Safari

safari

Vendor: Apple • 1,598 CVEs

CVEs (1,598)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-5796 1Apple 3Iphone Os ItunesSafari May 6, 2026 Sep 18, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v...Show more WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.Show less
CVE-2015-5795 1Apple 3Iphone Os ItunesSafari May 6, 2026 Sep 18, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v...Show more WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.Show less
CVE-2015-5794 1Apple 3Iphone Os ItunesSafari May 6, 2026 Sep 18, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v...Show more WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.Show less
CVE-2015-5793 1Apple 3Iphone Os ItunesSafari May 6, 2026 Sep 18, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web s...Show more WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.Show less
CVE-2015-5792 1Apple 3Iphone Os ItunesSafari May 6, 2026 Sep 18, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v...Show more WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.Show less
CVE-2015-5791 1Apple 3Iphone Os ItunesSafari May 6, 2026 Sep 18, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web s...Show more WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.Show less
CVE-2015-5790 1Apple 3Iphone Os ItunesSafari May 6, 2026 Sep 18, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v...Show more WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.Show less
CVE-2015-5789 1Apple 3Iphone Os ItunesSafari May 6, 2026 Sep 18, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v...Show more WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.Show less
CVE-2015-5788 1Apple 2Iphone Os Safari May 6, 2026 Sep 18, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
CVE-2015-5767 1Apple 2Iphone Os Safari May 6, 2026 Sep 18, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765.
CVE-2015-5765 1Apple 2Iphone Os Safari May 6, 2026 Sep 18, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.
CVE-2015-5764 1Apple 2Iphone Os Safari May 6, 2026 Sep 18, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767.
CVE-2015-3801 1Apple 2Iphone Os Safari May 6, 2026 Sep 18, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.
CVE-2015-5748 1Apple 3Iphone Os Mac Os XSafari May 6, 2026 Aug 17, 2015 N/A· v4 N/A· v3 2.1 LOW· v2 The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
CVE-2015-3755 1Apple 2Iphone Os Safari May 6, 2026 Aug 16, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
CVE-2015-3754 1Apple 1Safari May 6, 2026 Aug 16, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers t...Show more The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site.Show less
CVE-2015-3753 1Apple 2Iphone Os Safari May 6, 2026 Aug 16, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to...Show more WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.Show less
CVE-2015-3752 2Apple Canonical 3Iphone Os SafariUbuntu Linux May 6, 2026 Aug 16, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission fo...Show more The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request.Show less
CVE-2015-3751 1Apple 2Iphone Os Safari May 6, 2026 Aug 16, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a vid...Show more WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element.Show less
CVE-2015-3750 1Apple 2Iphone Os Safari May 6, 2026 Aug 16, 2015 N/A· v4 N/A· v3 6.4 MEDIUM· v2 WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Sec...Show more WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream.Show less

Previous 1...444546...80 Next