CVE Vulnerabilities for Safari
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
|---|---|---|---|---|---|---|
| CVE‑2024‑44309 | 2024‑11‑20 00:15:17 | MEDIUM (6) | A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. | 3 | 3 | NETWORK |
| CVE‑2024‑44308 | 2024‑11‑20 00:15:17 | HIGH (9) | The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. | 3 | 6 | NETWORK |
| CVE‑2023‑42917 | 2023‑11‑30 23:15:07 | HIGH (9) | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. | 3 | 6 | NETWORK |
| CVE‑2023‑42916 | 2023‑11‑30 23:15:07 | MEDIUM (7) | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. | 3 | 4 | NETWORK |
| CVE‑2023‑37450 | 2023‑07‑27 00:15:15 | HIGH (9) | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 3 | 6 | NETWORK |
| CVE‑2023‑32439 | 2023‑06‑23 18:15:14 | HIGH (9) | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 3 | 6 | NETWORK |
| CVE‑2023‑32435 | 2023‑06‑23 18:15:14 | HIGH (9) | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. | 3 | 6 | NETWORK |
| CVE‑2023‑32409 | 2023‑06‑23 18:15:13 | HIGH (9) | The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. | 4 | 4 | NETWORK |
| CVE‑2023‑32373 | 2023‑06‑23 18:15:12 | HIGH (9) | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 3 | 6 | NETWORK |
| CVE‑2023‑28205 | 2023‑04‑10 19:15:07 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 3 | 6 | NETWORK |
| CVE‑2023‑28204 | 2023‑06‑23 18:15:11 | MEDIUM (7) | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. | 3 | 4 | NETWORK |
| CVE‑2023‑23529 | 2023‑02‑27 20:15:15 | HIGH (9) | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 3 | 6 | NETWORK |
| CVE‑2022‑42856 | 2022‑12‑15 19:15:25 | HIGH (9) | A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. | 3 | 6 | NETWORK |
| CVE‑2022‑32893 | 2022‑08‑24 20:15:09 | HIGH (9) | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 3 | 6 | NETWORK |
| CVE‑2022‑26717 | 2022‑11‑01 20:15:17 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2022‑22629 | 2022‑09‑23 20:15:09 | HIGH (9) | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2022‑22620 | 2022‑03‑18 18:15:14 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | 3 | 6 | NETWORK |
| CVE‑2021‑30849 | 2021‑10‑19 14:15:10 | HIGH (8) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 2 | 6 | LOCAL |
| CVE‑2021‑30661 | 2021‑09‑08 15:15:13 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | 3 | 6 | NETWORK |
| CVE‑2021‑23841 | 2021‑02‑16 17:15:13 | MEDIUM (6) | The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | 2 | 4 | NETWORK |
| CVE‑2021‑1825 | 2021‑09‑08 15:15:10 | MEDIUM (6) | An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. | 3 | 3 | NETWORK |
| CVE‑2020‑9947 | 2020‑12‑08 20:15:17 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑9936 | 2020‑10‑16 17:15:18 | HIGH (8) | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2 | 6 | LOCAL |
| CVE‑2020‑9925 | 2020‑10‑16 17:15:17 | MEDIUM (6) | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2020‑9916 | 2020‑10‑16 17:15:17 | MEDIUM (5) | A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL. | 4 | 1 | NETWORK |
| CVE‑2020‑9915 | 2020‑10‑16 17:15:17 | MEDIUM (7) | An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | 3 | 4 | NETWORK |
| CVE‑2020‑9910 | 2020‑10‑16 17:15:17 | HIGH (9) | Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. | 3 | 6 | NETWORK |
| CVE‑2020‑9895 | 2020‑10‑16 17:15:16 | CRITICAL (10) | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 4 | 6 | NETWORK |
| CVE‑2020‑9894 | 2020‑10‑16 17:15:16 | MEDIUM (4) | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 3 | 1 | NETWORK |
| CVE‑2020‑9893 | 2020‑10‑16 17:15:16 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑9862 | 2020‑10‑16 17:15:15 | HIGH (8) | A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. | 2 | 6 | LOCAL |
| CVE‑2020‑9850 | 2020‑06‑09 17:15:15 | CRITICAL (10) | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. | 4 | 6 | NETWORK |
| CVE‑2020‑9843 | 2020‑06‑09 17:15:15 | HIGH (7) | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. | 3 | 4 | NETWORK |
| CVE‑2020‑9807 | 2020‑06‑09 17:15:13 | HIGH (9) | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑9806 | 2020‑06‑09 17:15:12 | HIGH (9) | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑9805 | 2020‑06‑09 17:15:12 | HIGH (7) | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 4 | NETWORK |
| CVE‑2020‑9803 | 2020‑06‑09 17:15:12 | HIGH (9) | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑9802 | 2020‑06‑09 17:15:12 | HIGH (9) | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑9800 | 2020‑06‑09 17:15:12 | HIGH (9) | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑9783 | 2020‑04‑01 18:15:18 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑6514 | 2020‑07‑22 17:15:13 | MEDIUM (7) | Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. | 3 | 4 | NETWORK |
| CVE‑2020‑3902 | 2020‑04‑01 18:15:17 | MEDIUM (6) | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack. | 3 | 3 | NETWORK |
| CVE‑2020‑3901 | 2020‑04‑01 18:15:17 | HIGH (9) | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑3900 | 2020‑04‑01 18:15:17 | HIGH (9) | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑3899 | 2020‑04‑01 18:15:16 | HIGH (9) | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑3897 | 2020‑04‑01 18:15:16 | HIGH (9) | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑3895 | 2020‑04‑01 18:15:16 | HIGH (9) | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑3894 | 2020‑04‑01 18:15:16 | LOW (3) | A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. | 2 | 1 | NETWORK |
| CVE‑2020‑3887 | 2020‑04‑01 18:15:16 | MEDIUM (4) | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated. | 3 | 1 | NETWORK |
| CVE‑2020‑3885 | 2020‑04‑01 18:15:16 | MEDIUM (4) | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. | 3 | 1 | NETWORK |
| CVE‑2020‑3868 | 2020‑02‑27 21:15:18 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑3867 | 2020‑02‑27 21:15:18 | MEDIUM (6) | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2020‑3865 | 2020‑02‑27 21:15:18 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑3864 | 2020‑10‑27 21:15:15 | HIGH (8) | A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. | 2 | 6 | LOCAL |
| CVE‑2020‑3862 | 2020‑02‑27 21:15:18 | MEDIUM (7) | A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. | 3 | 4 | NETWORK |
| CVE‑2020‑3825 | 2020‑02‑27 21:15:16 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2020‑27918 | 2020‑12‑08 22:15:19 | HIGH (8) | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 2 | 6 | LOCAL |
| CVE‑2020‑15969 | 2020‑11‑03 03:15:13 | HIGH (9) | Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 3 | 6 | NETWORK |
| CVE‑2020‑15138 | 2020‑08‑07 17:15:10 | HIGH (8) | Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround. | 2 | 5 | NETWORK |
| CVE‑2019‑8898 | 2020‑10‑27 21:15:14 | MEDIUM (4) | An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited. | 3 | 1 | NETWORK |
| CVE‑2019‑8848 | 2020‑10‑27 21:15:13 | HIGH (8) | This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An application may be able to gain elevated privileges. | 2 | 6 | LOCAL |
| CVE‑2019‑8846 | 2020‑10‑27 21:15:13 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8844 | 2020‑10‑27 20:15:21 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8835 | 2020‑10‑27 20:15:21 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8827 | 2020‑10‑27 20:15:20 | MEDIUM (4) | The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited. | 3 | 1 | NETWORK |
| CVE‑2019‑8823 | 2019‑12‑18 18:15:45 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8822 | 2019‑12‑18 18:15:45 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8821 | 2019‑12‑18 18:15:45 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8820 | 2019‑12‑18 18:15:45 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8819 | 2019‑12‑18 18:15:44 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8816 | 2019‑12‑18 18:15:44 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8815 | 2019‑12‑18 18:15:44 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8814 | 2019‑12‑18 18:15:44 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8813 | 2019‑12‑18 18:15:44 | MEDIUM (6) | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2019‑8812 | 2019‑12‑18 18:15:44 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8811 | 2019‑12‑18 18:15:44 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8808 | 2019‑12‑18 18:15:43 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8783 | 2019‑12‑18 18:15:41 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8782 | 2019‑12‑18 18:15:41 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8773 | 2020‑10‑27 20:15:19 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8763 | 2019‑12‑18 18:15:39 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8762 | 2020‑10‑27 20:15:19 | MEDIUM (6) | A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2019‑8752 | 2020‑10‑27 20:15:19 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8751 | 2020‑10‑27 20:15:19 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8749 | 2020‑10‑27 20:15:18 | CRITICAL (10) | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2. | 4 | 6 | NETWORK |
| CVE‑2019‑8734 | 2020‑10‑27 20:15:18 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8728 | 2020‑10‑27 20:15:18 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8690 | 2019‑12‑18 18:15:35 | MEDIUM (6) | A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2019‑8689 | 2019‑12‑18 18:15:35 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8688 | 2019‑12‑18 18:15:35 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8687 | 2019‑12‑18 18:15:34 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8686 | 2019‑12‑18 18:15:34 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8685 | 2019‑12‑18 18:15:34 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8684 | 2019‑12‑18 18:15:34 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8683 | 2019‑12‑18 18:15:34 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8681 | 2019‑12‑18 18:15:34 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8680 | 2019‑12‑18 18:15:34 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8679 | 2019‑12‑18 18:15:33 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8678 | 2019‑12‑18 18:15:33 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8677 | 2019‑12‑18 18:15:33 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8676 | 2019‑12‑18 18:15:33 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8673 | 2019‑12‑18 18:15:33 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8672 | 2019‑12‑18 18:15:33 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8671 | 2019‑12‑18 18:15:33 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8669 | 2019‑12‑18 18:15:32 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8666 | 2019‑12‑18 18:15:32 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8658 | 2019‑12‑18 18:15:32 | MEDIUM (6) | A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2019‑8649 | 2019‑12‑18 18:15:31 | MEDIUM (6) | A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2019‑8644 | 2019‑12‑18 18:15:31 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8639 | 2020‑10‑27 20:15:17 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8638 | 2020‑10‑27 20:15:16 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8628 | 2019‑12‑18 18:15:30 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8623 | 2019‑12‑18 18:15:30 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8622 | 2019‑12‑18 18:15:30 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8619 | 2019‑12‑18 18:15:30 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8615 | 2019‑12‑18 18:15:29 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 4 | NETWORK |
| CVE‑2019‑8611 | 2019‑12‑18 18:15:29 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8610 | 2019‑12‑18 18:15:29 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8609 | 2019‑12‑18 18:15:29 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8608 | 2019‑12‑18 18:15:29 | MEDIUM (6) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 3 | NETWORK |
| CVE‑2019‑8607 | 2019‑12‑18 18:15:29 | MEDIUM (7) | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory. | 3 | 4 | NETWORK |
| CVE‑2019‑8602 | 2019‑12‑18 18:15:29 | HIGH (8) | A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to elevate privileges. | 2 | 6 | LOCAL |
| CVE‑2019‑8601 | 2019‑12‑18 18:15:29 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8597 | 2019‑12‑18 18:15:28 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 4 | NETWORK |
| CVE‑2019‑8596 | 2019‑12‑18 18:15:28 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8595 | 2019‑12‑18 18:15:28 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8594 | 2019‑12‑18 18:15:28 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8587 | 2019‑12‑18 18:15:27 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8586 | 2019‑12‑18 18:15:27 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8584 | 2019‑12‑18 18:15:27 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8583 | 2019‑12‑18 18:15:27 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8577 | 2019‑12‑18 18:15:27 | HIGH (8) | An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges. | 2 | 6 | LOCAL |
| CVE‑2019‑8571 | 2019‑12‑18 18:15:27 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8570 | 2020‑10‑27 20:15:15 | MEDIUM (7) | A logic issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, iCloud for Windows 7.10, iTunes 12.9.3 for Windows, Safari 12.0.3, tvOS 12.1.2. Processing maliciously crafted web content may disclose sensitive user information. | 3 | 4 | NETWORK |
| CVE‑2019‑8563 | 2019‑12‑18 18:15:26 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8562 | 2019‑12‑18 18:15:26 | CRITICAL (10) | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows. A sandboxed process may be able to circumvent sandbox restrictions. | 3 | 6 | NETWORK |
