Apple Safari vulnerabilities

1,592 known vulnerabilities affecting apple/safari.

Total CVEs

1,592

CISA KEV

actively exploited

Public exploits

157

Exploited in wild

Severity breakdown

CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1

Vulnerabilities

Page 48 of 80

CVE-2015-3740MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3740 [MEDIUM] CWE-119 CVE-2015-3740: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

CVE-2015-3738MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3738 [MEDIUM] CWE-119 CVE-2015-3738: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

CVE-2015-3748MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3748 [MEDIUM] CWE-119 CVE-2015-3748: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

CVE-2015-3729MEDIUMCVSS 4.3≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3729 [MEDIUM] CWE-254 CVE-2015-3729: Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and o Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site.

nvd

CVE-2015-3741MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3741 [MEDIUM] CWE-119 CVE-2015-3741: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

CVE-2015-3731MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3731 [MEDIUM] CWE-119 CVE-2015-3731: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

CVE-2015-3734MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3734 [MEDIUM] CWE-119 CVE-2015-3734: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

CVE-2015-3730MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3730 [MEDIUM] CWE-119 CVE-2015-3730: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

CVE-2015-3744MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3744 [MEDIUM] CWE-119 CVE-2015-3744: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

CVE-2015-3737MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3737 [MEDIUM] CWE-119 CVE-2015-3737: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

CVE-2015-3753MEDIUMCVSS 5.0≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3753 [MEDIUM] CWE-200 CVE-2015-3753: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8 WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.

nvd

CVE-2015-3751MEDIUMCVSS 5.0≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3751 [MEDIUM] CWE-254 CVE-2015-3751: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8 WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element.

nvd

CVE-2015-3742MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3742 [MEDIUM] CWE-119 CVE-2015-3742: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

CVE-2015-3735MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3735 [MEDIUM] CWE-119 CVE-2015-3735: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

CVE-2015-3733MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3733 [MEDIUM] CWE-119 CVE-2015-3733: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

CVE-2015-3732MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3732 [MEDIUM] CWE-119 CVE-2015-3732: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

CVE-2015-3739MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3739 [MEDIUM] CWE-119 CVE-2015-3739: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

CVE-2015-3747MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3747 [MEDIUM] CWE-119 CVE-2015-3747: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

CVE-2015-3752MEDIUMCVSS 5.0≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3752 [MEDIUM] CWE-200 CVE-2015-3752: The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or

nvd

CVE-2015-3746MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16

CVE-2015-3746 [MEDIUM] CWE-119 CVE-2015-3746: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

nvd

← Previous48 / 80Next →