Filtered by vendor Apple
Subscriptions
Filtered by product Safari
Subscriptions
Total
1510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44206 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | 5.4 Medium |
| An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions. | ||||
| CVE-2023-42872 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | 5.5 Medium |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data. | ||||
| CVE-2023-42866 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. | ||||
| CVE-2023-40385 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | 6.5 Medium |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on. | ||||
| CVE-2023-32445 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | 6.1 Medium |
| This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack. | ||||
| CVE-2022-48503 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | 8.8 High |
| The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution. | ||||
| CVE-2022-46705 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | 4.3 Medium |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. | ||||
| CVE-2022-46696 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | 8.8 High |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-46689 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | 7.0 High |
| A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-42824 | 4 Apple, Debian, Fedoraproject and 1 more | 9 Ipados, Iphone Os, Macos and 6 more | 2024-11-21 | 5.5 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information. | ||||
| CVE-2022-42823 | 4 Apple, Debian, Fedoraproject and 1 more | 9 Ipados, Iphone Os, Macos and 6 more | 2024-11-21 | 8.8 High |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-42799 | 4 Apple, Debian, Fedoraproject and 1 more | 9 Ipados, Iphone Os, Macos and 6 more | 2024-11-21 | 6.1 Medium |
| The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. | ||||
| CVE-2022-3970 | 5 Apple, Debian, Libtiff and 2 more | 8 Ipados, Iphone Os, Macos and 5 more | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. | ||||
| CVE-2022-32923 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | 6.5 Medium |
| A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. | ||||
| CVE-2022-32922 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-32912 | 1 Apple | 3 Ipados, Iphone Os, Safari | 2024-11-21 | 8.8 High |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-32892 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | 8.6 High |
| An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions. | ||||
| CVE-2022-32868 | 1 Apple | 3 Ipados, Iphone Os, Safari | 2024-11-21 | 4.3 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions. | ||||
| CVE-2022-32863 | 1 Apple | 2 Macos, Safari | 2024-11-21 | 9.8 Critical |
| A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-32861 | 1 Apple | 2 Macos, Safari | 2024-11-21 | 5.3 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address. | ||||