Apple Safari vulnerabilities
1,592 known vulnerabilities affecting apple/safari.
Total CVEs
1,592
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1
Vulnerabilities
Page 47 of 80
CVE-2015-5804MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5804 [MEDIUM] CWE-119 CVE-2015-5804: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5765MEDIUMCVSS 4.3≤ 8.0.82015-09-18
CVE-2015-5765 [MEDIUM] CVE-2015-5765: The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspeci
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.
nvd
CVE-2015-5792MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5792 [MEDIUM] CWE-119 CVE-2015-5792: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5822MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5822 [MEDIUM] CWE-119 CVE-2015-5822: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attack
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5764MEDIUMCVSS 4.3≤ 8.0.82015-09-18
CVE-2015-5764 [MEDIUM] CWE-20 CVE-2015-5764: The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspeci
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767.
nvd
CVE-2015-5821MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5821 [MEDIUM] CWE-119 CVE-2015-5821: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5794MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5794 [MEDIUM] CWE-119 CVE-2015-5794: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5823MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5823 [MEDIUM] CWE-119 CVE-2015-5823: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attack
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5819MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5819 [MEDIUM] CWE-119 CVE-2015-5819: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5810MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5810 [MEDIUM] CWE-119 CVE-2015-5810: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5826MEDIUMCVSS 4.3≤ 8.0.82015-09-18
CVE-2015-5826 [MEDIUM] CWE-284 CVE-2015-5826: WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (C
WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
nvd
CVE-2015-5825MEDIUMCVSS 4.3≤ 8.0.82015-09-18
CVE-2015-5825 [MEDIUM] CWE-200 CVE-2015-5825: WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, w
WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code.
nvd
CVE-2015-5814MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5814 [MEDIUM] CWE-119 CVE-2015-5814: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attack
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5807MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5807 [MEDIUM] CWE-119 CVE-2015-5807: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5817MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5817 [MEDIUM] CWE-119 CVE-2015-5817: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5803MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5803 [MEDIUM] CWE-119 CVE-2015-5803: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5811MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5811 [MEDIUM] CWE-119 CVE-2015-5811: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5813MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5813 [MEDIUM] CWE-119 CVE-2015-5813: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5795MEDIUMCVSS 6.8≤ 8.0.82015-09-18
CVE-2015-5795 [MEDIUM] CWE-119 CVE-2015-5795: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5748LOWCVSS 2.1≤ 8.0.82015-08-17
CVE-2015-5748 [LOW] CWE-17 CVE-2015-5748: The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local user
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
nvd