| CVE‑2019‑8559 | 2019‑12‑18 18:15:26 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8558 | 2019‑12‑18 18:15:26 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8556 | 2019‑12‑18 18:15:26 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8551 | 2019‑12‑18 18:15:26 | MEDIUM (6) | A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting. | 3 | 3 | NETWORK |
| CVE‑2019‑8544 | 2019‑12‑18 18:15:25 | HIGH (9) | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8536 | 2019‑12‑18 18:15:25 | HIGH (9) | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8535 | 2019‑12‑18 18:15:25 | HIGH (9) | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8524 | 2019‑12‑18 18:15:24 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8523 | 2019‑12‑18 18:15:24 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8518 | 2019‑12‑18 18:15:24 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8515 | 2019‑12‑18 18:15:23 | MEDIUM (7) | A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information. | 3 | 4 | NETWORK |
| CVE‑2019‑8506 | 2019‑12‑18 18:15:23 | HIGH (9) | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑8503 | 2019‑12‑18 18:15:23 | HIGH (9) | A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website. | 3 | 6 | NETWORK |
| CVE‑2019‑7292 | 2019‑12‑18 18:15:22 | MEDIUM (7) | A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. | 3 | 4 | NETWORK |
| CVE‑2019‑7285 | 2019‑12‑18 18:15:22 | HIGH (9) | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑6237 | 2019‑12‑18 18:15:21 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2019‑6234 | 2019‑03‑05 16:29:03 | MEDIUM (7) | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6233 | 2019‑03‑05 16:29:03 | MEDIUM (7) | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6229 | 2019‑03‑05 16:29:03 | MEDIUM (4) | A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting. | 0 | 0 | NETWORK |
| CVE‑2019‑6227 | 2019‑03‑05 16:29:02 | MEDIUM (7) | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6226 | 2019‑03‑05 16:29:02 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6217 | 2019‑03‑05 16:29:02 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6216 | 2019‑03‑05 16:29:02 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6215 | 2019‑03‑05 16:29:01 | MEDIUM (7) | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6212 | 2019‑03‑05 16:29:01 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. | 0 | 0 | NETWORK |
| CVE‑2019‑6201 | 2019‑12‑18 18:15:21 | HIGH (9) | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | 3 | 6 | NETWORK |
| CVE‑2018‑4474 | 2020‑10‑27 20:15:14 | HIGH (8) | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure. | 4 | 4 | NETWORK |
| CVE‑2018‑4464 | 2019‑04‑03 18:29:17 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4444 | 2020‑10‑27 20:15:14 | MEDIUM (7) | A logic issue was addressed with improved state management. This issue is fixed in Safari 12.0.2, iOS 12.1.1, tvOS 12.1.1, iTunes 12.9.2 for Windows. Processing maliciously crafted web content may disclose sensitive user information. | 3 | 4 | NETWORK |
| CVE‑2018‑4443 | 2019‑04‑03 18:29:17 | MEDIUM (7) | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4442 | 2019‑04‑03 18:29:16 | MEDIUM (7) | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4441 | 2019‑04‑03 18:29:16 | MEDIUM (7) | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4440 | 2019‑04‑03 18:29:16 | MEDIUM (4) | A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4439 | 2019‑04‑03 18:29:16 | MEDIUM (4) | A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4438 | 2019‑04‑03 18:29:16 | MEDIUM (7) | A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4437 | 2019‑04‑03 18:29:16 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | 0 | 0 | NETWORK |
| CVE‑2018‑4416 | 2019‑04‑03 18:29:14 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4409 | 2019‑04‑03 18:29:14 | MEDIUM (4) | A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4392 | 2019‑04‑03 18:29:13 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4386 | 2019‑04‑03 18:29:12 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4382 | 2019‑04‑03 18:29:12 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4378 | 2019‑04‑03 18:29:12 | MEDIUM (7) | A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4377 | 2019‑04‑03 18:29:12 | MEDIUM (4) | A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4376 | 2019‑04‑03 18:29:12 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4375 | 2019‑04‑03 18:29:11 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4374 | 2019‑04‑03 18:29:11 | MEDIUM (4) | A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4373 | 2019‑04‑03 18:29:11 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4372 | 2019‑04‑03 18:29:11 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | 0 | 0 | NETWORK |
| CVE‑2018‑4361 | 2019‑04‑03 18:29:10 | MEDIUM (7) | A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4360 | 2019‑04‑03 18:29:10 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4359 | 2019‑04‑03 18:29:10 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4358 | 2019‑04‑03 18:29:10 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4345 | 2019‑04‑03 18:29:09 | MEDIUM (4) | A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4328 | 2019‑04‑03 18:29:08 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4323 | 2019‑04‑03 18:29:08 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4319 | 2019‑04‑03 18:29:08 | MEDIUM (6) | A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4318 | 2019‑04‑03 18:29:07 | MEDIUM (7) | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4317 | 2019‑04‑03 18:29:07 | MEDIUM (7) | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4316 | 2019‑04‑03 18:29:07 | MEDIUM (7) | A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4315 | 2019‑04‑03 18:29:07 | MEDIUM (7) | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4314 | 2019‑04‑03 18:29:07 | MEDIUM (7) | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4312 | 2019‑04‑03 18:29:07 | MEDIUM (7) | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4311 | 2019‑04‑03 18:29:07 | MEDIUM (6) | The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4309 | 2019‑04‑03 18:29:07 | MEDIUM (4) | A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4306 | 2019‑04‑03 18:29:06 | MEDIUM (7) | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4299 | 2019‑04‑03 18:29:06 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4284 | 2019‑04‑03 18:29:05 | MEDIUM (7) | A type confusion issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4278 | 2019‑01‑11 18:29:03 | MEDIUM (4) | In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. | 0 | 0 | NETWORK |
| CVE‑2018‑4273 | 2019‑04‑03 18:29:05 | MEDIUM (4) | Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4272 | 2019‑04‑03 18:29:05 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4271 | 2019‑04‑03 18:29:04 | MEDIUM (4) | Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4270 | 2019‑04‑03 18:29:04 | MEDIUM (4) | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4269 | 2019‑04‑03 18:29:04 | MEDIUM (7) | A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4267 | 2019‑04‑03 18:29:04 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4266 | 2019‑04‑03 18:29:04 | MEDIUM (4) | A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4265 | 2019‑04‑03 18:29:04 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4264 | 2019‑04‑03 18:29:04 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4263 | 2019‑04‑03 18:29:04 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4262 | 2019‑01‑11 18:29:03 | MEDIUM (7) | In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. | 0 | 0 | NETWORK |
| CVE‑2018‑4261 | 2019‑04‑03 18:29:03 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | 0 | 0 | NETWORK |
| CVE‑2018‑4247 | 2018‑06‑08 18:29:03 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4246 | 2018‑06‑08 18:29:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages type confusion. | 0 | 0 | NETWORK |
| CVE‑2018‑4233 | 2018‑06‑08 18:29:02 | HIGH (9) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 3 | 6 | NETWORK |
| CVE‑2018‑4232 | 2018‑06‑08 18:29:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4222 | 2018‑06‑08 18:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation. | 0 | 0 | NETWORK |
| CVE‑2018‑4218 | 2018‑06‑08 18:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free. | 0 | 0 | NETWORK |
| CVE‑2018‑4214 | 2018‑06‑08 18:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to cause a denial of service (memory corruption and Safari crash) or possibly have unspecified other impact via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4213 | 2019‑01‑11 18:29:02 | MEDIUM (7) | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | 0 | 0 | NETWORK |
| CVE‑2018‑4212 | 2019‑01‑11 18:29:02 | MEDIUM (7) | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | 0 | 0 | NETWORK |
| CVE‑2018‑4210 | 2019‑01‑11 18:29:02 | MEDIUM (7) | In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. | 0 | 0 | NETWORK |
| CVE‑2018‑4209 | 2019‑01‑11 18:29:02 | MEDIUM (7) | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | 0 | 0 | NETWORK |
| CVE‑2018‑4208 | 2019‑01‑11 18:29:02 | MEDIUM (7) | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | 0 | 0 | NETWORK |
| CVE‑2018‑4207 | 2019‑01‑11 18:29:02 | MEDIUM (7) | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | 0 | 0 | NETWORK |
| CVE‑2018‑4205 | 2018‑06‑08 18:29:01 | MEDIUM (4) | An issue was discovered in certain Apple products. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4204 | 2018‑06‑08 18:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4201 | 2018‑06‑08 18:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4200 | 2018‑06‑08 18:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free. | 0 | 0 | NETWORK |
| CVE‑2018‑4199 | 2018‑06‑08 18:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4197 | 2019‑04‑03 18:29:03 | MEDIUM (7) | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4192 | 2018‑06‑08 18:29:01 | MEDIUM (5) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition. | 0 | 0 | NETWORK |
| CVE‑2018‑4191 | 2019‑04‑03 18:29:03 | MEDIUM (7) | A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | 0 | 0 | NETWORK |
| CVE‑2018‑4190 | 2018‑06‑08 18:29:00 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch. | 0 | 0 | NETWORK |
| CVE‑2018‑4188 | 2018‑06‑08 18:29:00 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4165 | 2018‑04‑03 06:29:08 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4163 | 2018‑04‑03 06:29:08 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4162 | 2018‑04‑03 06:29:07 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4161 | 2018‑04‑03 06:29:07 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4147 | 2019‑01‑11 18:29:01 | MEDIUM (7) | In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling. | 0 | 0 | NETWORK |
| CVE‑2018‑4146 | 2018‑04‑03 06:29:07 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4145 | 2019‑04‑03 18:29:02 | MEDIUM (7) | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.3, tvOS 11.3, watchOS 4.3, Safari 11.1, iTunes 12.7.4 for Windows, iCloud for Windows 7.4. | 0 | 0 | NETWORK |
| CVE‑2018‑4137 | 2018‑04‑03 06:29:06 | MEDIUM (5) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement. | 0 | 0 | NETWORK |
| CVE‑2018‑4133 | 2018‑04‑03 06:29:06 | MEDIUM (4) | An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "WebKit" component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 0 | 0 | NETWORK |
| CVE‑2018‑4130 | 2018‑04‑03 06:29:06 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4129 | 2018‑04‑03 06:29:06 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4128 | 2018‑04‑03 06:29:06 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4127 | 2018‑04‑03 06:29:06 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4125 | 2018‑04‑03 06:29:06 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4122 | 2018‑04‑03 06:29:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4121 | 2018‑04‑03 06:29:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4120 | 2018‑04‑03 06:29:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4119 | 2018‑04‑03 06:29:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4118 | 2018‑04‑03 06:29:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4117 | 2018‑04‑03 06:29:05 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4116 | 2018‑04‑03 06:29:05 | MEDIUM (4) | An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4114 | 2018‑04‑03 06:29:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4113 | 2018‑04‑03 06:29:05 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing. | 0 | 0 | NETWORK |
| CVE‑2018‑4102 | 2018‑04‑03 06:29:04 | MEDIUM (4) | An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4101 | 2018‑04‑03 06:29:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4096 | 2018‑04‑03 06:29:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4089 | 2018‑04‑03 06:29:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2018‑4088 | 2018‑04‑03 06:29:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7165 | 2018‑04‑03 06:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7161 | 2018‑04‑03 06:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection. | 0 | 0 | NETWORK |
| CVE‑2017‑7160 | 2017‑12‑27 17:08:25 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7157 | 2017‑12‑27 17:08:24 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7156 | 2017‑12‑27 17:08:24 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7153 | 2018‑04‑03 06:29:02 | MEDIUM (6) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect. | 0 | 0 | NETWORK |
| CVE‑2017‑7144 | 2017‑10‑23 01:29:14 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling. | 0 | 0 | NETWORK |
| CVE‑2017‑7142 | 2017‑10‑23 01:29:14 | MEDIUM (5) | An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites. | 0 | 0 | NETWORK |
| CVE‑2017‑7120 | 2017‑10‑23 01:29:13 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7117 | 2017‑10‑23 01:29:13 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7111 | 2017‑10‑23 01:29:13 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7109 | 2017‑10‑23 01:29:13 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy. | 0 | 0 | NETWORK |
