Product:

Safari

(Apple)
Repositories https://github.com/WebKit/webkit
#Vulnerabilities 1351
Date Id Summary Products Score Patch Annotated
2022-11-01 CVE-2022-32922 A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution. Ipad_os, Iphone_os, Macos, Safari 8.8
2022-09-20 CVE-2022-32868 A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions. Ipados, Iphone_os, Safari 4.3
2019-12-18 CVE-2019-8674 A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting. Iphone_os, Safari, Webkitgtk 6.1
2019-12-18 CVE-2019-8813 A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. Icloud, Ipados, Iphone_os, Itunes, Safari, Tvos, Webkitgtk\+ 6.1
2020-12-08 CVE-2020-27918 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. Icloud, Ipad_os, Iphone_os, Itunes, Macos, Safari, Tvos, Watchos, Debian_linux, Fedora, Webkitgtk\+ 7.8
2021-02-16 CVE-2021-23841 The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function... Ipad_os, Iphone_os, Macos, Safari, Debian_linux, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Openssl, Business_intelligence, Communications_cloud_native_core_policy, Enterprise_manager_for_storage_management, Enterprise_manager_ops_center, Essbase, Graalvm, Jd_edwards_world_security, Mysql_enterprise_monitor, Mysql_server, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit, Sinec_ins, Nessus_network_monitor, Tenable\.sc 5.9
2022-03-18 CVE-2022-22589 A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. Ipados, Iphone_os, Mac_os_x, Macos, Safari, Tvos, Watchos 6.1
2022-09-23 CVE-2022-22624 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. Ipad_os, Iphone_os, Macos, Safari 8.8
2022-09-23 CVE-2022-22628 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. Ipad_os, Iphone_os, Macos, Safari, Tvos, Watchos 8.8
2022-09-23 CVE-2022-22637 A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior. Ipad_os, Iphone_os, Macos, Safari, Tvos, Watchos 8.8