Lucene search

K
AppleSafari

175 matches found

CVE
CVE
added 2015/05/21 12:59 a.m.1130 views

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then ...

4.3CVSS4.8AI score0.94027EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.387 views

CVE-2022-22654

A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS5.7AI score0.00222EPSS
CVE
CVE
added 2020/10/16 5:15 p.m.259 views

CVE-2020-9894

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application...

4.3CVSS6.7AI score0.00204EPSS
CVE
CVE
added 2020/04/01 6:15 p.m.180 views

CVE-2020-3885

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.

4.3CVSS5.6AI score0.00294EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.166 views

CVE-2019-8670

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS4.9AI score0.00378EPSS
CVE
CVE
added 2019/01/11 6:29 p.m.159 views

CVE-2018-4278

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.

4.3CVSS5.5AI score0.00328EPSS
CVE
CVE
added 2012/03/08 4:15 a.m.154 views

CVE-2011-3844

Apple Safari 5.0.5 does not properly implement the setInterval function, which allows remote attackers to spoof the address bar via a crafted web page.

4.3CVSS6AI score0.00277EPSS
CVE
CVE
added 2023/02/27 8:15 p.m.138 views

CVE-2022-46705

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS3.5AI score0.00178EPSS
CVE
CVE
added 2020/12/08 8:15 p.m.133 views

CVE-2020-9942

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS4.9AI score0.00247EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.123 views

CVE-2025-30427

A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

4.3CVSS5.9AI score0.00083EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.123 views

CVE-2025-31257

This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

4.7CVSS5.8AI score0.00083EPSS
CVE
CVE
added 2024/03/08 2:15 a.m.117 views

CVE-2024-23273

This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.

4.3CVSS4.3AI score0.00087EPSS
CVE
CVE
added 2022/09/20 9:15 p.m.113 views

CVE-2022-32868

A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions.

4.3CVSS4.9AI score0.00207EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.107 views

CVE-2018-4232

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attacker...

4.3CVSS5.2AI score0.01891EPSS
CVE
CVE
added 2009/01/28 6:30 p.m.103 views

CVE-2009-0321

Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence.

4.3CVSS6.4AI score0.02716EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.94 views

CVE-2025-24216

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

4.3CVSS5.5AI score0.00071EPSS
CVE
CVE
added 2020/10/27 9:15 p.m.88 views

CVE-2019-8898

An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has ...

4.3CVSS4.7AI score0.00456EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.87 views

CVE-2005-0341

Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks.

4.3CVSS5.5AI score0.00409EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.83 views

CVE-2019-8827

The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. ...

4.3CVSS5.2AI score0.00609EPSS
CVE
CVE
added 2020/12/08 8:15 p.m.82 views

CVE-2020-9945

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS4.5AI score0.0034EPSS
CVE
CVE
added 2010/11/17 1:0 a.m.81 views

CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a...

4.3CVSS5.6AI score0.00728EPSS
CVE
CVE
added 2020/04/01 6:15 p.m.81 views

CVE-2020-3887

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated.

4.3CVSS5.3AI score0.00492EPSS
CVE
CVE
added 2025/01/27 10:15 p.m.81 views

CVE-2025-24113

The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing.

4.3CVSS5.6AI score0.0005EPSS
CVE
CVE
added 2017/10/23 1:29 a.m.77 views

CVE-2017-7144

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling.

4.3CVSS5AI score0.00446EPSS
CVE
CVE
added 2020/12/08 8:15 p.m.76 views

CVE-2020-9993

The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS5AI score0.00247EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.74 views

CVE-2024-44244

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.

4.3CVSS8.1AI score0.00283EPSS
CVE
CVE
added 2010/02/18 6:0 p.m.71 views

CVE-2010-0651

WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive in...

4.3CVSS7.3AI score0.02258EPSS
CVE
CVE
added 2010/06/11 6:0 p.m.69 views

CVE-2010-1395

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issu...

4.3CVSS7AI score0.01195EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.68 views

CVE-2011-3243

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.

4.3CVSS5AI score0.00521EPSS
CVE
CVE
added 2020/12/08 8:15 p.m.68 views

CVE-2020-9987

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS5.1AI score0.00284EPSS
CVE
CVE
added 2012/11/15 11:58 a.m.67 views

CVE-2012-5851

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka r...

4.3CVSS5.2AI score0.00344EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.67 views

CVE-2015-3755

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.

4.3CVSS7.8AI score0.01386EPSS
CVE
CVE
added 2010/06/11 7:30 p.m.65 views

CVE-2010-0544

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL.

4.3CVSS5.2AI score0.00763EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.65 views

CVE-2016-7592

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive information via crafted Jav...

4.3CVSS4.9AI score0.00618EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.65 views

CVE-2025-30467

The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS5.6AI score0.00034EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.64 views

CVE-2009-1702

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.

4.3CVSS6.5AI score0.00573EPSS
CVE
CVE
added 2020/02/27 9:15 p.m.64 views

CVE-2020-3833

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.5. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS4.7AI score0.00351EPSS
CVE
CVE
added 2020/04/01 6:15 p.m.64 views

CVE-2020-9784

A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings.

4.3CVSS5.4AI score0.00255EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.64 views

CVE-2025-30425

This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode.

4.3CVSS5.7AI score0.00046EPSS
CVE
CVE
added 2007/06/25 7:30 p.m.63 views

CVE-2007-2400

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to p...

4.3CVSS5.3AI score0.00304EPSS
CVE
CVE
added 2009/11/13 3:30 p.m.63 views

CVE-2009-2842

Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.

4.3CVSS5.9AI score0.00796EPSS
CVE
CVE
added 2015/10/09 5:59 a.m.63 views

CVE-2015-5828

The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.

4.3CVSS7.8AI score0.00779EPSS
CVE
CVE
added 2009/04/02 5:30 p.m.62 views

CVE-2009-1233

Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.

4.3CVSS6.5AI score0.03842EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.61 views

CVE-2009-1714

Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.

4.3CVSS6.5AI score0.00648EPSS
CVE
CVE
added 2015/09/18 10:59 a.m.61 views

CVE-2015-5788

The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.

4.3CVSS7.3AI score0.00466EPSS
CVE
CVE
added 2010/03/15 2:15 p.m.60 views

CVE-2010-0051

WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.

4.3CVSS7.3AI score0.02404EPSS
CVE
CVE
added 2010/06/11 6:0 p.m.60 views

CVE-2010-1393

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.

4.3CVSS8.3AI score0.01392EPSS
CVE
CVE
added 2010/06/11 7:30 p.m.60 views

CVE-2010-2264

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages ...

4.3CVSS7.4AI score0.00732EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.60 views

CVE-2011-2800

Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.

4.3CVSS5.5AI score0.01071EPSS
CVE
CVE
added 2011/10/25 7:55 p.m.60 views

CVE-2011-3881

WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedProperty...

4.3CVSS5.4AI score0.00502EPSS
Total number of security vulnerabilities175