Vulnerabilities > Apple > Safari > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-03-24 CVE-2016-1781 Data Processing Errors vulnerability in Apple Iphone OS
WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.
network
low complexity
apple CWE-19
4.3
2016-03-24 CVE-2016-1779 Information Exposure vulnerability in Apple Iphone OS
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.
network
low complexity
apple CWE-200
6.5
2016-03-24 CVE-2016-1772 Information Exposure vulnerability in Apple Safari
The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors.
network
low complexity
apple CWE-200
4.3
2016-03-24 CVE-2016-1771 Data Processing Errors vulnerability in Apple Safari
The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site.
network
low complexity
apple CWE-19
6.5
2016-03-24 CVE-2009-2197 Data Processing Errors vulnerability in Apple Safari
Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.
network
low complexity
apple CWE-19
4.3
2016-02-01 CVE-2016-1728 Information Exposure vulnerability in Apple Safari
The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site.
network
low complexity
apple CWE-200
4.3
2010-06-30 CVE-2010-2249 Memory Leak vulnerability in multiple products
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
6.5
2009-08-11 CVE-2009-2416 Use After Free vulnerability in multiple products
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
6.5
2008-08-27 CVE-2008-3281 XML Entity Expansion vulnerability in multiple products
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
6.5