Safari Security Vulnerabilities and Issues — Safari CVE List

Lucene search

AppleSafari

23 matches found

CVE•added 2016/09/25 10:59 a.m.•124 views

CVE-2016-4618

Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

6.1CVSS5.8AI score0.005EPSS

CVE•added 2016/09/25 11:0 a.m.•104 views

CVE-2016-4768

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766,...

8.8CVSS8.8AI score0.00976EPSS

CVE•added 2016/09/25 11:0 a.m.•93 views

CVE-2016-4767

8.8CVSS8.8AI score0.00976EPSS

CVE•added 2016/09/25 10:59 a.m.•90 views

CVE-2016-4733

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.

9.3CVSS8.4AI score0.08398EPSS

CVE•added 2016/09/25 10:59 a.m.•87 views

CVE-2016-4759

8.8CVSS8.7AI score0.00976EPSS

CVE•added 2016/09/25 10:59 a.m.•82 views

CVE-2016-4735

9.3CVSS8.4AI score0.08398EPSS

CVE•added 2016/09/25 10:59 a.m.•82 views

CVE-2016-4766

8.8CVSS8.7AI score0.00976EPSS

CVE•added 2016/09/25 10:59 a.m.•79 views

CVE-2016-4734

9.6CVSS8.4AI score0.08398EPSS

CVE•added 2016/09/25 10:59 a.m.•77 views

CVE-2016-4765

8.8CVSS8.8AI score0.00976EPSS

CVE•added 2016/09/25 10:59 a.m.•75 views

CVE-2016-4762

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.7AI score0.00707EPSS

CVE•added 2016/09/25 10:59 a.m.•68 views

CVE-2016-4611

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.

8.8CVSS8.3AI score0.08398EPSS

CVE•added 2016/09/25 10:59 a.m.•67 views

CVE-2016-4728

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.

8.8CVSS8.4AI score0.01042EPSS

CVE•added 2016/09/06 10:59 a.m.•67 views

CVE-2016-7152

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

5.3CVSS4.9AI score0.03915EPSS

CVE•added 2016/09/25 10:59 a.m.•63 views

CVE-2016-4730

9.3CVSS8.3AI score0.08398EPSS

CVE•added 2016/09/25 10:59 a.m.•62 views

CVE-2016-4758

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.

6.5CVSS6.1AI score0.01043EPSS

CVE•added 2016/09/25 10:59 a.m.•62 views

CVE-2016-4760

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.

6.5CVSS6.5AI score0.0107EPSS

CVE•added 2016/09/25 11:0 a.m.•62 views

CVE-2016-4769

WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

8.8CVSS8.9AI score0.00701EPSS

CVE•added 2016/09/25 10:59 a.m.•60 views

CVE-2016-4737

WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.3CVSS9.1AI score0.01841EPSS

CVE•added 2016/09/25 10:59 a.m.•58 views

CVE-2016-4763

WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

6.8CVSS6.1AI score0.00228EPSS

CVE•added 2016/09/25 10:59 a.m.•53 views

CVE-2016-4751

The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site.

4.3CVSS5.2AI score0.0032EPSS

CVE•added 2016/09/25 10:59 a.m.•51 views

CVE-2016-4729

WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731.

9.3CVSS8.7AI score0.01203EPSS

CVE•added 2016/09/06 10:59 a.m.•51 views

CVE-2016-7153

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

5.3CVSS4.9AI score0.03915EPSS

CVE•added 2016/09/25 10:59 a.m.•48 views

CVE-2016-4731

9.3CVSS8.7AI score0.01203EPSS