Apple Safari vulnerabilities
1,592 known vulnerabilities affecting apple/safari.
Total CVEs
1,592
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1
Vulnerabilities
Page 51 of 80
CVE-2015-1083MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1083 [MEDIUM] CWE-399 CVE-2015-1083: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1078MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1078 [MEDIUM] CWE-399 CVE-2015-1078: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1070MEDIUMCVSS 6.8≤ 6.2.3v7.0+14 more2015-03-18
CVE-2015-1070 [MEDIUM] CWE-399 CVE-2015-1070: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2014-4477MEDIUMCVSS 6.8≤ 6.2.2v7.0+12 more2015-01-30
CVE-2014-4477 [MEDIUM] CVE-2014-4477: WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x befo
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.
nvd
CVE-2014-4476MEDIUMCVSS 6.8≤ 6.2.2v7.0+12 more2015-01-30
CVE-2014-4476 [MEDIUM] CWE-119 CVE-2014-4476: WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x befo
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.
nvd
CVE-2014-4479MEDIUMCVSS 6.8≤ 6.2.2v7.0+12 more2015-01-30
CVE-2014-4479 [MEDIUM] CVE-2014-4479: WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x befo
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477.
nvd
CVE-2014-4466HIGHCVSS 7.5≤ 6.2.0v7.0+8 more2014-12-10
CVE-2014-4466 [HIGH] CWE-399 CVE-2014-4466: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4470MEDIUMCVSS 6.8≤ 6.2.0v7.0+8 more2014-12-10
CVE-2014-4470 [MEDIUM] CWE-399 CVE-2014-4470: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4474MEDIUMCVSS 6.8≤ 6.2.0v7.0+8 more2014-12-10
CVE-2014-4474 [MEDIUM] CWE-399 CVE-2014-4474: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4475MEDIUMCVSS 6.8≤ 6.2.0v7.0+8 more2014-12-10
CVE-2014-4475 [MEDIUM] CWE-399 CVE-2014-4475: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4473MEDIUMCVSS 6.8≤ 6.2.0v7.0+8 more2014-12-10
CVE-2014-4473 [MEDIUM] CWE-399 CVE-2014-4473: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4465MEDIUMCVSS 5.0≤ 6.2.0v7.1.0+1 more2014-12-10
CVE-2014-4465 [MEDIUM] CWE-20 CVE-2014-4465: WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.
nvd
CVE-2014-4471MEDIUMCVSS 6.8≤ 6.2.0v7.0+8 more2014-12-10
CVE-2014-4471 [MEDIUM] CWE-399 CVE-2014-4471: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4469MEDIUMCVSS 6.8≤ 6.2.0v7.0+8 more2014-12-10
CVE-2014-4469 [MEDIUM] CWE-399 CVE-2014-4469: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4472MEDIUMCVSS 6.8≤ 6.2.0v7.0+8 more2014-12-10
CVE-2014-4472 [MEDIUM] CWE-399 CVE-2014-4472: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4468MEDIUMCVSS 6.8≤ 6.2.0v7.0+8 more2014-12-10
CVE-2014-4468 [MEDIUM] CWE-399 CVE-2014-4468: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4452MEDIUMCVSS 5.4≥ 6.0, < 6.2.1≥ 7.0, < 7.1.1+1 more2014-11-18
CVE-2014-4452 [MEDIUM] CWE-399 CVE-2014-4452: WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to exec
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.
nvd
CVE-2014-4459MEDIUMCVSS 6.8≥ 6.0, < 6.2.1≥ 7.0, < 7.1.1+1 more2014-11-18
CVE-2014-4459 [MEDIUM] CVE-2014-4459: Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attacker
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
nvd
CVE-2014-3192HIGHCVSS 7.5v6.2.2v7.1.2+1 more2014-10-08
CVE-2014-3192 [HIGH] CWE-416 CVE-2014-3192: Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/Pro
Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
nvd
CVE-2014-4415MEDIUMCVSS 6.8v6.1v7.12014-09-18
CVE-2014-4415 [MEDIUM] CWE-119 CVE-2014-4415: WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
nvd