Total
1466 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4734 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2024-02-28 | 9.3 HIGH | 9.6 CRITICAL |
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735. | |||||
CVE-2015-1154 | 1 Apple | 2 Itunes, Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153. | |||||
CVE-2016-1783 | 2 Apple, Webkitgtk | 4 Iphone Os, Safari, Tvos and 1 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |||||
CVE-2015-3658 | 1 Apple | 3 Iphone Os, Mac Os X, Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site. | |||||
CVE-2016-4765 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Safari and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768. | |||||
CVE-2015-5826 | 1 Apple | 2 Iphone Os, Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
CVE-2015-5931 | 1 Apple | 2 Itunes, Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. | |||||
CVE-2015-5822 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
CVE-2015-3660 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content. | |||||
CVE-2015-3729 | 1 Apple | 2 Iphone Os, Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site. | |||||
CVE-2015-7002 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | |||||
CVE-2015-5790 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
CVE-2015-5804 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
CVE-2015-3735 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | |||||
CVE-2016-4762 | 2 Apple, Microsoft | 5 Icloud, Iphone Os, Itunes and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |||||
CVE-2016-4758 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
CVE-2015-3736 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | |||||
CVE-2015-5817 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | |||||
CVE-2016-7153 | 5 Apple, Google, Microsoft and 2 more | 6 Safari, Chrome, Edge and 3 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. | |||||
CVE-2015-7097 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103. |