Total
1549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4769 | 2 Apple, Microsoft | 3 Itunes, Safari, Windows | 2017-07-30 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2016-4760 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2017-07-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. | |||||
| CVE-2016-4613 | 1 Apple | 4 Apple Tv, Icloud, Itunes and 1 more | 2017-07-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site. | |||||
| CVE-2007-4692 | 2 Apple, Microsoft | 4 Mac Os X, Mac Os X Server, Safari and 1 more | 2017-07-29 | 4.3 MEDIUM | N/A |
| The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. | |||||
| CVE-2007-4698 | 1 Apple | 1 Safari | 2017-07-29 | 4.3 MEDIUM | N/A |
| Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. | |||||
| CVE-2007-4699 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2017-07-29 | 7.5 HIGH | N/A |
| The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. | |||||
| CVE-2007-5859 | 1 Apple | 2 Mac Os X, Safari | 2017-07-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption. | |||||
| CVE-2007-3944 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier. | |||||
| CVE-2007-3742 | 1 Apple | 2 Iphone, Safari | 2017-07-29 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks. | |||||
| CVE-2007-3376 | 2 Apple, Microsoft | 2 Safari, Windows Xp | 2017-07-29 | 9.3 HIGH | N/A |
| Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark. | |||||
| CVE-2007-3743 | 1 Apple | 1 Safari | 2017-07-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title. | |||||
| CVE-2007-3185 | 1 Apple | 1 Safari | 2017-07-29 | 7.8 HIGH | N/A |
| Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. | |||||
| CVE-2007-3187 | 1 Apple | 1 Safari | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-2408 | 1 Apple | 1 Safari | 2017-07-29 | 6.8 MEDIUM | N/A |
| WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. | |||||
| CVE-2016-7632 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2017-07-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2016-7639 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2017-07-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2016-7592 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2017-07-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site. | |||||
| CVE-2016-7642 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2017-07-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2016-7641 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2017-07-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2016-7646 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2017-07-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||