Vulnerabilities > Apple > Safari > Low

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2024-23211 Unspecified vulnerability in Apple products
A privacy issue was addressed with improved handling of user preferences.
local
low complexity
apple
3.3
2020-10-16 CVE-2020-9912 Unspecified vulnerability in Apple Safari
A logic issue was addressed with improved restrictions.
local
low complexity
apple
2.1
2020-04-01 CVE-2020-3894 Race Condition vulnerability in Apple products
A race condition was addressed with additional validation.
network
high complexity
apple CWE-362
2.6
2017-07-20 CVE-2017-7006 Information Exposure Through Discrepancy vulnerability in Apple products
An issue was discovered in certain Apple products.
network
high complexity
apple CWE-203
2.6
2017-04-02 CVE-2017-2385 Information Exposure vulnerability in Apple Safari
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-200
2.1
2017-02-20 CVE-2016-7650 Cross-site Scripting vulnerability in Apple Iphone OS and Safari
An issue was discovered in certain Apple products.
network
high complexity
apple CWE-79
2.6
2016-07-22 CVE-2016-4583 Race Condition vulnerability in multiple products
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.
network
high complexity
apple webkitgtk CWE-362
2.6
2016-05-20 CVE-2016-1849 Information Exposure vulnerability in Apple Iphone OS and Safari
The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.
local
low complexity
apple CWE-200
2.1
2015-08-17 CVE-2015-5748 Code vulnerability in Apple Iphone OS, mac OS X and Safari
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
local
low complexity
apple CWE-17
2.1
2015-05-21 CVE-2015-4000 Cryptographic Issues vulnerability in multiple products
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
3.7