| CVE‑2017‑7107 | 2017‑10‑23 01:29:13 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7106 | 2017‑10‑23 01:29:13 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar. | 0 | 0 | NETWORK |
| CVE‑2017‑7104 | 2017‑10‑23 01:29:13 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7102 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7100 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7099 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7098 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7096 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7095 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7094 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7093 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7092 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7091 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7090 | 2017‑10‑23 01:29:12 | MEDIUM (5) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme. | 0 | 0 | NETWORK |
| CVE‑2017‑7089 | 2017‑10‑23 01:29:12 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing. | 0 | 0 | NETWORK |
| CVE‑2017‑7087 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7085 | 2017‑10‑23 01:29:12 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar. | 0 | 0 | NETWORK |
| CVE‑2017‑7081 | 2017‑10‑23 01:29:12 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7071 | 2018‑04‑03 06:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7064 | 2017‑07‑20 16:29:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 0 | 0 | NETWORK |
| CVE‑2017‑7061 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7060 | 2017‑07‑20 16:29:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "Safari Printing" component. It allows remote attackers to cause a denial of service (excessive print dialogs) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7059 | 2017‑07‑20 16:29:02 | MEDIUM (4) | A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. | 0 | 0 | NETWORK |
| CVE‑2017‑7056 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7055 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7052 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7049 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7048 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7046 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7043 | 2017‑07‑20 16:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7042 | 2017‑07‑20 16:29:02 | HIGH (9) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7041 | 2017‑07‑20 16:29:01 | HIGH (9) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7040 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7039 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7038 | 2017‑07‑20 16:29:01 | MEDIUM (4) | A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. | 0 | 0 | NETWORK |
| CVE‑2017‑7037 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7034 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7030 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7025 | 2017‑07‑20 16:29:01 | HIGH (9) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 0 | 0 | NETWORK |
| CVE‑2017‑7024 | 2017‑07‑20 16:29:01 | HIGH (9) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 0 | 0 | NETWORK |
| CVE‑2017‑7023 | 2017‑07‑20 16:29:01 | HIGH (9) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 0 | 0 | NETWORK |
| CVE‑2017‑7022 | 2017‑07‑20 16:29:01 | HIGH (9) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 0 | 0 | NETWORK |
| CVE‑2017‑7020 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7019 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit Page Loading" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7018 | 2017‑07‑20 16:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7012 | 2017‑07‑20 16:29:00 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑7011 | 2017‑07‑20 16:29:00 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements. | 0 | 0 | NETWORK |
| CVE‑2017‑7006 | 2017‑07‑20 16:29:00 | LOW (3) | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters. | 0 | 0 | NETWORK |
| CVE‑2017‑7005 | 2018‑04‑03 06:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑6984 | 2017‑05‑22 05:29:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑6980 | 2017‑05‑22 05:29:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2549 | 2017‑05‑22 05:29:03 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with frame loading. | 0 | 0 | NETWORK |
| CVE‑2017‑2547 | 2017‑05‑22 05:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2544 | 2017‑05‑22 05:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2539 | 2017‑05‑22 05:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2538 | 2017‑05‑22 05:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2536 | 2017‑05‑22 05:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2531 | 2017‑05‑22 05:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2530 | 2017‑05‑22 05:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iCloud before 6.2.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2528 | 2017‑05‑22 05:29:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames. | 0 | 0 | NETWORK |
| CVE‑2017‑2526 | 2017‑05‑22 05:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2525 | 2017‑05‑22 05:29:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2515 | 2017‑05‑22 05:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2514 | 2017‑05‑22 05:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2511 | 2017‑05‑22 05:29:01 | MEDIUM (4) | An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2510 | 2017‑05‑22 05:29:01 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. | 0 | 0 | NETWORK |
| CVE‑2017‑2508 | 2017‑05‑22 05:29:01 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with container nodes. | 0 | 0 | NETWORK |
| CVE‑2017‑2506 | 2017‑05‑22 05:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2505 | 2017‑05‑22 05:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2504 | 2017‑05‑22 05:29:01 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with WebKit Editor commands. | 0 | 0 | NETWORK |
| CVE‑2017‑2500 | 2017‑05‑22 05:29:00 | MEDIUM (4) | An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2499 | 2017‑05‑22 05:29:00 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to execute arbitrary unsigned code or cause a denial of service (memory corruption) via a crafted app. | 0 | 0 | NETWORK |
| CVE‑2017‑2496 | 2017‑05‑22 05:29:00 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2495 | 2017‑05‑22 05:29:00 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (application crash) via a crafted web site that improperly interacts with the history menu. | 0 | 0 | NETWORK |
| CVE‑2017‑2493 | 2018‑04‑03 06:29:01 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2492 | 2018‑04‑03 06:29:01 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling. | 0 | 0 | NETWORK |
| CVE‑2017‑2486 | 2017‑04‑02 01:59:04 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2481 | 2017‑04‑02 01:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2480 | 2017‑04‑02 01:59:04 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2479 | 2017‑04‑02 01:59:04 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2476 | 2017‑04‑02 01:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2475 | 2017‑04‑02 01:59:04 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2471 | 2017‑04‑02 01:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2470 | 2017‑04‑02 01:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2469 | 2017‑04‑02 01:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2468 | 2017‑04‑02 01:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2466 | 2017‑04‑02 01:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2465 | 2017‑04‑02 01:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2464 | 2017‑04‑02 01:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2463 | 2017‑04‑02 01:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2460 | 2017‑04‑02 01:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2459 | 2017‑04‑02 01:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2457 | 2017‑04‑02 01:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2455 | 2017‑04‑02 01:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2454 | 2017‑04‑02 01:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2453 | 2017‑04‑02 01:59:03 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof FaceTime prompts in the user interface via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2447 | 2017‑04‑02 01:59:02 | MEDIUM (6) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2446 | 2017‑04‑02 01:59:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions. | 0 | 0 | NETWORK |
| CVE‑2017‑2445 | 2017‑04‑02 01:59:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects. | 0 | 0 | NETWORK |
| CVE‑2017‑2444 | 2017‑04‑02 01:59:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2442 | 2017‑04‑02 01:59:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2433 | 2017‑04‑02 01:59:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2424 | 2017‑04‑02 01:59:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2419 | 2017‑04‑02 01:59:02 | MEDIUM (5) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2017‑2405 | 2017‑04‑02 01:59:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2396 | 2017‑04‑02 01:59:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2395 | 2017‑04‑02 01:59:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2394 | 2017‑04‑02 01:59:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2392 | 2017‑04‑02 01:59:01 | MEDIUM (7) | An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. | 0 | 0 | NETWORK |
| CVE‑2017‑2389 | 2017‑04‑02 01:59:01 | MEDIUM (6) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2386 | 2017‑04‑02 01:59:01 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2385 | 2017‑04‑02 01:59:01 | LOW (2) | An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors. | 0 | 0 | LOCAL |
| CVE‑2017‑2378 | 2017‑04‑02 01:59:00 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions. | 0 | 0 | NETWORK |
| CVE‑2017‑2377 | 2017‑04‑02 01:59:00 | MEDIUM (5) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state. | 0 | 0 | NETWORK |
| CVE‑2017‑2376 | 2017‑04‑02 01:59:00 | MEDIUM (5) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page. | 0 | 0 | NETWORK |
| CVE‑2017‑2373 | 2017‑02‑20 08:59:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2369 | 2017‑02‑20 08:59:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2367 | 2017‑04‑02 01:59:00 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2366 | 2017‑02‑20 08:59:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2365 | 2017‑02‑20 08:59:05 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2364 | 2017‑02‑20 08:59:05 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2363 | 2017‑02‑20 08:59:05 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2362 | 2017‑02‑20 08:59:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2359 | 2017‑02‑20 08:59:05 | MEDIUM (4) | An issue was discovered in certain Apple products. Safari before 10.0.3 is affected. The issue involves the "Safari" component, which allows remote attackers to spoof the address bar via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2356 | 2017‑02‑20 08:59:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2355 | 2017‑02‑20 08:59:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2354 | 2017‑02‑20 08:59:05 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑2350 | 2017‑02‑20 08:59:05 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13885 | 2018‑04‑03 06:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13884 | 2018‑04‑03 06:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13870 | 2017‑12‑25 21:29:15 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13866 | 2017‑12‑25 21:29:14 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13856 | 2017‑12‑25 21:29:14 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13803 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13802 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13798 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13797 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13796 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13795 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13794 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13793 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13792 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13791 | 2017‑11‑13 03:29:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13790 | 2017‑11‑13 03:29:01 | MEDIUM (4) | An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13789 | 2017‑11‑13 03:29:00 | MEDIUM (4) | An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13788 | 2017‑11‑13 03:29:00 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13785 | 2017‑11‑13 03:29:00 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13784 | 2017‑11‑13 03:29:00 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2017‑13783 | 2017‑11‑13 03:29:00 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7656 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7654 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7652 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7650 | 2017‑02‑20 08:59:04 | LOW (3) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "Safari Reader" component, which allows remote attackers to conduct UXSS attacks via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7649 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7648 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7646 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7645 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7642 | 2017‑02‑20 08:59:04 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7641 | 2017‑02‑20 08:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7640 | 2017‑02‑20 08:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7639 | 2017‑02‑20 08:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7635 | 2017‑02‑20 08:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7632 | 2017‑02‑20 08:59:03 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7623 | 2017‑02‑20 08:59:03 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a blob URL on a web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7613 | 2017‑02‑20 08:59:03 | HIGH (9) | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling during process spawning. | 0 | 0 | NETWORK |
