Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Safari
(Apple)| Repositories | https://github.com/WebKit/webkit |
| #Vulnerabilities | 1503 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-03-24 | CVE-2016-1782 | WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site. | Iphone_os, Safari | 6.5 | ||
| 2016-03-24 | CVE-2016-1781 | WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors. | Iphone_os, Safari | 4.3 | ||
| 2016-03-24 | CVE-2016-1779 | WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request. | Iphone_os, Safari | 6.5 | ||
| 2016-03-24 | CVE-2016-1778 | WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | Iphone_os, Safari | 8.8 | ||
| 2016-03-24 | CVE-2016-1772 | The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors. | Safari | 4.3 | ||
| 2016-03-24 | CVE-2016-1771 | The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site. | Safari | 6.5 | ||
| 2016-03-24 | CVE-2016-1762 | The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | Iphone_os, Mac_os_x, Safari, Tvos, Watchos, Ubuntu_linux, Debian_linux, Web_gateway, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Libxml2 | 8.1 | ||
| 2016-02-01 | CVE-2016-1728 | The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site. | Iphone_os, Safari | 4.3 | ||
| 2016-02-01 | CVE-2016-1727 | WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724. | Iphone_os, Safari, Tvos, Watchos, Webkitgtk\+ | 8.8 | ||
| 2016-02-01 | CVE-2016-1726 | WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725. | Iphone_os, Safari, Watchos | 8.8 |