Lucene search

K
AppleSafari

119 matches found

CVE
CVE
added 2021/02/16 5:15 p.m.1905 views

CVE-2021-23841

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if t...

5.9CVSS7AI score0.00665EPSS
CVE
CVE
added 2021/03/26 9:15 p.m.1319 views

CVE-2020-7463

In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-fre...

5.5CVSS5.8AI score0.00049EPSS
CVE
CVE
added 2021/10/28 7:15 p.m.629 views

CVE-2021-30836

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory.

5.5CVSS5.8AI score0.00221EPSS
CVE
CVE
added 2023/05/08 8:15 p.m.333 views

CVE-2023-27932

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy.

5.5CVSS5.8AI score0.00011EPSS
CVE
CVE
added 2021/09/08 2:15 p.m.225 views

CVE-2021-30720

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers.

5.8CVSS5.7AI score0.00477EPSS
CVE
CVE
added 2021/09/08 3:15 p.m.191 views

CVE-2021-30682

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information.

5.5CVSS5.6AI score0.00309EPSS
CVE
CVE
added 2022/12/15 7:15 p.m.180 views

CVE-2022-46692

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy.

5.5CVSS5.9AI score0.00008EPSS
CVE
CVE
added 2012/11/03 5:55 p.m.154 views

CVE-2012-3748

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

5.1CVSS7.5AI score0.30417EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.149 views

CVE-2018-4266

A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

5.9CVSS6.5AI score0.00355EPSS
CVE
CVE
added 2020/06/09 5:15 p.m.130 views

CVE-2020-9801

A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application.

5.3CVSS6AI score0.25648EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.128 views

CVE-2010-5070

The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than ...

5CVSS5.3AI score0.00732EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.123 views

CVE-2005-0234

The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

5CVSS6.5AI score0.00495EPSS
CVE
CVE
added 2022/11/01 8:15 p.m.121 views

CVE-2022-42824

A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information.

5.5CVSS5.7AI score0.00026EPSS
CVE
CVE
added 2021/08/24 7:15 p.m.94 views

CVE-2021-30861

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may bypass Gatekeeper checks.

5.5CVSS5.8AI score0.00236EPSS
CVE
CVE
added 2009/01/02 7:30 p.m.91 views

CVE-2008-5821

Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.

5CVSS6.2AI score0.10801EPSS
CVE
CVE
added 2010/11/22 1:0 p.m.91 views

CVE-2010-3804

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a relat...

5CVSS8.2AI score0.19249EPSS
CVE
CVE
added 2020/10/16 5:15 p.m.90 views

CVE-2020-9916

A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destin...

5.3CVSS5.8AI score0.00526EPSS
CVE
CVE
added 2023/12/12 1:15 a.m.90 views

CVE-2023-42883

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.

5.5CVSS5.7AI score0.00022EPSS
CVE
CVE
added 2017/07/20 4:29 p.m.88 views

CVE-2017-7064

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read ...

5.5CVSS5.5AI score0.03323EPSS
CVE
CVE
added 2006/04/25 5:6 p.m.87 views

CVE-2006-2019

Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.

5CVSS6.2AI score0.12657EPSS
CVE
CVE
added 2016/07/22 2:59 a.m.85 views

CVE-2016-4590

WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

5.4CVSS5.8AI score0.00435EPSS
CVE
CVE
added 2017/10/23 1:29 a.m.84 views

CVE-2017-7142

An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites.

5.3CVSS5.5AI score0.00254EPSS
CVE
CVE
added 2024/10/24 5:15 p.m.84 views

CVE-2024-44185

The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

5.5CVSS5.5AI score0.00087EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.82 views

CVE-2005-0976

AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs.

5CVSS6.7AI score0.00362EPSS
CVE
CVE
added 2017/07/20 4:29 p.m.81 views

CVE-2017-7006

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obta...

5.3CVSS5.4AI score0.00644EPSS
CVE
CVE
added 2010/03/19 9:30 p.m.80 views

CVE-2010-1029

Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary co...

5CVSS8.7AI score0.3762EPSS
CVE
CVE
added 2024/07/29 11:15 p.m.77 views

CVE-2024-40779

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash...

5.5CVSS5.9AI score0.00118EPSS
CVE
CVE
added 2006/06/26 4:5 p.m.76 views

CVE-2006-3224

Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of S...

5.4CVSS6.6AI score0.0068EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.76 views

CVE-2024-44296

The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

5.4CVSS6AI score0.00269EPSS
CVE
CVE
added 2022/12/15 7:15 p.m.73 views

CVE-2022-32833

An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history.

5.3CVSS6.2AI score0.00157EPSS
CVE
CVE
added 2024/07/29 11:15 p.m.70 views

CVE-2024-40794

This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without authentication.

5.3CVSS6AI score0.00449EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.68 views

CVE-2023-40417

A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.

5.4CVSS5.8AI score0.00302EPSS
CVE
CVE
added 2015/09/18 10:59 a.m.67 views

CVE-2015-5827

WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event.

5CVSS7.6AI score0.00441EPSS
CVE
CVE
added 2016/09/06 10:59 a.m.67 views

CVE-2016-7152

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

5.3CVSS4.9AI score0.03915EPSS
CVE
CVE
added 2020/10/27 9:15 p.m.66 views

CVE-2020-3852

A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL scheme may be incorrectly ignored when determining multimedia permission for a website.

5.3CVSS5.7AI score0.00284EPSS
CVE
CVE
added 2011/08/09 7:55 p.m.64 views

CVE-2008-7296

Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains...

5.8CVSS6.1AI score0.00435EPSS
CVE
CVE
added 2009/11/13 3:30 p.m.63 views

CVE-2009-2841

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers...

5CVSS6.8AI score0.03879EPSS
CVE
CVE
added 2022/09/20 9:15 p.m.63 views

CVE-2022-32861

A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address.

5.3CVSS5.8AI score0.00185EPSS
CVE
CVE
added 2009/09/21 7:30 p.m.62 views

CVE-2009-3272

Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.

5CVSS8.2AI score0.0444EPSS
CVE
CVE
added 2014/12/10 9:59 p.m.62 views

CVE-2014-4465

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.

5CVSS6.1AI score0.00977EPSS
CVE
CVE
added 2007/09/11 6:17 p.m.61 views

CVE-2007-4812

Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert ...

5CVSS6.8AI score0.04144EPSS
CVE
CVE
added 2024/01/10 10:15 p.m.61 views

CVE-2023-42872

The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data.

5.5CVSS5AI score0.00062EPSS
CVE
CVE
added 2003/06/09 4:0 a.m.59 views

CVE-2003-0355

Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.

5CVSS7AI score0.00353EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.59 views

CVE-2009-1694

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site i...

5.8CVSS6.9AI score0.00637EPSS
CVE
CVE
added 2010/11/22 1:0 p.m.59 views

CVE-2010-3813

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetchin...

5.8CVSS8.5AI score0.00848EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.59 views

CVE-2015-3752

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive informatio...

5CVSS6.9AI score0.01115EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.58 views

CVE-2011-3234

Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.02823EPSS
CVE
CVE
added 2011/12/13 9:55 p.m.58 views

CVE-2011-3908

Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.1AI score0.0234EPSS
CVE
CVE
added 2015/09/18 10:59 a.m.58 views

CVE-2015-3801

The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.

5CVSS5.8AI score0.00977EPSS
CVE
CVE
added 2006/03/31 11:6 a.m.57 views

CVE-2006-1552

Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".

5CVSS6.4AI score0.03822EPSS
Total number of security vulnerabilities119