| CVE‑2016‑7611 | 2017‑02‑20 08:59:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7610 | 2017‑02‑20 08:59:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7599 | 2017‑02‑20 08:59:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects. | 0 | 0 | NETWORK |
| CVE‑2016‑7598 | 2017‑02‑20 08:59:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7592 | 2017‑02‑20 08:59:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7589 | 2017‑02‑20 08:59:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7587 | 2017‑02‑20 08:59:02 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7586 | 2017‑02‑20 08:59:02 | MEDIUM (4) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑7578 | 2017‑02‑20 08:59:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4769 | 2016‑09‑25 11:00:03 | MEDIUM (7) | WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4768 | 2016‑09‑25 11:00:02 | MEDIUM (7) | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767. | 0 | 0 | NETWORK |
| CVE‑2016‑4767 | 2016‑09‑25 11:00:00 | MEDIUM (7) | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768. | 0 | 0 | NETWORK |
| CVE‑2016‑4766 | 2016‑09‑25 10:59:59 | MEDIUM (7) | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768. | 0 | 0 | NETWORK |
| CVE‑2016‑4765 | 2016‑09‑25 10:59:58 | MEDIUM (7) | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768. | 0 | 0 | NETWORK |
| CVE‑2016‑4764 | 2017‑02‑20 08:59:01 | HIGH (9) | An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 3 | 6 | NETWORK |
| CVE‑2016‑4763 | 2016‑09‑25 10:59:57 | MEDIUM (5) | WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 0 | 0 | NETWORK |
| CVE‑2016‑4762 | 2016‑09‑25 10:59:56 | MEDIUM (7) | WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4760 | 2016‑09‑25 10:59:55 | MEDIUM (4) | WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. | 0 | 0 | NETWORK |
| CVE‑2016‑4759 | 2016‑09‑25 10:59:54 | MEDIUM (7) | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768. | 0 | 0 | NETWORK |
| CVE‑2016‑4758 | 2016‑09‑25 10:59:53 | MEDIUM (4) | WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4751 | 2016‑09‑25 10:59:48 | MEDIUM (4) | The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4743 | 2017‑02‑20 08:59:01 | MEDIUM (6) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4737 | 2016‑09‑25 10:59:41 | HIGH (9) | WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4735 | 2016‑09‑25 10:59:39 | HIGH (9) | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734. | 0 | 0 | NETWORK |
| CVE‑2016‑4734 | 2016‑09‑25 10:59:38 | HIGH (9) | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735. | 0 | 0 | NETWORK |
| CVE‑2016‑4733 | 2016‑09‑25 10:59:37 | HIGH (9) | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735. | 0 | 0 | NETWORK |
| CVE‑2016‑4731 | 2016‑09‑25 10:59:36 | HIGH (9) | WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729. | 0 | 0 | NETWORK |
| CVE‑2016‑4730 | 2016‑09‑25 10:59:34 | HIGH (9) | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735. | 0 | 0 | NETWORK |
| CVE‑2016‑4729 | 2016‑09‑25 10:59:33 | HIGH (9) | WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731. | 0 | 0 | NETWORK |
| CVE‑2016‑4728 | 2016‑09‑25 10:59:32 | MEDIUM (7) | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4692 | 2017‑02‑20 08:59:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4677 | 2017‑02‑20 08:59:01 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4676 | 2020‑02‑03 18:15:12 | HIGH (8) | A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information. | 4 | 4 | NETWORK |
| CVE‑2016‑4666 | 2017‑02‑20 08:59:00 | MEDIUM (7) | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4651 | 2016‑07‑22 03:00:09 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability. | 0 | 0 | NETWORK |
| CVE‑2016‑4624 | 2016‑07‑22 02:59:45 | MEDIUM (7) | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623. | 0 | 0 | NETWORK |
| CVE‑2016‑4623 | 2016‑07‑22 02:59:43 | MEDIUM (7) | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624. | 0 | 0 | NETWORK |
| CVE‑2016‑4622 | 2016‑07‑22 02:59:42 | MEDIUM (7) | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624. | 0 | 0 | NETWORK |
| CVE‑2016‑4618 | 2016‑09‑25 10:59:01 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." | 0 | 0 | NETWORK |
| CVE‑2016‑4613 | 2017‑02‑20 08:59:00 | MEDIUM (4) | An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4611 | 2016‑09‑25 10:59:00 | MEDIUM (7) | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735. | 0 | 0 | NETWORK |
| CVE‑2016‑4604 | 2016‑07‑22 02:59:28 | MEDIUM (6) | Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number. | 0 | 0 | NETWORK |
| CVE‑2016‑4592 | 2016‑07‑22 02:59:16 | HIGH (7) | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4591 | 2016‑07‑22 02:59:14 | HIGH (8) | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2016‑4590 | 2016‑07‑22 02:59:13 | MEDIUM (4) | WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4589 | 2016‑07‑22 02:59:12 | MEDIUM (7) | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624. | 0 | 0 | NETWORK |
| CVE‑2016‑4586 | 2016‑07‑22 02:59:09 | MEDIUM (7) | WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4585 | 2016‑07‑22 02:59:08 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari. | 0 | 0 | NETWORK |
| CVE‑2016‑4584 | 2016‑07‑22 02:59:07 | MEDIUM (7) | The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑4583 | 2016‑07‑22 02:59:06 | LOW (3) | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document. | 0 | 0 | NETWORK |
| CVE‑2016‑1864 | 2016‑06‑19 20:59:11 | MEDIUM (5) | The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL. | 0 | 0 | NETWORK |
| CVE‑2016‑1859 | 2016‑05‑20 11:00:13 | MEDIUM (7) | The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑1858 | 2016‑05‑20 11:00:12 | MEDIUM (4) | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑1857 | 2016‑05‑20 11:00:11 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. | 0 | 0 | NETWORK |
| CVE‑2016‑1856 | 2016‑05‑20 11:00:10 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857. | 0 | 0 | NETWORK |
| CVE‑2016‑1855 | 2016‑05‑20 11:00:09 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857. | 0 | 0 | NETWORK |
| CVE‑2016‑1854 | 2016‑05‑20 11:00:08 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857. | 0 | 0 | NETWORK |
| CVE‑2016‑1849 | 2016‑05‑20 11:00:03 | LOW (2) | The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory. | 0 | 0 | LOCAL |
| CVE‑2016‑1786 | 2016‑03‑24 01:59:53 | MEDIUM (6) | The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑1785 | 2016‑03‑24 01:59:52 | MEDIUM (4) | The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑1784 | 2016‑03‑24 01:59:51 | MEDIUM (4) | The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑1783 | 2016‑03‑24 01:59:50 | HIGH (9) | WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑1782 | 2016‑03‑24 01:59:49 | MEDIUM (4) | WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑1781 | 2016‑03‑24 01:59:48 | MEDIUM (4) | WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2016‑1779 | 2016‑03‑24 01:59:47 | MEDIUM (4) | WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request. | 0 | 0 | NETWORK |
| CVE‑2016‑1778 | 2016‑03‑24 01:59:46 | HIGH (9) | WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑1772 | 2016‑03‑24 01:59:40 | MEDIUM (4) | The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2016‑1771 | 2016‑03‑24 01:59:39 | HIGH (7) | The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑1728 | 2016‑02‑01 11:59:13 | MEDIUM (4) | The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2016‑1727 | 2016‑02‑01 11:59:12 | HIGH (9) | WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724. | 0 | 0 | NETWORK |
| CVE‑2016‑1726 | 2016‑02‑01 11:59:11 | HIGH (9) | WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725. | 0 | 0 | NETWORK |
| CVE‑2016‑1725 | 2016‑02‑01 11:59:10 | HIGH (9) | WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726. | 0 | 0 | NETWORK |
| CVE‑2016‑1724 | 2016‑02‑01 11:59:09 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727. | 0 | 0 | NETWORK |
| CVE‑2016‑1723 | 2016‑02‑01 11:59:07 | HIGH (9) | WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726. | 0 | 0 | NETWORK |
| CVE‑2015‑7104 | 2015‑12‑11 12:00:02 | MEDIUM (7) | WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2015‑7103 | 2015‑12‑11 12:00:01 | MEDIUM (7) | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7102. | 0 | 0 | NETWORK |
| CVE‑2015‑7102 | 2015‑12‑11 12:00:00 | MEDIUM (7) | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7103. | 0 | 0 | NETWORK |
| CVE‑2015‑7101 | 2015‑12‑11 11:59:59 | MEDIUM (7) | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, and CVE-2015-7103. | 0 | 0 | NETWORK |
| CVE‑2015‑7100 | 2015‑12‑11 11:59:57 | MEDIUM (7) | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103. | 0 | 0 | NETWORK |
| CVE‑2015‑7099 | 2015‑12‑11 11:59:56 | MEDIUM (7) | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103. | 0 | 0 | NETWORK |
| CVE‑2015‑7098 | 2015‑12‑11 11:59:55 | MEDIUM (7) | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103. | 0 | 0 | NETWORK |
| CVE‑2015‑7097 | 2015‑12‑11 11:59:54 | MEDIUM (7) | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103. | 0 | 0 | NETWORK |
| CVE‑2015‑7096 | 2015‑12‑11 11:59:54 | MEDIUM (7) | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103. | 0 | 0 | NETWORK |
| CVE‑2015‑7095 | 2015‑12‑11 11:59:53 | MEDIUM (7) | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103. | 0 | 0 | NETWORK |
| CVE‑2015‑7093 | 2015‑12‑11 11:59:51 | MEDIUM (4) | Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2015‑7050 | 2015‑12‑11 11:59:16 | MEDIUM (4) | WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2015‑7048 | 2015‑12‑11 11:59:14 | MEDIUM (7) | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103. | 0 | 0 | NETWORK |
| CVE‑2015‑7014 | 2015‑10‑23 21:59:49 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑7012 | 2015‑10‑23 21:59:47 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑7011 | 2015‑10‑23 21:59:46 | MEDIUM (7) | WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑7002 | 2015‑10‑23 21:59:39 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑5931 | 2015‑10‑23 21:59:08 | MEDIUM (7) | WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑5930 | 2015‑10‑23 21:59:07 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑5929 | 2015‑10‑23 21:59:06 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑5928 | 2015‑10‑23 21:59:05 | MEDIUM (7) | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 0 | 0 | NETWORK |
| CVE‑2015‑5828 | 2015‑10‑09 05:59:02 | MEDIUM (4) | The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2015‑5827 | 2015‑09‑18 10:59:47 | MEDIUM (5) | WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. | 0 | 0 | NETWORK |
| CVE‑2015‑5826 | 2015‑09‑18 10:59:45 | MEDIUM (4) | WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2015‑5825 | 2015‑09‑18 10:59:44 | MEDIUM (4) | WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code. | 0 | 0 | NETWORK |
| CVE‑2015‑5823 | 2015‑09‑18 10:59:42 | MEDIUM (7) | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5822 | 2015‑09‑18 10:59:41 | MEDIUM (7) | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5821 | 2015‑09‑18 10:59:40 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5820 | 2015‑09‑18 10:59:39 | MEDIUM (4) | WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL. | 0 | 0 | NETWORK |
| CVE‑2015‑5819 | 2015‑09‑18 10:59:38 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5818 | 2015‑09‑18 10:59:37 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5817 | 2015‑09‑18 10:59:36 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5816 | 2015‑09‑18 10:59:35 | MEDIUM (7) | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5815 | 2015‑09‑18 10:59:34 | MEDIUM (7) | WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5814 | 2015‑09‑18 10:59:33 | MEDIUM (7) | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5813 | 2015‑09‑18 10:59:32 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5812 | 2015‑09‑18 10:59:31 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5811 | 2015‑09‑18 10:59:30 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5810 | 2015‑09‑18 10:59:29 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5809 | 2015‑09‑18 10:59:28 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5808 | 2015‑09‑18 10:59:27 | MEDIUM (7) | WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5807 | 2015‑09‑18 10:59:26 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5806 | 2015‑09‑18 10:59:26 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5805 | 2015‑09‑18 10:59:25 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5804 | 2015‑09‑18 10:59:24 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5803 | 2015‑09‑18 10:59:23 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5802 | 2015‑09‑18 10:59:22 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5801 | 2015‑09‑18 10:59:21 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5800 | 2015‑09‑18 10:59:20 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5799 | 2015‑09‑18 10:59:19 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5798 | 2015‑09‑18 10:59:18 | MEDIUM (7) | WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5797 | 2015‑09‑18 10:59:17 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5796 | 2015‑09‑18 10:59:16 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5795 | 2015‑09‑18 10:59:15 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5794 | 2015‑09‑18 10:59:13 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5793 | 2015‑09‑18 10:59:12 | MEDIUM (7) | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5792 | 2015‑09‑18 10:59:11 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5791 | 2015‑09‑18 10:59:10 | MEDIUM (7) | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5790 | 2015‑09‑18 10:59:09 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5789 | 2015‑09‑18 10:59:08 | MEDIUM (7) | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 0 | 0 | NETWORK |
