Apple

Safari

1536 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-3660

  • EPSS 0.32%
  • Published 03.07.2015 01:59:19
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content.

6.8

CVE-2015-3659

  • EPSS 1.11%
  • Published 03.07.2015 01:59:18
  • Last modified 12.04.2025 10:46:40

The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows re...

6.8

CVE-2015-3658

  • EPSS 0.27%
  • Published 03.07.2015 01:59:17
  • Last modified 12.04.2025 10:46:40

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, w...

4.3

CVE-2015-4000

  • EPSS 94.03%
  • Published 21.05.2015 00:59:00
  • Last modified 12.04.2025 10:46:40

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie...

4.3

CVE-2015-1156

  • EPSS 0.63%
  • Published 08.05.2015 00:59:04
  • Last modified 12.04.2025 10:46:40

The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a ...

4.3

CVE-2015-1155

  • EPSS 63.16%
  • Published 08.05.2015 00:59:03
  • Last modified 12.04.2025 10:46:40

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

6.8

CVE-2015-1154

  • EPSS 1.16%
  • Published 08.05.2015 00:59:02
  • Last modified 12.04.2025 10:46:40

WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnera...

6.8

CVE-2015-1153

  • EPSS 0.89%
  • Published 08.05.2015 00:59:01
  • Last modified 12.04.2025 10:46:40

WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnera...

6.8

CVE-2015-1152

  • EPSS 0.99%
  • Published 08.05.2015 00:59:00
  • Last modified 12.04.2025 10:46:40

WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnera...

4.3

CVE-2015-1129

  • EPSS 0.23%
  • Published 10.04.2015 14:59:42
  • Last modified 12.04.2025 10:46:40

Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.