Apple Safari vulnerabilities
1,592 known vulnerabilities affecting apple/safari.
Total CVEs
1,592
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1
Vulnerabilities
Page 45 of 80
CVE-2015-7103MEDIUMCVSS 6.8≤ 9.0.12015-12-11
CVE-2015-7103 [MEDIUM] CVE-2015-7103: WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015
nvdapple
CVE-2015-7101MEDIUMCVSS 6.8≤ 9.0.12015-12-11
CVE-2015-7101 [MEDIUM] CVE-2015-7101: WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015
nvdapple
CVE-2015-7095MEDIUMCVSS 6.8≤ 9.0.12015-12-11
CVE-2015-7095 [MEDIUM] CVE-2015-7095: WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015
nvdapple
CVE-2015-7048MEDIUMCVSS 6.8≤ 9.0.12015-12-11
CVE-2015-7048 [MEDIUM] CWE-119 CVE-2015-7048: WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101,
nvdapple
CVE-2015-7050MEDIUMCVSS 4.3≤ 9.0.12015-12-11
CVE-2015-7050 [MEDIUM] CWE-200 CVE-2015-7050: WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows re
WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site.
nvdapple
CVE-2015-7100MEDIUMCVSS 6.8≤ 9.0.12015-12-11
CVE-2015-7100 [MEDIUM] CVE-2015-7100: WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7101, CVE-2015
nvdapple
CVE-2015-7002MEDIUMCVSS 6.8≤ 9.02015-10-23
CVE-2015-7002 [MEDIUM] CWE-119 CVE-2015-7002: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvdapple
CVE-2015-5928MEDIUMCVSS 6.8≤ 9.02015-10-23
CVE-2015-5928 [MEDIUM] CWE-119 CVE-2015-5928: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvdapple
CVE-2015-7012MEDIUMCVSS 6.8≤ 9.02015-10-23
CVE-2015-7012 [MEDIUM] CWE-119 CVE-2015-7012: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvdapple
CVE-2015-5929MEDIUMCVSS 6.8≤ 9.02015-10-23
CVE-2015-5929 [MEDIUM] CWE-119 CVE-2015-5929: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvdapple
CVE-2015-7014MEDIUMCVSS 6.8≤ 9.02015-10-23
CVE-2015-7014 [MEDIUM] CWE-119 CVE-2015-7014: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvdapple
CVE-2015-7011MEDIUMCVSS 6.8≤ 9.02015-10-23
CVE-2015-7011 [MEDIUM] CWE-119 CVE-2015-7011: WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to ex
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
nvdapple
CVE-2015-5930MEDIUMCVSS 6.8≤ 9.02015-10-23
CVE-2015-5930 [MEDIUM] CWE-119 CVE-2015-5930: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvdapple
CVE-2015-5931MEDIUMCVSS 6.8≤ 9.02015-10-23
CVE-2015-5931 [MEDIUM] CWE-119 CVE-2015-5931: WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to ex
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
nvdapple
CVE-2015-5780CRITICALCVSS 10.0≤ 8.0.82015-10-09
CVE-2015-5780 [CRITICAL] CWE-20 CVE-2015-5780: The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation bef
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.
nvd
CVE-2015-5828MEDIUMCVSS 4.3≤ 8.0.82015-10-09
CVE-2015-5828 [MEDIUM] CWE-20 CVE-2015-5828: The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of a
The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.
nvd
CVE-2015-5790MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5790 [MEDIUM] CWE-119 CVE-2015-5790: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5767MEDIUMCVSS 4.3≤ 8.0.82015-09-18
CVE-2015-5767 [MEDIUM] CVE-2015-5767: The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspeci
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765.
nvd
CVE-2015-5789MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5789 [MEDIUM] CWE-119 CVE-2015-5789: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5788MEDIUMCVSS 4.3≤ 8.0.82015-09-18
CVE-2015-5788 [MEDIUM] CWE-200 CVE-2015-5788: The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Or
The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
nvd