| CVE‑2015‑5788 | 2015‑09‑18 10:59:07 | MEDIUM (4) | The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. | 0 | 0 | NETWORK |
| CVE‑2015‑5780 | 2015‑10‑09 05:59:01 | HIGH (10) | The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors. | 0 | 0 | NETWORK |
| CVE‑2015‑5767 | 2015‑09‑18 10:59:06 | MEDIUM (4) | The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765. | 0 | 0 | NETWORK |
| CVE‑2015‑5765 | 2015‑09‑18 10:59:05 | MEDIUM (4) | The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767. | 0 | 0 | NETWORK |
| CVE‑2015‑5764 | 2015‑09‑18 10:59:04 | MEDIUM (4) | The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767. | 0 | 0 | NETWORK |
| CVE‑2015‑5748 | 2015‑08‑17 00:00:27 | LOW (2) | The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. | 0 | 0 | LOCAL |
| CVE‑2015‑3801 | 2015‑09‑18 10:59:03 | MEDIUM (5) | The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2015‑3755 | 2015‑08‑16 23:59:29 | MEDIUM (4) | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. | 0 | 0 | NETWORK |
| CVE‑2015‑3754 | 2015‑08‑16 23:59:28 | MEDIUM (4) | The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2015‑3753 | 2015‑08‑16 23:59:27 | MEDIUM (5) | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource. | 0 | 0 | NETWORK |
| CVE‑2015‑3752 | 2015‑08‑16 23:59:26 | MEDIUM (5) | The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request. | 0 | 0 | NETWORK |
| CVE‑2015‑3751 | 2015‑08‑16 23:59:24 | MEDIUM (5) | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element. | 0 | 0 | NETWORK |
| CVE‑2015‑3750 | 2015‑08‑16 23:59:24 | MEDIUM (6) | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream. | 0 | 0 | NETWORK |
| CVE‑2015‑3749 | 2015‑08‑16 23:59:23 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3748 | 2015‑08‑16 23:59:22 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3747 | 2015‑08‑16 23:59:21 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3746 | 2015‑08‑16 23:59:19 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3745 | 2015‑08‑16 23:59:18 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3744 | 2015‑08‑16 23:59:17 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3743 | 2015‑08‑16 23:59:16 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3742 | 2015‑08‑16 23:59:15 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3741 | 2015‑08‑16 23:59:14 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3740 | 2015‑08‑16 23:59:13 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3739 | 2015‑08‑16 23:59:12 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3738 | 2015‑08‑16 23:59:11 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3737 | 2015‑08‑16 23:59:10 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3736 | 2015‑08‑16 23:59:09 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3735 | 2015‑08‑16 23:59:08 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3734 | 2015‑08‑16 23:59:07 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3733 | 2015‑08‑16 23:59:06 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3732 | 2015‑08‑16 23:59:05 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3731 | 2015‑08‑16 23:59:04 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3730 | 2015‑08‑16 23:59:03 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 0 | 0 | NETWORK |
| CVE‑2015‑3729 | 2015‑08‑16 23:59:01 | MEDIUM (4) | Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site. | 0 | 0 | NETWORK |
| CVE‑2015‑3727 | 2015‑07‑03 02:00:18 | MEDIUM (7) | WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2015‑3660 | 2015‑07‑03 01:59:20 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content. | 0 | 0 | NETWORK |
| CVE‑2015‑3659 | 2015‑07‑03 01:59:19 | MEDIUM (7) | The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2015‑3658 | 2015‑07‑03 01:59:17 | MEDIUM (7) | The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2015‑1156 | 2015‑05‑08 00:59:05 | MEDIUM (4) | The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2015‑1155 | 2015‑05‑08 00:59:04 | MEDIUM (4) | The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2015‑1154 | 2015‑05‑08 00:59:03 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153. | 0 | 0 | NETWORK |
| CVE‑2015‑1153 | 2015‑05‑08 00:59:02 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154. | 0 | 0 | NETWORK |
| CVE‑2015‑1152 | 2015‑05‑08 00:59:00 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154. | 0 | 0 | NETWORK |
| CVE‑2015‑1129 | 2015‑04‑10 14:59:42 | MEDIUM (4) | Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2015‑1128 | 2015‑04‑10 14:59:41 | MEDIUM (5) | The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests. | 0 | 0 | NETWORK |
| CVE‑2015‑1127 | 2015‑04‑10 14:59:40 | LOW (2) | The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries. | 0 | 0 | LOCAL |
| CVE‑2015‑1126 | 2015‑04‑10 14:59:40 | MEDIUM (4) | WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2015‑1124 | 2015‑04‑10 14:59:38 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | 0 | 0 | NETWORK |
| CVE‑2015‑1122 | 2015‑04‑10 14:59:36 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | 0 | 0 | NETWORK |
| CVE‑2015‑1121 | 2015‑04‑10 14:59:35 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | 0 | 0 | NETWORK |
| CVE‑2015‑1120 | 2015‑04‑10 14:59:34 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | 0 | 0 | NETWORK |
| CVE‑2015‑1119 | 2015‑04‑10 14:59:34 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | 0 | 0 | NETWORK |
| CVE‑2015‑1112 | 2015‑04‑10 14:59:27 | MEDIUM (5) | Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file. | 0 | 0 | NETWORK |
| CVE‑2015‑1084 | 2015‑03‑18 22:59:15 | MEDIUM (5) | The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. | 0 | 0 | NETWORK |
| CVE‑2015‑1083 | 2015‑03‑18 22:59:14 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2015‑1082 | 2015‑03‑18 22:59:13 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2015‑1081 | 2015‑03‑18 22:59:13 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2015‑1080 | 2015‑03‑18 22:59:12 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2015‑1079 | 2015‑03‑18 22:59:11 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2015‑1078 | 2015‑03‑18 22:59:10 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2015‑1077 | 2015‑03‑18 22:59:09 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2015‑1076 | 2015‑03‑18 22:59:08 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2015‑1075 | 2015‑03‑18 22:59:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2015‑1074 | 2015‑03‑18 22:59:06 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2015‑1073 | 2015‑03‑18 22:59:05 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2015‑1072 | 2015‑03‑18 22:59:04 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2015‑1071 | 2015‑03‑18 22:59:03 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2015‑1070 | 2015‑03‑18 22:59:02 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2015‑1069 | 2015‑03‑18 22:59:02 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2015‑1068 | 2015‑03‑18 22:59:00 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 0 | 0 | NETWORK |
| CVE‑2014‑4479 | 2015‑01‑30 11:59:12 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477. | 0 | 0 | NETWORK |
| CVE‑2014‑4477 | 2015‑01‑30 11:59:11 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479. | 0 | 0 | NETWORK |
| CVE‑2014‑4476 | 2015‑01‑30 11:59:10 | MEDIUM (7) | WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479. | 0 | 0 | NETWORK |
| CVE‑2014‑4475 | 2014‑12‑10 21:59:12 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. | 0 | 0 | NETWORK |
| CVE‑2014‑4474 | 2014‑12‑10 21:59:11 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. | 0 | 0 | NETWORK |
| CVE‑2014‑4473 | 2014‑12‑10 21:59:10 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. | 0 | 0 | NETWORK |
| CVE‑2014‑4472 | 2014‑12‑10 21:59:09 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. | 0 | 0 | NETWORK |
| CVE‑2014‑4471 | 2014‑12‑10 21:59:08 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. | 0 | 0 | NETWORK |
| CVE‑2014‑4470 | 2014‑12‑10 21:59:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. | 0 | 0 | NETWORK |
| CVE‑2014‑4469 | 2014‑12‑10 21:59:06 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. | 0 | 0 | NETWORK |
| CVE‑2014‑4468 | 2014‑12‑10 21:59:05 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. | 0 | 0 | NETWORK |
| CVE‑2014‑4466 | 2014‑12‑10 21:59:04 | HIGH (8) | WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. | 0 | 0 | NETWORK |
| CVE‑2014‑4465 | 2014‑12‑10 21:59:03 | MEDIUM (5) | WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element. | 0 | 0 | NETWORK |
| CVE‑2014‑4459 | 2014‑11‑18 11:59:07 | MEDIUM (7) | Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. | 0 | 0 | NETWORK |
| CVE‑2014‑4452 | 2014‑11‑18 11:59:01 | MEDIUM (5) | WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. | 0 | 0 | ADJACENT_NETWORK |
| CVE‑2014‑4415 | 2014‑09‑18 10:55:10 | MEDIUM (7) | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 0 | 0 | NETWORK |
| CVE‑2014‑4363 | 2014‑09‑18 10:55:09 | MEDIUM (5) | Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. | 0 | 0 | NETWORK |
| CVE‑2014‑3192 | 2014‑10‑08 10:55:06 | HIGH (8) | Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2014‑1390 | 2014‑08‑14 11:15:23 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. | 0 | 0 | NETWORK |
| CVE‑2014‑1389 | 2014‑08‑14 11:15:23 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. | 0 | 0 | NETWORK |
| CVE‑2014‑1388 | 2014‑08‑14 11:15:23 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. | 0 | 0 | NETWORK |
| CVE‑2014‑1387 | 2014‑08‑14 11:15:23 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. | 0 | 0 | NETWORK |
| CVE‑2014‑1386 | 2014‑08‑14 11:15:23 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. | 0 | 0 | NETWORK |
| CVE‑2014‑1385 | 2014‑08‑14 11:15:23 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. | 0 | 0 | NETWORK |
| CVE‑2014‑1384 | 2014‑08‑14 11:15:23 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. | 0 | 0 | NETWORK |
| CVE‑2014‑1382 | 2014‑07‑01 10:17:28 | MEDIUM (7) | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. | 0 | 0 | NETWORK |
| CVE‑2014‑1369 | 2014‑07‑01 10:17:27 | MEDIUM (4) | WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2014‑1368 | 2014‑07‑01 10:17:27 | MEDIUM (7) | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. | 0 | 0 | NETWORK |
| CVE‑2014‑1367 | 2014‑07‑01 10:17:27 | MEDIUM (7) | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. | 0 | 0 | NETWORK |
| CVE‑2014‑1366 | 2014‑07‑01 10:17:27 | MEDIUM (7) | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. | 0 | 0 | NETWORK |
| CVE‑2014‑1365 | 2014‑07‑01 10:17:27 | MEDIUM (7) | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. | 0 | 0 | NETWORK |
| CVE‑2014‑1364 | 2014‑07‑01 10:17:27 | MEDIUM (7) | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. | 0 | 0 | NETWORK |
| CVE‑2014‑1363 | 2014‑07‑01 10:17:27 | MEDIUM (7) | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. | 0 | 0 | NETWORK |
| CVE‑2014‑1362 | 2014‑07‑01 10:17:27 | MEDIUM (7) | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. | 0 | 0 | NETWORK |
| CVE‑2014‑1346 | 2014‑05‑22 19:55:08 | MEDIUM (5) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL. | 0 | 0 | NETWORK |
| CVE‑2014‑1345 | 2014‑07‑01 10:17:26 | MEDIUM (4) | WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2014‑1344 | 2014‑05‑22 19:55:08 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1343 | 2014‑05‑22 19:55:08 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1342 | 2014‑05‑22 19:55:08 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1341 | 2014‑05‑22 19:55:08 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1340 | 2014‑07‑01 10:17:26 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1339 | 2014‑05‑22 19:55:08 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1338 | 2014‑05‑22 19:55:08 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1337 | 2014‑05‑22 19:55:08 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1336 | 2014‑05‑22 19:55:08 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1335 | 2014‑05‑22 19:55:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1334 | 2014‑05‑22 19:55:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1333 | 2014‑05‑22 19:55:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1331 | 2014‑05‑22 19:55:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1330 | 2014‑05‑22 19:55:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1329 | 2014‑05‑22 19:55:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1327 | 2014‑05‑22 19:55:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1326 | 2014‑05‑22 19:55:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1325 | 2014‑07‑01 10:17:26 | MEDIUM (7) | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. | 0 | 0 | NETWORK |
| CVE‑2014‑1324 | 2014‑05‑22 19:55:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1323 | 2014‑05‑22 19:55:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1313 | 2014‑04‑02 16:17:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1312 | 2014‑04‑02 16:17:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1311 | 2014‑04‑02 16:17:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1310 | 2014‑04‑02 16:17:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1309 | 2014‑04‑02 16:17:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1308 | 2014‑04‑02 16:17:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1307 | 2014‑04‑02 16:17:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1305 | 2014‑04‑02 16:17:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1304 | 2014‑04‑02 16:17:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1303 | 2014‑03‑26 14:55:06 | HIGH (10) | Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014. | 0 | 0 | NETWORK |
