Apple Safari vulnerabilities
1,592 known vulnerabilities affecting apple/safari.
Total CVEs
1,592
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1
Vulnerabilities
Page 49 of 80
CVE-2015-3750MEDIUMCVSS 6.4≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16
CVE-2015-3750 [MEDIUM] CWE-254 CVE-2015-3750: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network
nvd
CVE-2015-3754MEDIUMCVSS 4.3≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16
CVE-2015-3754 [MEDIUM] CWE-200 CVE-2015-3754: The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site.
nvd
CVE-2015-3755MEDIUMCVSS 4.3≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16
CVE-2015-3755 [MEDIUM] CWE-254 CVE-2015-3755: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
nvd
CVE-2015-3745MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16
CVE-2015-3745 [MEDIUM] CWE-119 CVE-2015-3745: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3749MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16
CVE-2015-3749 [MEDIUM] CWE-119 CVE-2015-3749: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3736MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16
CVE-2015-3736 [MEDIUM] CWE-119 CVE-2015-3736: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3743MEDIUMCVSS 6.8≥ 6.0, < 6.2.8≥ 7.0, < 7.1.8+1 more2015-08-16
CVE-2015-3743 [MEDIUM] CWE-119 CVE-2015-3743: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3727MEDIUMCVSS 6.8≤ 6.2.6v7.0+20 more2015-07-03
CVE-2015-3727 [MEDIUM] CWE-264 CVE-2015-3727: WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS be
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.
nvd
CVE-2015-3660MEDIUMCVSS 4.3≤ 6.2.6v7.0+20 more2015-07-03
CVE-2015-3660 [MEDIUM] CWE-79 CVE-2015-3660: Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6
Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content.
nvd
CVE-2015-3658MEDIUMCVSS 6.8≤ 6.2.6v7.0+20 more2015-07-03
CVE-2015-3658 [MEDIUM] CWE-254 CVE-2015-3658: The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x bef
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.
nvd
CVE-2015-3659MEDIUMCVSS 6.8≤ 6.2.6v7.0+20 more2015-07-03
CVE-2015-3659 [MEDIUM] CWE-264 CVE-2015-3659: The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x befor
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted
nvd
CVE-2015-1152MEDIUMCVSS 6.8≤ 6.2.5v7.0+18 more2015-05-08
CVE-2015-1152 [MEDIUM] CVE-2015-1152: WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.
nvd
CVE-2015-1156MEDIUMCVSS 4.3≤ 6.2.5v7.0+18 more2015-05-08
CVE-2015-1156 [MEDIUM] CWE-264 CVE-2015-1156: The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, a
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site.
nvd
CVE-2015-1153MEDIUMCVSS 6.8≤ 6.2.5v7.0+18 more2015-05-08
CVE-2015-1153 [MEDIUM] CVE-2015-1153: WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.
nvd
CVE-2015-1155MEDIUMCVSS 4.3PoC≤ 6.2.5v7.0+18 more2015-05-08
CVE-2015-1155 [MEDIUM] CWE-264 CVE-2015-1155: The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.
nvd
CVE-2015-1154MEDIUMCVSS 6.8≤ 6.2.5v7.0+18 more2015-05-08
CVE-2015-1154 [MEDIUM] CVE-2015-1154: WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153.
nvd
CVE-2015-1112MEDIUMCVSS 5.0≤ 6.2.4v7.0+16 more2015-04-10
CVE-2015-1112 [MEDIUM] CWE-200 CVE-2015-1112: Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and oth
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.
nvd
CVE-2015-1124MEDIUMCVSS 6.8≤ 6.2.4v7.0+16 more2015-04-10
CVE-2015-1124 [MEDIUM] CVE-2015-1124: WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, A
nvd
CVE-2015-1121MEDIUMCVSS 6.8≤ 6.2.4v7.0+16 more2015-04-10
CVE-2015-1121 [MEDIUM] CVE-2015-1121: WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, A
nvd
CVE-2015-1122MEDIUMCVSS 6.8≤ 6.2.4v7.0+16 more2015-04-10
CVE-2015-1122 [MEDIUM] CVE-2015-1122: WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, A
nvd