Filtered by vendor Apple
Subscriptions
Filtered by product Safari
Subscriptions
Total
1454 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4764 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2020-01-23 | 8.8 High |
| An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | ||||
| CVE-2018-4386 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2020-01-08 | N/A |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | ||||
| CVE-2019-7285 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2020-01-02 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-6204 | 1 Apple | 2 Iphone Os, Safari | 2019-12-31 | 6.1 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting. | ||||
| CVE-2019-7292 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-12-31 | 6.5 Medium |
| A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. | ||||
| CVE-2019-8503 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2019-12-31 | 8.8 High |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website. | ||||
| CVE-2019-8505 | 1 Apple | 2 Iphone Os, Safari | 2019-12-31 | 6.1 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting. | ||||
| CVE-2019-8551 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2019-12-30 | 6.1 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
| CVE-2019-8607 | 1 Apple | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-12-23 | 6.5 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory. | ||||
| CVE-2019-8649 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-12-20 | 6.1 Medium |
| A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
| CVE-2019-8690 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-12-20 | 6.1 Medium |
| A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
| CVE-2019-8615 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-12-20 | 6.5 Medium |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8556 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2019-12-19 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8654 | 1 Apple | 1 Safari | 2019-12-19 | 6.5 Medium |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.1. Visiting a malicious website may lead to user interface spoofing. | ||||
| CVE-2019-8670 | 1 Apple | 2 Mac Os X, Safari | 2019-12-19 | 4.3 Medium |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing. | ||||
| CVE-2018-4277 | 1 Apple | 5 Iphone Os, Mac Os X, Safari and 2 more | 2019-10-23 | N/A |
| In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. | ||||
| CVE-2019-15499 | 2 Apple, Hackmd | 2 Safari, Codimd | 2019-10-09 | 6.1 Medium |
| CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL. | ||||
| CVE-2017-2486 | 1 Apple | 2 Iphone Os, Safari | 2019-10-03 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site. | ||||
| CVE-2018-4190 | 3 Apple, Canonical, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-10-03 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch. | ||||
| CVE-2018-4361 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-10-03 | N/A |
| A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | ||||