| CVE‑2014‑1302 | 2014‑04‑02 16:17:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1301 | 2014‑04‑02 16:17:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1300 | 2014‑03‑26 14:55:06 | HIGH (10) | Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014. | 0 | 0 | NETWORK |
| CVE‑2014‑1299 | 2014‑04‑02 16:17:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1298 | 2014‑04‑02 16:17:07 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | 0 | 0 | NETWORK |
| CVE‑2014‑1297 | 2014‑04‑02 16:17:07 | MEDIUM (5) | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access. | 0 | 0 | NETWORK |
| CVE‑2014‑1270 | 2014‑02‑27 01:55:04 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269. | 0 | 0 | NETWORK |
| CVE‑2014‑1269 | 2014‑02‑27 01:55:04 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270. | 0 | 0 | NETWORK |
| CVE‑2014‑1268 | 2014‑02‑27 01:55:04 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270. | 0 | 0 | NETWORK |
| CVE‑2013‑7127 | 2013‑12‑17 15:21:29 | LOW (2) | Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file. | 0 | 0 | LOCAL |
| CVE‑2013‑6835 | 2014‑03‑14 10:55:06 | MEDIUM (5) | TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL. | 0 | 0 | NETWORK |
| CVE‑2013‑5228 | 2013‑12‑18 16:04:33 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 0 | 0 | NETWORK |
| CVE‑2013‑5227 | 2013‑12‑18 16:04:33 | MEDIUM (6) | Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields. | 0 | 0 | NETWORK |
| CVE‑2013‑5225 | 2013‑12‑18 16:04:33 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 0 | 0 | NETWORK |
| CVE‑2013‑5199 | 2013‑12‑18 16:04:33 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 0 | 0 | NETWORK |
| CVE‑2013‑5198 | 2013‑12‑18 16:04:33 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 0 | 0 | NETWORK |
| CVE‑2013‑5197 | 2013‑12‑18 16:04:28 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 0 | 0 | NETWORK |
| CVE‑2013‑5196 | 2013‑12‑18 16:04:28 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 0 | 0 | NETWORK |
| CVE‑2013‑5195 | 2013‑12‑18 16:04:24 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 0 | 0 | NETWORK |
| CVE‑2013‑5130 | 2013‑10‑24 10:53:10 | MEDIUM (5) | WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files. | 0 | 0 | NETWORK |
| CVE‑2013‑1047 | 2013‑09‑19 10:27:56 | MEDIUM (7) | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | 0 | 0 | NETWORK |
| CVE‑2013‑1041 | 2013‑09‑19 10:27:56 | MEDIUM (7) | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | 0 | 0 | NETWORK |
| CVE‑2013‑1040 | 2013‑09‑19 10:27:56 | MEDIUM (7) | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | 0 | 0 | NETWORK |
| CVE‑2013‑1039 | 2013‑09‑19 10:27:56 | MEDIUM (7) | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | 0 | 0 | NETWORK |
| CVE‑2013‑1038 | 2013‑09‑19 10:27:56 | MEDIUM (7) | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | 0 | 0 | NETWORK |
| CVE‑2013‑1037 | 2013‑09‑19 10:27:56 | MEDIUM (7) | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | 0 | 0 | NETWORK |
| CVE‑2013‑1023 | 2013‑06‑05 14:39:56 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009. | 0 | 0 | NETWORK |
| CVE‑2013‑1013 | 2013‑06‑05 14:39:56 | MEDIUM (4) | XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2013‑1012 | 2013‑06‑05 14:39:56 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. | 0 | 0 | NETWORK |
| CVE‑2013‑1009 | 2013‑06‑05 14:39:56 | MEDIUM (7) | WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023. | 0 | 0 | NETWORK |
| CVE‑2013‑0961 | 2013‑03‑15 20:55:11 | MEDIUM (7) | WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960. | 0 | 0 | NETWORK |
| CVE‑2013‑0960 | 2013‑03‑15 20:55:11 | MEDIUM (7) | WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961. | 0 | 0 | NETWORK |
| CVE‑2012‑5851 | 2012‑11‑15 11:58:40 | MEDIUM (4) | html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108. | 0 | 0 | NETWORK |
| CVE‑2012‑3748 | 2012‑11‑03 17:55:02 | MEDIUM (5) | Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. | 0 | 0 | NETWORK |
| CVE‑2012‑3715 | 2012‑09‑20 21:55:03 | MEDIUM (4) | Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network. | 0 | 0 | NETWORK |
| CVE‑2012‑3714 | 2012‑09‑20 21:55:03 | MEDIUM (4) | The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2012‑3713 | 2012‑09‑20 21:55:02 | MEDIUM (4) | Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document. | 0 | 0 | NETWORK |
| CVE‑2012‑3697 | 2012‑07‑25 19:55:06 | HIGH (7) | WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise. | 0 | 0 | NETWORK |
| CVE‑2012‑3696 | 2012‑07‑25 19:55:06 | MEDIUM (4) | CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling. | 0 | 0 | NETWORK |
| CVE‑2012‑3695 | 2012‑07‑25 19:55:06 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property. | 0 | 0 | NETWORK |
| CVE‑2012‑3694 | 2012‑07‑25 19:55:06 | MEDIUM (4) | WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2012‑3693 | 2012‑07‑25 19:55:06 | MEDIUM (5) | Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs. | 0 | 0 | NETWORK |
| CVE‑2012‑3691 | 2012‑07‑25 19:55:06 | MEDIUM (6) | WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2012‑3690 | 2012‑07‑25 19:55:06 | MEDIUM (4) | WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2012‑3689 | 2012‑07‑25 19:55:06 | MEDIUM (6) | WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2012‑3686 | 2012‑07‑25 20:55:05 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3683 | 2012‑07‑25 20:55:05 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3682 | 2012‑07‑25 20:55:05 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3681 | 2012‑07‑25 20:55:05 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3680 | 2012‑07‑25 20:55:05 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3679 | 2012‑07‑25 20:55:05 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3678 | 2012‑07‑25 20:55:05 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3674 | 2012‑07‑25 20:55:05 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3670 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3669 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3668 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3667 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3666 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3665 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3664 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3663 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3661 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3656 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3655 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3653 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3650 | 2012‑07‑25 19:55:06 | MEDIUM (4) | WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2012‑3646 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3645 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3644 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3642 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3641 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3640 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3639 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3638 | 2012‑07‑25 20:55:04 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3637 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3636 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3635 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3634 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3633 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3631 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3630 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3629 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3628 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3627 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3626 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3625 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3620 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3618 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3615 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3611 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3610 | 2012‑07‑25 20:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3609 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3608 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3605 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3604 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3603 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3600 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3599 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3597 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3596 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3595 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3594 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3593 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3592 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3591 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3590 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑3589 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑1521 | 2012‑05‑01 10:12:04 | MEDIUM (7) | Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2012‑1520 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑0683 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑0682 | 2012‑07‑25 20:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | 0 | 0 | NETWORK |
| CVE‑2012‑0680 | 2012‑07‑25 19:55:02 | MEDIUM (5) | Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | 0 | 0 | NETWORK |
| CVE‑2012‑0679 | 2012‑07‑25 19:55:02 | MEDIUM (4) | Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL. | 0 | 0 | NETWORK |
| CVE‑2012‑0678 | 2012‑07‑25 19:55:02 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL. | 0 | 0 | NETWORK |
| CVE‑2012‑0676 | 2012‑05‑11 03:49:59 | MEDIUM (5) | WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2012‑0647 | 2012‑03‑12 21:55:01 | MEDIUM (5) | WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | 0 | 0 | NETWORK |
| CVE‑2012‑0640 | 2012‑03‑12 21:55:01 | MEDIUM (5) | WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie. | 0 | 0 | NETWORK |
| CVE‑2012‑0637 | 2012‑03‑08 22:55:04 | HIGH (8) | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 0 | 0 | NETWORK |
| CVE‑2012‑0636 | 2012‑03‑08 22:55:04 | HIGH (8) | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 0 | 0 | NETWORK |
| CVE‑2012‑0584 | 2012‑03‑12 21:55:01 | MEDIUM (6) | The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs. | 0 | 0 | NETWORK |
| CVE‑2011‑4692 | 2011‑12‑07 19:55:03 | MEDIUM (5) | WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. | 0 | 0 | NETWORK |
| CVE‑2011‑3971 | 2012‑02‑09 04:10:29 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. | 0 | 0 | NETWORK |
| CVE‑2011‑3969 | 2012‑02‑09 04:10:29 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. | 0 | 0 | NETWORK |
| CVE‑2011‑3968 | 2012‑02‑09 04:10:29 | MEDIUM (4) | Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. | 0 | 0 | NETWORK |
| CVE‑2011‑3966 | 2012‑02‑09 04:10:29 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data. | 0 | 0 | NETWORK |
| CVE‑2011‑3958 | 2012‑02‑09 04:10:29 | MEDIUM (7) | Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2011‑3928 | 2012‑01‑24 04:03:37 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling. | 0 | 0 | NETWORK |
| CVE‑2011‑3926 | 2012‑01‑24 04:03:36 | HIGH (8) | Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3924 | 2012‑01‑24 04:03:36 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections. | 0 | 0 | NETWORK |
| CVE‑2011‑3913 | 2011‑12‑13 21:55:01 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling. | 0 | 0 | NETWORK |
| CVE‑2011‑3909 | 2011‑12‑13 21:55:01 | MEDIUM (5) | The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3908 | 2011‑12‑13 21:55:01 | MEDIUM (5) | Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3897 | 2011‑11‑11 11:55:03 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing. | 0 | 0 | NETWORK |
| CVE‑2011‑3888 | 2011‑10‑25 19:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in. | 0 | 0 | NETWORK |
| CVE‑2011‑3887 | 2011‑10‑25 19:55:02 | MEDIUM (5) | Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3885 | 2011‑10‑25 19:55:02 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data. | 0 | 0 | NETWORK |
| CVE‑2011‑3881 | 2011‑10‑25 19:55:02 | MEDIUM (4) | WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. | 0 | 0 | NETWORK |
| CVE‑2011‑3845 | 2012‑03‑08 04:15:03 | HIGH (8) | Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins. | 0 | 0 | NETWORK |
| CVE‑2011‑3844 | 2012‑03‑08 04:15:03 | MEDIUM (4) | Apple Safari 5.0.5 does not properly implement the setInterval function, which allows remote attackers to spoof the address bar via a crafted web page. | 0 | 0 | NETWORK |
| CVE‑2011‑3443 | 2012‑03‑02 00:55:02 | HIGH (8) | Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors related to improper list management for Cascading Style Sheets (CSS) @font-face rules. | 0 | 0 | NETWORK |
| CVE‑2011‑3243 | 2011‑10‑14 10:55:10 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. | 0 | 0 | NETWORK |
| CVE‑2011‑3242 | 2011‑10‑14 10:55:10 | MEDIUM (5) | The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. | 0 | 0 | NETWORK |
| CVE‑2011‑3234 | 2011‑09‑19 12:02:57 | MEDIUM (5) | Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3231 | 2011‑10‑14 10:55:10 | MEDIUM (7) | The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. | 0 | 0 | NETWORK |
| CVE‑2011‑3230 | 2011‑10‑14 10:55:09 | MEDIUM (7) | Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2011‑3229 | 2011‑10‑14 10:55:09 | MEDIUM (7) | Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. | 0 | 0 | NETWORK |
