Filtered by vendor Apple
Subscriptions
Filtered by product Safari
Subscriptions
Total
1593 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1782 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site. | ||||
| CVE-2014-1309 | 1 Apple | 1 Safari | 2025-04-12 | N/A |
| WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | ||||
| CVE-2014-1343 | 1 Apple | 1 Safari | 2025-04-12 | N/A |
| WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | ||||
| CVE-2016-1781 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors. | ||||
| CVE-2016-1728 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site. | ||||
| CVE-2016-1725 | 1 Apple | 3 Iphone Os, Safari, Watchos | 2025-04-12 | N/A |
| WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726. | ||||
| CVE-2016-1723 | 1 Apple | 3 Iphone Os, Safari, Watchos | 2025-04-12 | N/A |
| WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726. | ||||
| CVE-2014-4452 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-12 | N/A |
| WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. | ||||
| CVE-2014-4363 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. | ||||
| CVE-2016-1778 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | ||||
| CVE-2016-1783 | 2 Apple, Webkitgtk | 4 Iphone Os, Safari, Tvos and 1 more | 2025-04-12 | N/A |
| WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | ||||
| CVE-2014-4466 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-12 | N/A |
| WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. | ||||
| CVE-2014-4473 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-12 | N/A |
| WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. | ||||
| CVE-2015-1155 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. | ||||
| CVE-2011-2855 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | N/A |
| Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | ||||
| CVE-2010-1420 | 2 Apple, Microsoft | 5 Cfnetwork, Safari, Windows 7 and 2 more | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file. | ||||
| CVE-2011-2800 | 3 Apple, Debian, Google | 4 Iphone Os, Safari, Debian Linux and 1 more | 2025-04-11 | N/A |
| Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site. | ||||
| CVE-2011-2854 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing." | ||||
| CVE-2010-1205 | 11 Apple, Canonical, Debian and 8 more | 18 Iphone Os, Itunes, Mac Os X and 15 more | 2025-04-11 | 9.8 Critical |
| Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | ||||
| CVE-2010-4008 | 9 Apache, Apple, Canonical and 6 more | 16 Openoffice, Iphone Os, Itunes and 13 more | 2025-04-11 | N/A |
| libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. | ||||