Filtered by vendor Apple
Subscriptions
Filtered by product Safari
Subscriptions
Total
1469 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-40857 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-09-25 | 6.1 Medium |
This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
CVE-2024-44187 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-09-25 | 6.5 Medium |
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. | ||||
CVE-2024-27820 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-09-25 | 8.8 High |
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution. | ||||
CVE-2024-27850 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-09-25 | 6.5 Medium |
This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user. | ||||
CVE-2024-27808 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-09-25 | 8.8 High |
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution. | ||||
CVE-2024-27838 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-09-25 | 6.5 Medium |
The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user. | ||||
CVE-2024-27830 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-09-25 | 6.5 Medium |
This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user. | ||||
CVE-2024-27851 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-09-25 | 8.8 High |
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
CVE-2024-27833 | 1 Apple | 5 Ipados, Iphone Os, Safari and 2 more | 2024-09-25 | 8.8 High |
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
CVE-2024-40866 | 1 Apple | 2 Macos, Safari | 2024-09-24 | 6.5 Medium |
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing. | ||||
CVE-2023-40417 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-09-24 | 5.4 Medium |
A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing. | ||||
CVE-2005-2594 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body. | ||||
CVE-2013-1013 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors. | ||||
CVE-2013-0960 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2024-09-17 | N/A |
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961. | ||||
CVE-2003-0355 | 2 Apple, Kde | 2 Safari, Konqueror Embedded | 2024-09-17 | N/A |
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates. | ||||
CVE-2008-7296 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | ||||
CVE-2012-3697 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise. | ||||
CVE-2012-3694 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site. | ||||
CVE-2012-0678 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL. | ||||
CVE-2010-1420 | 2 Apple, Microsoft | 5 Cfnetwork, Safari, Windows 7 and 2 more | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file. |