CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Safari : Security Vulnerabilities (CVSS score >= 9)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-7042 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-10-15
9.3
 None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
2 CVE-2017-7041 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-10-15
9.3
 None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
3 CVE-2017-7025 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-07-24
9.3
 None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4 CVE-2017-7024 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-07-24
9.3
 None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
5 CVE-2017-7023 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-07-24
9.3
 None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
6 CVE-2017-7022 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-07-24
9.3
 None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
7 CVE-2016-7613 264 Exec Code 2017-02-20 2018-10-30
9.3
 None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling during process spawning.
8 CVE-2016-4737 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2018-10-30
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
9 CVE-2016-4735 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734.
10 CVE-2016-4734 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735.
11 CVE-2016-4733 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.
12 CVE-2016-4731 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729.
13 CVE-2016-4730 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.
14 CVE-2016-4729 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731.
15 CVE-2016-1783 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2018-10-09
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
16 CVE-2016-1778 399 DoS Exec Code Mem. Corr. 2016-03-23 2018-10-09
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
17 CVE-2016-1762 119 DoS Overflow 2016-03-23 2018-01-04
10.0
 None Remote Low Not required Complete Complete Complete
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
18 CVE-2016-1727 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2018-10-09
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.
19 CVE-2016-1726 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2018-10-09
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725.
20 CVE-2016-1725 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2018-10-09
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726.
21 CVE-2016-1724 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2018-10-09
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727.
22 CVE-2016-1723 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2018-10-09
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726.
23 CVE-2015-5780 20 2015-10-09 2016-12-09
10.0
 None Remote Low Not required Complete Complete Complete
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.
24 CVE-2014-1303 119 Exec Code Overflow Bypass 2014-03-26 2016-12-07
10.0
 None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.
25 CVE-2014-1300 Exec Code 2014-03-26 2016-12-07
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.
26 CVE-2012-3686 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
27 CVE-2012-3683 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
28 CVE-2012-3682 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
29 CVE-2012-3681 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
30 CVE-2012-3680 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
31 CVE-2012-3679 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
32 CVE-2012-3678 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
33 CVE-2012-3674 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
34 CVE-2012-3670 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
35 CVE-2012-3669 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
36 CVE-2012-3668 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
37 CVE-2012-3667 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
38 CVE-2012-3666 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
39 CVE-2012-3665 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
40 CVE-2012-3664 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
41 CVE-2012-3663 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
42 CVE-2012-3661 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
43 CVE-2012-3656 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
44 CVE-2012-3655 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
45 CVE-2012-3653 DoS Exec Code Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
46 CVE-2012-3646 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
47 CVE-2012-3645 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
48 CVE-2012-3644 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
49 CVE-2012-3642 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
50 CVE-2012-3641 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-21
9.3
 None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
Total number of vulnerabilities : 224   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.