Safari

safari

Vendor: Apple • 1,598 CVEs

CVEs (1,598)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-4584 1Apple 3Iphone Os SafariTvos May 6, 2026 Jul 22, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte...Show more The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.Show less
CVE-2016-1864 1Apple 2Iphone Os Safari May 6, 2026 Jun 19, 2016 N/A· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
CVE-2016-1859 2Apple Webkitgtk 4Iphone Os SafariTvos+1 more May 6, 2026 May 20, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web...Show more The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.Show less
CVE-2016-1858 2Apple Webkitgtk 4Iphone Os SafariTvos+1 more May 6, 2026 May 20, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.
CVE-2016-1857 2Apple Webkitgtk 4Iphone Os SafariTvos+1 more May 6, 2026 May 20, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a differen...Show more WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.Show less
CVE-2016-1856 2Apple Webkitgtk 4Iphone Os SafariTvos+1 more May 6, 2026 May 20, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a differen...Show more WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857.Show less
CVE-2016-1855 1Apple 3Iphone Os SafariTvos May 6, 2026 May 20, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a differen...Show more WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857.Show less
CVE-2016-1854 2Apple Webkitgtk 4Iphone Os SafariTvos+1 more May 6, 2026 May 20, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a differen...Show more WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.Show less
CVE-2016-1849 1Apple 2Iphone Os Safari May 6, 2026 May 20, 2016 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive in...Show more The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.Show less
CVE-2016-1786 1Apple 2Iphone Os Safari May 6, 2026 Mar 24, 2016 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass...Show more The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.Show less
CVE-2016-1785 1Apple 2Iphone Os Safari May 6, 2026 Mar 24, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtai...Show more The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.Show less
CVE-2016-1784 1Apple 3Iphone Os SafariTvos May 6, 2026 Mar 24, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web sit...Show more The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site.Show less
CVE-2016-1783 2Apple Webkitgtk 4Iphone Os SafariTvos+1 more May 6, 2026 Mar 24, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2016-1782 1Apple 2Iphone Os Safari May 6, 2026 Mar 24, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site.
CVE-2016-1781 1Apple 2Iphone Os Safari May 6, 2026 Mar 24, 2016 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.
CVE-2016-1779 1Apple 2Iphone Os Safari May 6, 2026 Mar 24, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.
CVE-2016-1778 1Apple 2Iphone Os Safari May 6, 2026 Mar 24, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2016-1772 1Apple 1Safari May 6, 2026 Mar 24, 2016 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors.
CVE-2016-1771 1Apple 1Safari May 6, 2026 Mar 24, 2016 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site.
CVE-2016-1762 6Apple CanonicalDebian+3 more 15Debian Linux Enterprise Linux DesktopEnterprise Linux Server+12 more May 6, 2026 Mar 24, 2016 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

Previous 1...404142...80 Next