Product:

Safari

(Apple)
Repositories https://github.com/WebKit/webkit
#Vulnerabilities 1428
Date Id Summary Products Score Patch Annotated
2024-03-08 CVE-2024-23273 This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication. Ipad_os, Iphone_os, Macos, Safari 4.3
2024-01-23 CVE-2024-23222 A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. Ipados, Iphone_os, Macos, Safari, Tvos, Visionos 8.8
2024-01-23 CVE-2024-23206 An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user. Ipados, Iphone_os, Macos, Safari, Tvos, Watchos 6.5
2024-01-23 CVE-2024-23211 A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings. Ipados, Iphone_os, Macos, Safari, Watchos 3.3
2024-01-23 CVE-2024-23213 The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution. Ipados, Iphone_os, Macos, Safari, Tvos, Watchos 8.8
2023-10-25 CVE-2023-42852 A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. Ipados, Iphone_os, Macos, Safari, Tvos, Watchos, Debian_linux, Fedora 8.8
2009-06-10 CVE-2009-1699 The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack." Iphone_os, Safari, Ubuntu_linux, Opensuse 7.5
2024-01-10 CVE-2023-40414 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution. Ipados, Iphone_os, Macos, Safari, Tvos, Watchos 9.8
2024-01-10 CVE-2023-42833 A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution. Ipados, Iphone_os, Macos, Safari 8.8
2010-03-15 CVE-2010-0050 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. Iphone_os, Safari, Ubuntu_linux, Fedora, Opensuse 8.8