Total
1459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8674 | 2 Apple, Webkitgtk | 3 Iphone Os, Safari, Webkitgtk | 2022-10-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2022-22637 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2022-09-28 | N/A | 8.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior. | |||||
| CVE-2022-22628 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2022-09-28 | N/A | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-22624 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2022-09-28 | N/A | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-22629 | 1 Apple | 7 Ipados, Iphone Os, Itunes and 4 more | 2022-09-27 | N/A | 8.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-32861 | 1 Apple | 2 Macos, Safari | 2022-09-22 | N/A | 5.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address. | |||||
| CVE-2022-22592 | 1 Apple | 6 Ipados, Iphone, Macos and 3 more | 2022-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | |||||
| CVE-2022-22590 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2022-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2011-1344 | 1 Apple | 5 Ipad, Iphone, Iphone Os and 2 more | 2022-08-09 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. | |||||
| CVE-2009-2199 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2022-08-09 | 5.8 MEDIUM | N/A |
| Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. | |||||
| CVE-2009-1725 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2022-08-09 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
| CVE-2009-1724 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2022-08-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. | |||||
| CVE-2009-1702 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2022-08-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects. | |||||
| CVE-2009-1701 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2022-08-09 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute. | |||||
| CVE-2009-1700 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2022-08-09 | 4.3 MEDIUM | N/A |
| The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. | |||||
| CVE-2009-1698 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2022-08-09 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
| CVE-2009-1692 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2022-08-09 | 7.1 HIGH | N/A |
| WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object. | |||||
| CVE-2008-4233 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2022-08-09 | 2.6 LOW | N/A |
| Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document. | |||||
| CVE-2008-4232 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2022-08-09 | 5.0 MEDIUM | N/A |
| Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. | |||||
| CVE-2008-4231 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2022-08-09 | 9.3 HIGH | N/A |
| Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||