Vulnerabilities > Apple > Safari > 2.0

DATE CVE VULNERABILITY TITLE RISK
2015-09-18 CVE-2015-5765 Improper Input Validation vulnerability in Apple Iphone OS and Safari
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.
network
apple CWE-20
4.3
2015-09-18 CVE-2015-5764 Improper Input Validation vulnerability in Apple Iphone OS and Safari
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767.
network
apple CWE-20
4.3
2015-09-18 CVE-2015-3801 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Safari
The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.
network
low complexity
apple CWE-264
5.0
2015-08-17 CVE-2015-5748 Code vulnerability in Apple Iphone OS, mac OS X and Safari
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
local
low complexity
apple CWE-17
2.1
2015-07-03 CVE-2015-3727 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Safari
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.
network
apple CWE-264
6.8
2015-07-03 CVE-2015-3660 Cross-site Scripting vulnerability in Apple Safari
Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content.
network
apple CWE-79
4.3
2015-07-03 CVE-2015-3659 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Safari
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
network
apple CWE-264
6.8
2015-07-03 CVE-2015-3658 7PK - Security Features vulnerability in Apple Iphone OS, mac OS X and Safari
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.
network
apple CWE-254
6.8
2015-05-08 CVE-2015-1156 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Safari
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site.
network
apple CWE-264
4.3
2015-05-08 CVE-2015-1155 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Safari
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.
network
apple CWE-264
4.3