| CVE‑2011‑3081 | 2012‑05‑01 10:12:04 | HIGH (9) | Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078. | 0 | 0 | NETWORK |
| CVE‑2011‑3078 | 2012‑05‑01 10:12:04 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081. | 0 | 0 | NETWORK |
| CVE‑2011‑3076 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling. | 0 | 0 | NETWORK |
| CVE‑2011‑3075 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands. | 0 | 0 | NETWORK |
| CVE‑2011‑3074 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media. | 0 | 0 | NETWORK |
| CVE‑2011‑3073 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources. | 0 | 0 | NETWORK |
| CVE‑2011‑3071 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3069 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes. | 0 | 0 | NETWORK |
| CVE‑2011‑3068 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes. | 0 | 0 | NETWORK |
| CVE‑2011‑3067 | 2012‑04‑05 22:02:08 | MEDIUM (7) | Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements. | 0 | 0 | NETWORK |
| CVE‑2011‑3064 | 2012‑03‑30 22:55:02 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping. | 0 | 0 | NETWORK |
| CVE‑2011‑3060 | 2012‑03‑30 22:55:02 | MEDIUM (7) | Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3059 | 2012‑03‑30 22:55:01 | MEDIUM (7) | Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑3056 | 2012‑03‑22 16:55:01 | MEDIUM (7) | Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe." | 0 | 0 | NETWORK |
| CVE‑2011‑3053 | 2012‑03‑22 16:55:01 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting. | 0 | 0 | NETWORK |
| CVE‑2011‑3050 | 2012‑03‑22 16:55:01 | MEDIUM (7) | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. | 0 | 0 | NETWORK |
| CVE‑2011‑3046 | 2012‑03‑09 00:55:01 | HIGH (10) | The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue. | 0 | 0 | NETWORK |
| CVE‑2011‑3044 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements. | 0 | 0 | NETWORK |
| CVE‑2011‑3043 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements. | 0 | 0 | NETWORK |
| CVE‑2011‑3042 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections. | 0 | 0 | NETWORK |
| CVE‑2011‑3041 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes. | 0 | 0 | NETWORK |
| CVE‑2011‑3040 | 2012‑03‑05 19:55:02 | MEDIUM (4) | Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2011‑3039 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling. | 0 | 0 | NETWORK |
| CVE‑2011‑3038 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling. | 0 | 0 | NETWORK |
| CVE‑2011‑3037 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2011‑3036 | 2012‑03‑05 19:55:02 | MEDIUM (7) | Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2011‑3035 | 2012‑03‑05 19:55:01 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements. | 0 | 0 | NETWORK |
| CVE‑2011‑3034 | 2012‑03‑05 19:55:01 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document. | 0 | 0 | NETWORK |
| CVE‑2011‑3032 | 2012‑03‑05 19:55:01 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values. | 0 | 0 | NETWORK |
| CVE‑2011‑3027 | 2012‑02‑16 20:55:04 | MEDIUM (4) | Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2011‑3021 | 2012‑02‑16 20:55:04 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading. | 0 | 0 | NETWORK |
| CVE‑2011‑3016 | 2012‑02‑16 20:55:03 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue. | 0 | 0 | NETWORK |
| CVE‑2011‑2877 | 2011‑10‑04 20:55:02 | MEDIUM (7) | Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font." | 0 | 0 | NETWORK |
| CVE‑2011‑2860 | 2011‑09‑19 12:02:56 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles. | 0 | 0 | NETWORK |
| CVE‑2011‑2857 | 2011‑09‑19 12:02:56 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller. | 0 | 0 | NETWORK |
| CVE‑2011‑2855 | 2011‑09‑19 12:02:56 | MEDIUM (7) | Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | 0 | 0 | NETWORK |
| CVE‑2011‑2854 | 2011‑09‑19 12:02:56 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing." | 0 | 0 | NETWORK |
| CVE‑2011‑2847 | 2011‑09‑19 12:02:56 | MEDIUM (7) | Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2011‑2846 | 2011‑09‑19 12:02:56 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling. | 0 | 0 | NETWORK |
| CVE‑2011‑2845 | 2011‑10‑25 19:55:01 | MEDIUM (4) | Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑2827 | 2011‑08‑29 15:55:02 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching. | 0 | 0 | NETWORK |
| CVE‑2011‑2825 | 2011‑08‑29 15:55:02 | HIGH (9) | Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts. | 0 | 0 | NETWORK |
| CVE‑2011‑2823 | 2011‑08‑29 15:55:02 | HIGH (8) | Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box. | 0 | 0 | NETWORK |
| CVE‑2011‑2819 | 2011‑08‑03 00:55:03 | MEDIUM (7) | Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI. | 0 | 0 | NETWORK |
| CVE‑2011‑2818 | 2011‑08‑03 00:55:03 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering. | 0 | 0 | NETWORK |
| CVE‑2011‑2805 | 2011‑08‑03 00:55:03 | MEDIUM (7) | Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑2800 | 2011‑08‑03 00:55:02 | MEDIUM (4) | Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2011‑2799 | 2011‑08‑03 00:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling. | 0 | 0 | NETWORK |
| CVE‑2011‑2797 | 2011‑08‑03 00:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching. | 0 | 0 | NETWORK |
| CVE‑2011‑2792 | 2011‑08‑03 00:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal. | 0 | 0 | NETWORK |
| CVE‑2011‑2790 | 2011‑08‑03 00:55:02 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles. | 0 | 0 | NETWORK |
| CVE‑2011‑2788 | 2011‑08‑03 00:55:02 | MEDIUM (7) | Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑2359 | 2011‑08‑03 00:55:01 | MEDIUM (7) | Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 0 | 0 | NETWORK |
| CVE‑2011‑2351 | 2011‑06‑29 17:55:04 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements. | 0 | 0 | NETWORK |
| CVE‑2011‑1797 | 2011‑07‑21 23:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑1774 | 2011‑07‑21 23:55:03 | HIGH (9) | WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425. | 0 | 0 | NETWORK |
| CVE‑2011‑1462 | 2011‑07‑21 23:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑1457 | 2011‑07‑21 23:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑1453 | 2011‑07‑21 23:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑1451 | 2011‑05‑03 22:55:02 | HIGH (8) | Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers." | 0 | 0 | NETWORK |
| CVE‑2011‑1449 | 2011‑05‑03 22:55:02 | MEDIUM (7) | Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑1440 | 2011‑05‑03 22:55:01 | MEDIUM (7) | Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences. | 0 | 0 | NETWORK |
| CVE‑2011‑1344 | 2011‑03‑10 20:55:01 | MEDIUM (7) | Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. | 0 | 0 | NETWORK |
| CVE‑2011‑1296 | 2011‑03‑25 19:55:01 | HIGH (8) | Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 0 | 0 | NETWORK |
| CVE‑2011‑1295 | 2011‑03‑25 19:55:01 | HIGH (8) | WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑1293 | 2011‑03‑25 19:55:01 | HIGH (8) | Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑1288 | 2011‑07‑21 23:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑1204 | 2011‑03‑11 02:01:20 | MEDIUM (7) | Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2011‑1203 | 2011‑03‑11 02:01:20 | HIGH (8) | Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 0 | 0 | NETWORK |
| CVE‑2011‑1190 | 2011‑03‑11 02:01:19 | MEDIUM (5) | The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." | 0 | 0 | NETWORK |
| CVE‑2011‑1188 | 2011‑03‑11 02:01:19 | HIGH (8) | Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑1121 | 2011‑03‑01 23:00:04 | HIGH (8) | Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element. | 0 | 0 | NETWORK |
| CVE‑2011‑1117 | 2011‑03‑01 23:00:03 | HIGH (8) | Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes." | 0 | 0 | NETWORK |
| CVE‑2011‑1115 | 2011‑03‑01 23:00:03 | HIGH (8) | Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 0 | 0 | NETWORK |
| CVE‑2011‑1114 | 2011‑03‑01 23:00:03 | HIGH (8) | Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | 0 | 0 | NETWORK |
| CVE‑2011‑1109 | 2011‑03‑01 23:00:03 | HIGH (8) | Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 0 | 0 | NETWORK |
| CVE‑2011‑1107 | 2011‑03‑01 23:00:03 | MEDIUM (4) | Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2011‑0983 | 2011‑02‑10 19:00:02 | HIGH (8) | Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 0 | 0 | NETWORK |
| CVE‑2011‑0981 | 2011‑02‑10 19:00:02 | HIGH (8) | Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 0 | 0 | NETWORK |
| CVE‑2011‑0255 | 2011‑07‑21 23:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0254 | 2011‑07‑21 23:55:03 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0253 | 2011‑07‑21 23:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0244 | 2011‑07‑21 23:55:02 | MEDIUM (4) | WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds. | 0 | 0 | NETWORK |
| CVE‑2011‑0242 | 2011‑07‑21 23:55:02 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username. | 0 | 0 | NETWORK |
| CVE‑2011‑0241 | 2011‑07‑21 23:55:02 | HIGH (9) | Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding. | 0 | 0 | NETWORK |
| CVE‑2011‑0240 | 2011‑07‑21 23:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0238 | 2011‑07‑21 23:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0237 | 2011‑07‑21 23:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0235 | 2011‑07‑21 23:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0234 | 2011‑07‑21 23:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0233 | 2011‑07‑21 23:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0232 | 2011‑07‑21 23:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0225 | 2011‑07‑21 23:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0223 | 2011‑07‑21 23:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0222 | 2011‑07‑21 23:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0221 | 2011‑07‑21 23:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0219 | 2011‑07‑21 23:55:02 | MEDIUM (6) | Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts. | 0 | 0 | NETWORK |
| CVE‑2011‑0218 | 2011‑07‑21 23:55:02 | HIGH (9) | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0217 | 2011‑07‑21 23:55:02 | MEDIUM (4) | Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields. | 0 | 0 | NETWORK |
| CVE‑2011‑0216 | 2011‑07‑21 23:55:02 | HIGH (9) | Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2011‑0215 | 2011‑07‑21 23:55:02 | HIGH (9) | ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file. | 0 | 0 | NETWORK |
| CVE‑2011‑0214 | 2011‑07‑21 23:55:02 | MEDIUM (5) | CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority. | 0 | 0 | NETWORK |
| CVE‑2011‑0169 | 2011‑03‑11 22:55:03 | LOW (3) | WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2011‑0167 | 2011‑03‑11 22:55:03 | MEDIUM (4) | The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2011‑0166 | 2011‑03‑11 22:55:03 | MEDIUM (6) | The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778. | 0 | 0 | NETWORK |
| CVE‑2011‑0163 | 2011‑03‑11 22:55:03 | MEDIUM (4) | WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. | 0 | 0 | NETWORK |
| CVE‑2011‑0161 | 2011‑03‑11 22:55:03 | MEDIUM (4) | WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2011‑0160 | 2011‑03‑11 22:55:03 | MEDIUM (5) | WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | 0 | 0 | NETWORK |
| CVE‑2011‑0132 | 2011‑03‑03 20:00:02 | HIGH (8) | Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | 0 | 0 | NETWORK |
| CVE‑2011‑0115 | 2011‑03‑03 20:00:02 | HIGH (8) | The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | 0 | 0 | NETWORK |
| CVE‑2010‑5070 | 2011‑12‑07 19:55:01 | MEDIUM (5) | The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073. | 0 | 0 | NETWORK |
| CVE‑2010‑4494 | 2010‑12‑07 21:00:10 | HIGH (8) | Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | 0 | 0 | NETWORK |
| CVE‑2010‑4008 | 2010‑11‑17 01:00:03 | MEDIUM (4) | libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. | 0 | 0 | NETWORK |
| CVE‑2010‑3826 | 2010‑11‑22 13:00:19 | HIGH (9) | WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2010‑3824 | 2010‑11‑22 13:00:19 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements. | 0 | 0 | NETWORK |
| CVE‑2010‑3823 | 2010‑11‑22 13:00:19 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415. | 0 | 0 | NETWORK |
| CVE‑2010‑3822 | 2010‑11‑22 13:00:19 | HIGH (9) | WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2010‑3821 | 2010‑11‑22 13:00:19 | HIGH (9) | WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2010‑3820 | 2010‑11‑22 13:00:19 | HIGH (9) | WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2010‑3819 | 2010‑11‑22 13:00:19 | HIGH (9) | WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2010‑3818 | 2010‑11‑22 13:00:19 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. | 0 | 0 | NETWORK |
| CVE‑2010‑3817 | 2010‑11‑22 13:00:19 | HIGH (9) | WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2010‑3816 | 2010‑11‑22 13:00:19 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. | 0 | 0 | NETWORK |
| CVE‑2010‑3813 | 2010‑11‑22 13:00:19 | MEDIUM (6) | The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality. | 0 | 0 | NETWORK |
| CVE‑2010‑3812 | 2010‑11‑22 13:00:19 | HIGH (9) | Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects. | 0 | 0 | NETWORK |
| CVE‑2010‑3811 | 2010‑11‑22 13:00:19 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. | 0 | 0 | NETWORK |
| CVE‑2010‑3810 | 2010‑11‑22 13:00:18 | MEDIUM (4) | WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack. | 0 | 0 | NETWORK |
| CVE‑2010‑3809 | 2010‑11‑22 13:00:18 | HIGH (9) | WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2010‑3808 | 2010‑11‑22 13:00:18 | HIGH (9) | WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2010‑3805 | 2010‑11‑22 13:00:17 | HIGH (9) | Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. | 0 | 0 | NETWORK |
