Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Safari
(Apple)| Repositories | https://github.com/WebKit/webkit |
| #Vulnerabilities | 1430 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-04-02 | CVE-2017-2453 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof FaceTime prompts in the user interface via a crafted web site. | Iphone_os, Safari | 6.5 | ||
| 2017-04-02 | CVE-2017-2446 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions. | Iphone_os, Safari, Tvos | 8.8 | ||
| 2017-04-02 | CVE-2017-2419 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors. | Iphone_os, Safari | 7.5 | ||
| 2017-04-02 | CVE-2017-2389 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site. | Iphone_os, Safari | 8.1 | ||
| 2017-04-02 | CVE-2017-2386 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | Iphone_os, Safari, Tvos | 6.5 | ||
| 2017-04-02 | CVE-2017-2376 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page. | Iphone_os, Safari | 7.5 | ||
| 2017-04-02 | CVE-2017-2367 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | Iphone_os, Safari, Tvos | 6.5 | ||
| 2017-02-20 | CVE-2017-2359 | An issue was discovered in certain Apple products. Safari before 10.0.3 is affected. The issue involves the "Safari" component, which allows remote attackers to spoof the address bar via a crafted web site. | Safari | 6.5 | ||
| 2010-03-19 | CVE-2010-1029 | Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. | Safari, Chrome | N/A | ||
| 2009-06-10 | CVE-2009-1690 | Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM... | Iphone_os, Safari, Chrome | N/A |