Safari

safari

Vendor: Apple • 1,598 CVEs

CVEs (1,598)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-4751 1Apple 1Safari May 6, 2026 Sep 25, 2016 N/A· v4 3.5 LOW· v3 4.3 MEDIUM· v2 The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site.
CVE-2016-4737 1Apple 4Iphone Os SafariTvos+1 more May 6, 2026 Sep 25, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2016-4735 1Apple 3Iphone Os SafariTvos May 6, 2026 Sep 25, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability tha...Show more WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734.Show less
CVE-2016-4734 1Apple 3Iphone Os SafariTvos May 6, 2026 Sep 25, 2016 N/A· v4 9.6 CRITICAL· v3 9.3 HIGH· v2 WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability tha...Show more WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735.Show less
CVE-2016-4733 1Apple 3Iphone Os SafariTvos May 6, 2026 Sep 25, 2016 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability tha...Show more WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.Show less
CVE-2016-4731 1Apple 2Iphone Os Safari May 6, 2026 Sep 25, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729.
CVE-2016-4730 1Apple 3Iphone Os SafariTvos May 6, 2026 Sep 25, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability tha...Show more WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.Show less
CVE-2016-4729 1Apple 2Iphone Os Safari May 6, 2026 Sep 25, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731.
CVE-2016-4728 1Apple 4Iphone Os ItunesSafari+1 more May 6, 2026 Sep 25, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.
CVE-2016-4618 1Apple 2Iphone Os Safari May 6, 2026 Sep 25, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
CVE-2016-4611 1Apple 3Iphone Os SafariTvos May 6, 2026 Sep 25, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability tha...Show more WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.Show less
CVE-2016-7153 5Apple GoogleMicrosoft+2 more 6Chrome EdgeFirefox+3 more May 6, 2026 Sep 6, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser c...Show more The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.Show less
CVE-2016-7152 5Apple GoogleMicrosoft+2 more 6Chrome EdgeFirefox+3 more May 6, 2026 Sep 6, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser co...Show more The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.Show less
CVE-2016-4651 1Apple 2Iphone Os Safari May 6, 2026 Jul 22, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response,...Show more Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability.Show less
CVE-2016-4624 1Apple 3Iphone Os SafariTvos May 6, 2026 Jul 22, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerab...Show more WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623.Show less
CVE-2016-4623 1Apple 3Iphone Os SafariTvos May 6, 2026 Jul 22, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerab...Show more WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624.Show less
CVE-2016-4622 1Apple 3Iphone Os SafariTvos May 6, 2026 Jul 22, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerab...Show more WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.Show less
CVE-2016-4604 1Apple 1Safari May 6, 2026 Jul 22, 2016 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.
CVE-2016-4590 1Apple 2Safari Webkit May 6, 2026 Jul 22, 2016 N/A· v4 5.4 MEDIUM· v3 4.3 MEDIUM· v2 WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2016-4586 1Apple 2Safari Tvos May 6, 2026 Jul 22, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Previous 1...394041...80 Next