VYPR

Safari

by Apple Inc.

CVEs (1,615)

  • CVE-2022-46692MedDec 15, 2022
    risk 0.36cvss 5.5epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same…

  • CVE-2022-42824MedNov 1, 2022
    risk 0.36cvss 5.5epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information.

  • CVE-2021-30682MedSep 8, 2021
    risk 0.36cvss 5.5epss 0.02

    A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information.

  • CVE-2017-2385MedApr 2, 2017
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors.

  • CVE-2016-7153MedSep 6, 2016
    risk 0.36cvss 5.3epss 0.14

    The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a…

  • CVE-2016-7152MedSep 6, 2016
    risk 0.36cvss 5.3epss 0.14

    The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a…

  • CVE-2024-44296MedOct 28, 2024
    risk 0.35cvss 5.4epss 0.01

    The issue was addressed with improved checks. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may prevent Content Security Policy…

  • CVE-2023-40417MedSep 27, 2023
    risk 0.35cvss 5.4epss 0.01

    A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.

  • CVE-2021-30720MedSep 8, 2021
    risk 0.35cvss 5.4epss 0.01

    A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers.

  • CVE-2020-9860MedOct 27, 2020
    risk 0.35cvss 5.4epss 0.01

    A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.

  • CVE-2020-3852MedOct 27, 2020
    risk 0.35cvss 5.3epss 0.01

    A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL scheme may be incorrectly ignored when determining multimedia permission for a website.

  • CVE-2020-9787MedOct 22, 2020
    risk 0.35cvss 5.3epss 0.01

    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have appeared in Safari Preferences.

  • CVE-2020-9916MedOct 16, 2020
    risk 0.35cvss 5.3epss 0.01

    A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able…

  • CVE-2019-8725MedDec 18, 2019
    risk 0.35cvss 5.3epss 0.01

    The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.

  • CVE-2018-4279MedApr 3, 2019
    risk 0.35cvss 5.3epss 0.01

    An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.

  • CVE-2017-7142MedOct 23, 2017
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web…

  • CVE-2017-7006MedJul 20, 2017
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same…

  • CVE-2016-4604MedJul 22, 2016
    risk 0.35cvss 5.4epss 0.01

    Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.

  • CVE-2016-4590MedJul 22, 2016
    risk 0.35cvss 5.4epss 0.01

    WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

  • CVE-2016-1786MedMar 24, 2016
    risk 0.35cvss 5.4epss 0.01

    The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached…

Page 36 of 81