Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Filtered by product Safari
Total 1402 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4671 2 Apple, Microsoft 5 Iphone Os, Mac Os X, Safari and 2 more 2022-08-09 6.8 MEDIUM N/A
Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain.
CVE-2007-3759 1 Apple 3 Iphone, Iphone Os, Safari 2022-08-09 6.8 MEDIUM N/A
Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect.
CVE-2007-5858 1 Apple 5 Iphone, Iphone Os, Ipod Touch and 2 more 2022-08-09 4.3 MEDIUM N/A
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
CVE-2007-5450 1 Apple 3 Iphone Os, Ipod Touch, Safari 2022-08-09 9.3 HIGH N/A
Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.
CVE-2008-2303 1 Apple 4 Iphone, Iphone Os, Ipod Touch and 1 more 2022-08-09 10.0 HIGH N/A
Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.
CVE-2007-3757 1 Apple 3 Iphone, Iphone Os, Safari 2022-08-09 4.3 MEDIUM N/A
Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed.
CVE-2008-1589 1 Apple 4 Iphone, Iphone Os, Ipod Touch and 1 more 2022-08-09 4.3 MEDIUM N/A
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.
CVE-2008-1588 1 Apple 4 Iphone, Iphone Os, Ipod Touch and 1 more 2022-08-09 4.3 MEDIUM N/A
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL.
CVE-2007-2400 2 Apple, Microsoft 5 Iphone Os, Mac Os X, Safari and 2 more 2022-08-09 4.3 MEDIUM N/A
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.
CVE-2007-3756 2 Apple, Microsoft 5 Iphone Os, Mac Os X, Safari and 2 more 2022-08-09 4.3 MEDIUM N/A
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain.
CVE-2020-9951 3 Apple, Debian, Webkit 9 Icloud, Ipados, Iphone Os and 6 more 2022-07-23 6.8 MEDIUM 8.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-9948 3 Apple, Debian, Webkit 3 Safari, Debian Linux, Webkitgtk\+ 2022-07-23 6.8 MEDIUM 8.8 HIGH
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-9942 1 Apple 2 Mac Os X, Safari 2022-06-02 4.3 MEDIUM 4.3 MEDIUM
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing.
CVE-2020-9947 1 Apple 7 Icloud, Ipados, Iphone Os and 4 more 2022-06-02 6.8 MEDIUM 8.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-9945 1 Apple 2 Mac Os X, Safari 2022-06-02 4.3 MEDIUM 4.3 MEDIUM
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.
CVE-2020-3894 1 Apple 6 Icloud, Ipad Os, Iphone Os and 3 more 2022-06-02 2.6 LOW 3.1 LOW
A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory.
CVE-2020-3902 1 Apple 6 Icloud, Ipad Os, Iphone Os and 3 more 2022-06-02 4.3 MEDIUM 6.1 MEDIUM
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.
CVE-2020-3901 1 Apple 7 Icloud, Ipad Os, Iphone Os and 4 more 2022-06-02 6.8 MEDIUM 8.8 HIGH
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-3897 1 Apple 7 Icloud, Ipad Os, Iphone Os and 4 more 2022-06-02 9.3 HIGH 8.8 HIGH
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.
CVE-2020-3885 1 Apple 6 Icloud, Ipad Os, Iphone Os and 3 more 2022-05-31 4.3 MEDIUM 4.3 MEDIUM
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.