| CVE‑2010‑3804 | 2010‑11‑22 13:00:17 | MEDIUM (5) | The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. | 0 | 0 | NETWORK |
| CVE‑2010‑3803 | 2010‑11‑22 13:00:17 | HIGH (9) | Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. | 0 | 0 | NETWORK |
| CVE‑2010‑3638 | 2010‑11‑07 22:00:02 | MEDIUM (4) | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors. | 0 | 0 | NETWORK |
| CVE‑2010‑3259 | 2010‑09‑07 18:00:03 | MEDIUM (4) | WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. | 0 | 0 | NETWORK |
| CVE‑2010‑3257 | 2010‑09‑07 18:00:03 | HIGH (9) | Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus. | 0 | 0 | NETWORK |
| CVE‑2010‑3116 | 2010‑08‑24 20:00:02 | HIGH (10) | Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins. | 0 | 0 | NETWORK |
| CVE‑2010‑2454 | 2010‑06‑25 19:30:02 | MEDIUM (4) | Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. | 0 | 0 | NETWORK |
| CVE‑2010‑2264 | 2010‑06‑11 19:30:24 | MEDIUM (4) | The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. | 0 | 0 | NETWORK |
| CVE‑2010‑1940 | 2010‑05‑14 20:30:02 | MEDIUM (4) | Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 0 | 0 | NETWORK |
| CVE‑2010‑1939 | 2010‑05‑13 22:30:01 | HIGH (8) | Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. | 0 | 0 | NETWORK |
| CVE‑2010‑1823 | 2010‑09‑24 19:00:04 | HIGH (9) | Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098. | 0 | 0 | NETWORK |
| CVE‑2010‑1822 | 2010‑10‑04 21:00:04 | HIGH (9) | WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document. | 3 | 6 | NETWORK |
| CVE‑2010‑1807 | 2010‑09‑10 19:00:02 | HIGH (9) | WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. | 0 | 0 | NETWORK |
| CVE‑2010‑1806 | 2010‑09‑10 19:00:02 | HIGH (9) | Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers. | 0 | 0 | NETWORK |
| CVE‑2010‑1805 | 2010‑09‑10 19:00:02 | MEDIUM (7) | Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. | 0 | 0 | LOCAL |
| CVE‑2010‑1796 | 2010‑07‑30 20:30:02 | LOW (3) | The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. | 0 | 0 | NETWORK |
| CVE‑2010‑1793 | 2010‑07‑30 20:30:02 | HIGH (9) | Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document. | 0 | 0 | NETWORK |
| CVE‑2010‑1792 | 2010‑07‑30 20:30:02 | HIGH (9) | WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression. | 0 | 0 | NETWORK |
| CVE‑2010‑1791 | 2010‑07‑30 20:30:02 | HIGH (9) | Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. | 0 | 0 | NETWORK |
| CVE‑2010‑1790 | 2010‑07‑30 20:30:02 | HIGH (9) | WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue." | 0 | 0 | NETWORK |
| CVE‑2010‑1789 | 2010‑07‑30 20:30:02 | HIGH (9) | Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. | 0 | 0 | NETWORK |
| CVE‑2010‑1788 | 2010‑07‑30 20:30:02 | HIGH (9) | WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document. | 0 | 0 | NETWORK |
| CVE‑2010‑1787 | 2010‑07‑30 20:30:02 | HIGH (9) | WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document. | 0 | 0 | NETWORK |
| CVE‑2010‑1786 | 2010‑07‑30 20:30:02 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document. | 0 | 0 | NETWORK |
| CVE‑2010‑1785 | 2010‑07‑30 20:30:02 | HIGH (9) | WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2010‑1784 | 2010‑07‑30 20:30:02 | HIGH (9) | The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 0 | 0 | NETWORK |
| CVE‑2010‑1783 | 2010‑07‑30 20:30:02 | HIGH (9) | WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 0 | 0 | NETWORK |
| CVE‑2010‑1782 | 2010‑07‑30 20:30:02 | HIGH (9) | WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element. | 0 | 0 | NETWORK |
| CVE‑2010‑1780 | 2010‑07‑30 20:30:02 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus. | 0 | 0 | NETWORK |
| CVE‑2010‑1778 | 2010‑07‑30 20:30:02 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. | 0 | 0 | NETWORK |
| CVE‑2010‑1774 | 2010‑06‑11 19:30:24 | HIGH (9) | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. | 0 | 0 | NETWORK |
| CVE‑2010‑1771 | 2010‑06‑11 19:30:24 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts. | 0 | 0 | NETWORK |
| CVE‑2010‑1770 | 2010‑06‑11 19:30:20 | HIGH (9) | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." | 0 | 0 | NETWORK |
| CVE‑2010‑1764 | 2010‑06‑11 19:30:20 | MEDIUM (4) | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data. | 0 | 0 | NETWORK |
| CVE‑2010‑1762 | 2010‑06‑11 19:30:20 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element. | 0 | 0 | NETWORK |
| CVE‑2010‑1761 | 2010‑06‑11 19:30:20 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees. | 0 | 0 | NETWORK |
| CVE‑2010‑1759 | 2010‑06‑11 19:30:16 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method. | 0 | 0 | NETWORK |
| CVE‑2010‑1758 | 2010‑06‑11 19:30:16 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects. | 0 | 0 | NETWORK |
| CVE‑2010‑1750 | 2010‑06‑11 18:00:54 | HIGH (9) | Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management. | 0 | 0 | NETWORK |
| CVE‑2010‑1749 | 2010‑06‑11 18:00:49 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times. | 0 | 0 | NETWORK |
| CVE‑2010‑1729 | 2010‑05‑06 14:53:02 | MEDIUM (4) | WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. | 0 | 0 | NETWORK |
| CVE‑2010‑1422 | 2010‑06‑11 18:00:49 | MEDIUM (4) | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document. | 0 | 0 | NETWORK |
| CVE‑2010‑1421 | 2010‑06‑11 19:30:16 | MEDIUM (4) | The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document. | 0 | 0 | NETWORK |
| CVE‑2010‑1420 | 2011‑07‑21 23:55:02 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file. | 0 | 0 | NETWORK |
| CVE‑2010‑1419 | 2010‑06‑11 19:30:16 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation. | 0 | 0 | NETWORK |
| CVE‑2010‑1418 | 2010‑06‑11 19:30:16 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces. | 0 | 0 | NETWORK |
| CVE‑2010‑1417 | 2010‑06‑11 18:00:49 | HIGH (9) | The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors. | 0 | 0 | NETWORK |
| CVE‑2010‑1416 | 2010‑06‑11 18:00:46 | MEDIUM (4) | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue." | 0 | 0 | NETWORK |
| CVE‑2010‑1415 | 2010‑06‑11 18:00:46 | HIGH (9) | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue." | 0 | 0 | NETWORK |
| CVE‑2010‑1414 | 2010‑06‑11 18:00:46 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method. | 0 | 0 | NETWORK |
| CVE‑2010‑1413 | 2010‑06‑11 18:00:41 | MEDIUM (5) | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | 0 | 0 | NETWORK |
| CVE‑2010‑1412 | 2010‑06‑11 18:00:41 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events. | 0 | 0 | NETWORK |
| CVE‑2010‑1410 | 2010‑06‑11 18:00:41 | HIGH (9) | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements. | 0 | 0 | NETWORK |
| CVE‑2010‑1409 | 2010‑06‑11 18:00:38 | MEDIUM (6) | Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port. | 0 | 0 | NETWORK |
| CVE‑2010‑1408 | 2010‑06‑11 18:00:37 | MEDIUM (4) | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099. | 0 | 0 | NETWORK |
| CVE‑2010‑1406 | 2010‑06‑11 18:00:37 | MEDIUM (4) | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660. | 0 | 0 | NETWORK |
| CVE‑2010‑1405 | 2010‑06‑11 18:00:33 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning. | 0 | 0 | NETWORK |
| CVE‑2010‑1404 | 2010‑06‑11 18:00:33 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction. | 0 | 0 | NETWORK |
| CVE‑2010‑1403 | 2010‑06‑11 18:00:33 | HIGH (9) | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction. | 0 | 0 | NETWORK |
| CVE‑2010‑1402 | 2010‑06‑11 18:00:33 | HIGH (9) | Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object. | 0 | 0 | NETWORK |
| CVE‑2010‑1401 | 2010‑06‑11 18:00:29 | HIGH (9) | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element. | 0 | 0 | NETWORK |
| CVE‑2010‑1400 | 2010‑06‑11 18:00:29 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements. | 0 | 0 | NETWORK |
| CVE‑2010‑1399 | 2010‑06‑11 18:00:29 | HIGH (9) | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. | 0 | 0 | NETWORK |
| CVE‑2010‑1398 | 2010‑06‑11 18:00:29 | HIGH (9) | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element. | 0 | 0 | NETWORK |
| CVE‑2010‑1397 | 2010‑06‑11 18:00:25 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type. | 0 | 0 | NETWORK |
| CVE‑2010‑1396 | 2010‑06‑11 18:00:25 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements. | 0 | 0 | NETWORK |
| CVE‑2010‑1395 | 2010‑06‑11 18:00:24 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue." | 0 | 0 | NETWORK |
| CVE‑2010‑1394 | 2010‑06‑11 18:00:24 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. | 0 | 0 | NETWORK |
| CVE‑2010‑1393 | 2010‑06‑11 18:00:24 | MEDIUM (4) | The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. | 0 | 0 | NETWORK |
| CVE‑2010‑1392 | 2010‑06‑11 18:00:21 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style. | 0 | 0 | NETWORK |
| CVE‑2010‑1391 | 2010‑06‑11 18:00:21 | MEDIUM (4) | Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL. | 0 | 0 | NETWORK |
| CVE‑2010‑1390 | 2010‑06‑11 18:00:21 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document. | 0 | 0 | NETWORK |
| CVE‑2010‑1389 | 2010‑06‑11 18:00:21 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection. | 0 | 0 | NETWORK |
| CVE‑2010‑1388 | 2010‑06‑11 18:00:21 | MEDIUM (4) | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document. | 0 | 0 | NETWORK |
| CVE‑2010‑1385 | 2010‑06‑11 18:00:16 | HIGH (9) | Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 0 | 0 | NETWORK |
| CVE‑2010‑1384 | 2010‑06‑11 18:00:16 | MEDIUM (4) | Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. | 0 | 0 | NETWORK |
| CVE‑2010‑1383 | 2011‑07‑21 23:55:02 | HIGH (9) | CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue. | 0 | 0 | NETWORK |
| CVE‑2010‑1180 | 2010‑03‑29 19:30:01 | HIGH (9) | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514. | 0 | 0 | NETWORK |
| CVE‑2010‑1179 | 2010‑03‑29 19:30:01 | HIGH (9) | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024. | 0 | 0 | NETWORK |
| CVE‑2010‑1178 | 2010‑03‑29 19:30:01 | MEDIUM (4) | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string. | 0 | 0 | NETWORK |
| CVE‑2010‑1177 | 2010‑03‑29 19:30:00 | HIGH (9) | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings. | 0 | 0 | NETWORK |
| CVE‑2010‑1176 | 2010‑03‑29 19:30:00 | HIGH (9) | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no associated TABLE element, and certain calls to the delete operator and the cloneNode, clearAttributes, and CollectGarbage methods, possibly a related issue to CVE-2009-0075. | 0 | 0 | NETWORK |
| CVE‑2010‑1131 | 2010‑03‑27 19:07:12 | MEDIUM (4) | JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring. | 0 | 0 | NETWORK |
| CVE‑2010‑1120 | 2010‑03‑25 21:00:01 | HIGH (10) | Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010. | 0 | 0 | NETWORK |
| CVE‑2010‑1119 | 2010‑03‑25 21:00:01 | HIGH (10) | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. | 0 | 0 | NETWORK |
| CVE‑2010‑1099 | 2010‑03‑24 22:45:16 | MEDIUM (5) | Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. | 0 | 0 | NETWORK |
| CVE‑2010‑1029 | 2010‑03‑19 21:30:00 | MEDIUM (5) | Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. | 0 | 0 | NETWORK |
| CVE‑2010‑0925 | 2010‑03‑03 19:30:01 | MEDIUM (5) | cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element. | 0 | 0 | NETWORK |
| CVE‑2010‑0924 | 2010‑03‑03 19:30:01 | MEDIUM (5) | cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element. | 0 | 0 | NETWORK |
| CVE‑2010‑0651 | 2010‑02‑18 18:00:01 | MEDIUM (4) | WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. | 0 | 0 | NETWORK |
| CVE‑2010‑0650 | 2010‑02‑18 18:00:01 | LOW (3) | WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. | 0 | 0 | NETWORK |
| CVE‑2010‑0544 | 2010‑06‑11 19:30:12 | MEDIUM (4) | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL. | 0 | 0 | NETWORK |
| CVE‑2010‑0314 | 2010‑01‑14 19:30:01 | MEDIUM (5) | Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value. | 0 | 0 | NETWORK |
| CVE‑2010‑0054 | 2010‑03‑15 14:15:32 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements. | 0 | 0 | NETWORK |
| CVE‑2010‑0053 | 2010‑03‑15 14:15:32 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property. | 0 | 0 | NETWORK |
| CVE‑2010‑0052 | 2010‑03‑15 14:15:32 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." | 0 | 0 | NETWORK |
| CVE‑2010‑0051 | 2010‑03‑15 14:15:32 | MEDIUM (4) | WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. | 0 | 0 | NETWORK |
| CVE‑2010‑0050 | 2010‑03‑15 14:15:32 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. | 3 | 6 | NETWORK |
| CVE‑2010‑0049 | 2010‑03‑15 14:15:32 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality. | 0 | 0 | NETWORK |
| CVE‑2010‑0048 | 2010‑03‑15 13:28:26 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. | 3 | 6 | NETWORK |
| CVE‑2010‑0047 | 2010‑03‑15 13:28:26 | HIGH (9) | Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content." | 3 | 6 | NETWORK |
| CVE‑2010‑0046 | 2010‑03‑15 13:28:26 | HIGH (9) | The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. | 0 | 0 | NETWORK |
| CVE‑2010‑0045 | 2010‑03‑15 13:28:25 | HIGH (9) | Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. | 0 | 0 | NETWORK |
| CVE‑2010‑0044 | 2010‑03‑15 13:28:25 | MEDIUM (4) | PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. | 0 | 0 | NETWORK |
| CVE‑2010‑0043 | 2010‑03‑15 13:28:25 | HIGH (9) | ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. | 0 | 0 | NETWORK |
| CVE‑2010‑0042 | 2010‑03‑15 13:28:25 | MEDIUM (4) | ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. | 0 | 0 | NETWORK |
| CVE‑2010‑0041 | 2010‑03‑15 13:28:25 | MEDIUM (4) | ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. | 0 | 0 | NETWORK |
| CVE‑2010‑0040 | 2010‑03‑15 13:28:25 | HIGH (9) | Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. | 0 | 0 | NETWORK |
View OS-specific patching for:
Windows Mac Linux
Logos, products, trade names, and company names are all the property of their respective trademark holders.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.