Filtered by vendor Apple Subscriptions
Filtered by product Safari Subscriptions
Total 1469 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-40857 1 Apple 7 Ipados, Iphone Os, Macos and 4 more 2024-09-25 6.1 Medium
This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2024-44187 1 Apple 7 Ipados, Iphone Os, Macos and 4 more 2024-09-25 6.5 Medium
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
CVE-2024-27820 1 Apple 7 Ipados, Iphone Os, Macos and 4 more 2024-09-25 8.8 High
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.
CVE-2024-27850 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-09-25 6.5 Medium
This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2024-27808 1 Apple 7 Ipados, Iphone Os, Macos and 4 more 2024-09-25 8.8 High
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.
CVE-2024-27838 1 Apple 7 Ipados, Iphone Os, Macos and 4 more 2024-09-25 6.5 Medium
The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2024-27830 1 Apple 7 Ipados, Iphone Os, Macos and 4 more 2024-09-25 6.5 Medium
This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2024-27851 1 Apple 7 Ipados, Iphone Os, Macos and 4 more 2024-09-25 8.8 High
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2024-27833 1 Apple 5 Ipados, Iphone Os, Safari and 2 more 2024-09-25 8.8 High
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2024-40866 1 Apple 2 Macos, Safari 2024-09-24 6.5 Medium
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.
CVE-2023-40417 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-09-24 5.4 Medium
A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.
CVE-2005-2594 1 Apple 1 Safari 2024-09-17 N/A
Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body.
CVE-2013-1013 1 Apple 1 Safari 2024-09-17 N/A
XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors.
CVE-2013-0960 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2024-09-17 N/A
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961.
CVE-2003-0355 2 Apple, Kde 2 Safari, Konqueror Embedded 2024-09-17 N/A
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.
CVE-2008-7296 1 Apple 1 Safari 2024-09-17 N/A
Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
CVE-2012-3697 1 Apple 1 Safari 2024-09-17 N/A
WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise.
CVE-2012-3694 1 Apple 1 Safari 2024-09-17 N/A
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site.
CVE-2012-0678 1 Apple 1 Safari 2024-09-17 N/A
Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL.
CVE-2010-1420 2 Apple, Microsoft 5 Cfnetwork, Safari, Windows 7 and 2 more 2024-09-17 N/A
Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file.