Apple Safari vulnerabilities
1,592 known vulnerabilities affecting apple/safari.
Total CVEs
1,592
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1
Vulnerabilities
Page 46 of 80
CVE-2015-5799MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5799 [MEDIUM] CWE-119 CVE-2015-5799: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5796MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5796 [MEDIUM] CWE-119 CVE-2015-5796: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5812MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5812 [MEDIUM] CWE-119 CVE-2015-5812: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5800MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5800 [MEDIUM] CWE-119 CVE-2015-5800: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5808MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5808 [MEDIUM] CWE-119 CVE-2015-5808: WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5798MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5798 [MEDIUM] CWE-119 CVE-2015-5798: WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
nvd
CVE-2015-3801MEDIUMCVSS 5.0≤ 8.0.82015-09-18
CVE-2015-3801 [MEDIUM] CWE-264 CVE-2015-3801: The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS bef
The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.
nvd
CVE-2015-5806MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5806 [MEDIUM] CWE-119 CVE-2015-5806: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5802MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5802 [MEDIUM] CWE-119 CVE-2015-5802: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5815MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5815 [MEDIUM] CWE-119 CVE-2015-5815: WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5827MEDIUMCVSS 5.0≤ 8.0.82015-09-18
CVE-2015-5827 [MEDIUM] CWE-200 CVE-2015-5827: WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an
WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event.
nvd
CVE-2015-5809MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5809 [MEDIUM] CWE-119 CVE-2015-5809: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5793MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5793 [MEDIUM] CWE-119 CVE-2015-5793: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attack
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5805MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5805 [MEDIUM] CWE-119 CVE-2015-5805: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5820MEDIUMCVSS 4.3≤ 8.0.82015-09-18
CVE-2015-5820 [MEDIUM] CWE-20 CVE-2015-5820: WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) t
WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL.
nvd
CVE-2015-5797MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5797 [MEDIUM] CWE-119 CVE-2015-5797: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5801MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5801 [MEDIUM] CWE-119 CVE-2015-5801: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5816MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5816 [MEDIUM] CWE-119 CVE-2015-5816: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attack
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5818MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5818 [MEDIUM] CWE-119 CVE-2015-5818: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5791MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5791 [MEDIUM] CWE-119 CVE-2015-5791: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attack
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd