Safari
by Apple Inc.
CVEs (1,615)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-9903 | Hig | 0.49 | 7.5 | 0.01 | Oct 16, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain. | ||
| CVE-2016-4676 | Hig | 0.49 | 7.5 | 0.02 | Feb 3, 2020 | A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information. | ||
| CVE-2018-4329 | Hig | 0.49 | 7.5 | 0.01 | Apr 3, 2019 | Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12. | ||
| CVE-2018-4274 | Hig | 0.49 | 7.5 | 0.01 | Apr 3, 2019 | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2. | ||
| CVE-2018-4186 | Hig | 0.49 | 7.5 | 0.01 | Jan 11, 2019 | In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation. | ||
| CVE-2018-4137 | Hig | 0.49 | 7.5 | 0.02 | Apr 3, 2018 | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement. | ||
| CVE-2017-7090 | Hig | 0.49 | 7.5 | 0.02 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows… | ||
| CVE-2016-10226 | Hig | 0.49 | 7.5 | 0.02 | Apr 3, 2017 | JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to… | ||
| CVE-2016-10222 | Hig | 0.49 | 7.5 | 0.02 | Apr 3, 2017 | runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the… | ||
| CVE-2017-2419 | Hig | 0.49 | 7.5 | 0.02 | Apr 2, 2017 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors. | ||
| CVE-2017-2377 | Hig | 0.49 | 7.5 | 0.02 | Apr 2, 2017 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a… | ||
| CVE-2017-2376 | Hig | 0.49 | 7.5 | 0.02 | Apr 2, 2017 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page. | ||
| CVE-2016-4591 | Hig | 0.49 | 7.5 | 0.04 | Jul 22, 2016 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. | ||
| CVE-2025-31238 | Hig | 0.48 | 7.3 | 0.01 | May 12, 2025 | The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption. | ||
| CVE-2025-24209 | Hig | 0.46 | 7.0 | 0.01 | Mar 31, 2025 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash. | ||
| CVE-2020-9952 | Hig | 0.46 | 7.1 | 0.01 | Oct 16, 2020 | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site… | ||
| CVE-2020-9843 | Hig | 0.46 | 7.1 | 0.01 | Jun 9, 2020 | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web… | ||
| CVE-2020-9805 | Hig | 0.46 | 7.1 | 0.01 | Jun 9, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead… | ||
| CVE-2017-2480 | Med | 0.46 | 6.5 | 0.04 | Apr 2, 2017 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows… | ||
| CVE-2017-2479 | Med | 0.46 | 6.5 | 0.06 | Apr 2, 2017 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows… |
- risk 0.49cvss 7.5epss 0.01
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain.
- risk 0.49cvss 7.5epss 0.02
A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.
- risk 0.49cvss 7.5epss 0.01
Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12.
- risk 0.49cvss 7.5epss 0.01
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.
- risk 0.49cvss 7.5epss 0.01
In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows…
- risk 0.49cvss 7.5epss 0.02
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to…
- risk 0.49cvss 7.5epss 0.02
runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the…
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a…
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page.
- risk 0.49cvss 7.5epss 0.04
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
- risk 0.48cvss 7.3epss 0.01
The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.
- risk 0.46cvss 7.0epss 0.01
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash.
- risk 0.46cvss 7.1epss 0.01
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site…
- risk 0.46cvss 7.1epss 0.01
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web…
- risk 0.46cvss 7.1epss 0.01
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead…
- risk 0.46cvss 6.5epss 0.04
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows…
- risk 0.46cvss 6.5epss 0.06
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows…
Page 26 of 81