Apple Safari vulnerabilities
1,592 known vulnerabilities affecting apple/safari.
Total CVEs
1,592
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1
Vulnerabilities
Page 50 of 80
CVE-2015-1126MEDIUMCVSS 4.3PoC≤ 6.2.4v7.0+16 more2015-04-10
CVE-2015-1126 [MEDIUM] CWE-20 CVE-2015-1126: WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x bef
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
nvd
CVE-2015-1120MEDIUMCVSS 6.8≤ 6.2.4v7.0+16 more2015-04-10
CVE-2015-1120 [MEDIUM] CVE-2015-1120: WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, A
nvd
CVE-2015-1129MEDIUMCVSS 4.3≤ 6.2.4v7.0+16 more2015-04-10
CVE-2015-1129 [MEDIUM] CWE-310 CVE-2015-1129: Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 cli
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.
nvd
CVE-2015-1119MEDIUMCVSS 6.8≤ 6.2.4v7.0+16 more2015-04-10
CVE-2015-1119 [MEDIUM] CVE-2015-1119: WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, A
nvd
CVE-2015-1128MEDIUMCVSS 5.0≤ 6.2.4v7.0+16 more2015-04-10
CVE-2015-1128 [MEDIUM] CWE-200 CVE-2015-1128: The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8
The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests.
nvd
CVE-2015-1127LOWCVSS 2.1≤ 6.2.4v7.0+16 more2015-04-10
CVE-2015-1127 [LOW] CWE-200 CVE-2015-1127: The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.
The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.
nvd
CVE-2015-1082MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1082 [MEDIUM] CWE-399 CVE-2015-1082: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1073MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1073 [MEDIUM] CWE-399 CVE-2015-1073: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1077MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1077 [MEDIUM] CWE-399 CVE-2015-1077: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1079MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1079 [MEDIUM] CWE-399 CVE-2015-1079: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1075MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1075 [MEDIUM] CWE-399 CVE-2015-1075: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1080MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1080 [MEDIUM] CWE-399 CVE-2015-1080: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1074MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1074 [MEDIUM] CWE-399 CVE-2015-1074: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1069MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1069 [MEDIUM] CWE-399 CVE-2015-1069: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1071MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1071 [MEDIUM] CWE-399 CVE-2015-1071: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1081MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1081 [MEDIUM] CWE-399 CVE-2015-1081: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1084MEDIUMCVSS 5.0≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1084 [MEDIUM] CWE-17 CVE-2015-1084: The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before
The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.
nvd
CVE-2015-1076MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1076 [MEDIUM] CWE-399 CVE-2015-1076: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1068MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1068 [MEDIUM] CWE-399 CVE-2015-1068: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1072MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1072 [MEDIUM] CWE-399 CVE-2015-1072: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd