CVE-2017-2453

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof FaceTime prompts in the user interface via a crafted web site.

6.5CVSS6AI score0.00367EPSS

CVE•added 2017/04/02 1:59 a.m.•67 views

CVE-2017-2455

8.8CVSS8AI score0.04294EPSS

CVE•added 2017/04/02 1:59 a.m.•65 views

CVE-2017-2376

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page.

7.5CVSS6.2AI score0.004EPSS

CVE•added 2017/04/02 1:59 a.m.•65 views

CVE-2017-2463

8.8CVSS8.6AI score0.00723EPSS

CVE•added 2017/04/02 1:59 a.m.•65 views

CVE-2017-2486

6.5CVSS6.2AI score0.00356EPSS

CVE•added 2017/04/02 1:59 a.m.•64 views

CVE-2017-2378

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and...

8.8CVSS8.4AI score0.00803EPSS

CVE•added 2017/04/02 1:59 a.m.•64 views

CVE-2017-2392

An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

7.8CVSS7.4AI score0.00331EPSS

CVE•added 2017/04/02 1:59 a.m.•62 views

CVE-2017-2457

8.8CVSS8AI score0.02526EPSS

CVE•added 2017/04/02 1:59 a.m.•61 views

CVE-2017-2389

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site.

8.1CVSS7.3AI score0.00955EPSS

CVE•added 2017/04/02 1:59 a.m.•51 views

CVE-2017-2385

An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors.

5.5CVSS5.5AI score0.00063EPSS

CVE•added 2017/04/03 5:59 a.m.•43 views

CVE-2016-10222

runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function...

7.5CVSS7.4AI score0.00464EPSS

CVE•added 2017/04/03 5:59 a.m.•26 views

CVE-2016-10226

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssembl...

7.5CVSS7.3AI score0.00464EPSS