Safari@7.0.1 Security Vulnerabilities and Issues — Page 2 of Safari@7.0.1 CVE List

Lucene search

AppleSafari7.0.1

103 matches found

CVE•added 2014/05/22 7:55 p.m.•52 views

CVE-2014-1346

WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.

5CVSS6.2AI score0.00615EPSS

CVE•added 2014/07/01 10:17 a.m.•52 views

CVE-2014-1363

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...

6.8CVSS7.8AI score0.01171EPSS

CVE•added 2014/12/10 9:59 p.m.•52 views

CVE-2014-4469

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

6.8CVSS7.8AI score0.00843EPSS

CVE•added 2015/03/18 10:59 p.m.•52 views

CVE-2015-1072

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.00787EPSS

CVE•added 2015/04/10 2:59 p.m.•52 views

CVE-2015-1124

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerabi...

6.8CVSS8.9AI score0.00913EPSS

CVE•added 2014/04/02 4:17 p.m.•51 views

CVE-2014-1298

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8CVSS7.8AI score0.01557EPSS

CVE•added 2014/04/02 4:17 p.m.•51 views

CVE-2014-1305

6.8CVSS7.8AI score0.01557EPSS

CVE•added 2014/05/22 7:55 p.m.•51 views

CVE-2014-1330

WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.

6.8CVSS7.9AI score0.01344EPSS

CVE•added 2014/07/01 10:17 a.m.•51 views

CVE-2014-1340

WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1.

6.8CVSS7.9AI score0.01057EPSS

CVE•added 2014/07/01 10:17 a.m.•51 views

CVE-2014-1362

6.8CVSS7.8AI score0.01171EPSS

CVE•added 2014/07/01 10:17 a.m.•51 views

CVE-2014-1364

6.8CVSS7.8AI score0.01171EPSS

CVE•added 2014/07/01 10:17 a.m.•51 views

CVE-2014-1366

6.8CVSS7.8AI score0.01171EPSS

CVE•added 2014/08/14 11:15 a.m.•51 views

CVE-2014-1385

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.

6.8CVSS7.9AI score0.01645EPSS

CVE•added 2014/08/14 11:15 a.m.•51 views

CVE-2014-1387

6.8CVSS7.9AI score0.01645EPSS

CVE•added 2014/08/14 11:15 a.m.•51 views

CVE-2014-1390

6.8CVSS7.9AI score0.0086EPSS

CVE•added 2014/12/10 9:59 p.m.•51 views

CVE-2014-4472

6.8CVSS7.8AI score0.00843EPSS

CVE•added 2015/03/18 10:59 p.m.•51 views

CVE-2015-1080

6.8CVSS7.8AI score0.00913EPSS

CVE•added 2014/04/02 4:17 p.m.•50 views

CVE-2014-1302

6.8CVSS7.8AI score0.01795EPSS

CVE•added 2015/05/08 12:59 a.m.•50 views

CVE-2015-1156

The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via ...

4.3CVSS7.7AI score0.00627EPSS

CVE•added 2015/03/18 10:59 p.m.•49 views

CVE-2015-1068

6.8CVSS8.8AI score0.00853EPSS

CVE•added 2015/07/03 1:59 a.m.•49 views

CVE-2015-3660

Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content.

4.3CVSS6.6AI score0.0032EPSS

CVE•added 2014/04/02 4:17 p.m.•48 views

CVE-2014-1297

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access.

5CVSS6.3AI score0.00184EPSS

CVE•added 2014/04/02 4:17 p.m.•48 views

CVE-2014-1310

6.8CVSS7.8AI score0.01795EPSS

CVE•added 2014/05/22 7:55 p.m.•48 views

CVE-2014-1331

6.8CVSS7.9AI score0.01344EPSS

CVE•added 2014/07/01 10:17 a.m.•48 views

CVE-2014-1365

6.8CVSS7.8AI score0.01171EPSS

CVE•added 2015/03/18 10:59 p.m.•48 views

CVE-2015-1073

6.8CVSS8.8AI score0.00787EPSS

CVE•added 2014/07/01 10:17 a.m.•47 views

CVE-2014-1325

6.8CVSS7.8AI score0.01171EPSS

CVE•added 2014/05/22 7:55 p.m.•47 views

CVE-2014-1342

6.8CVSS7.9AI score0.01344EPSS

CVE•added 2014/04/02 4:17 p.m.•46 views

CVE-2014-1311

6.8CVSS7.8AI score0.01557EPSS

CVE•added 2014/05/22 7:55 p.m.•46 views

CVE-2014-1334

6.8CVSS7.9AI score0.01344EPSS

CVE•added 2014/07/01 10:17 a.m.•46 views

CVE-2014-1345

WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.

4.3CVSS5.7AI score0.00467EPSS

CVE•added 2014/07/01 10:17 a.m.•46 views

CVE-2014-1367

6.8CVSS7.8AI score0.01171EPSS

CVE•added 2015/03/18 10:59 p.m.•46 views

CVE-2015-1084

The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.

5CVSS6AI score0.00434EPSS

CVE•added 2015/04/10 2:59 p.m.•46 views

CVE-2015-1129

Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.

4.3CVSS6.1AI score0.00227EPSS

CVE•added 2014/04/02 4:17 p.m.•45 views

CVE-2014-1301

6.8CVSS7.9AI score0.01307EPSS

CVE•added 2014/04/02 4:17 p.m.•45 views

CVE-2014-1307

6.8CVSS7.8AI score0.01557EPSS

CVE•added 2014/04/02 4:17 p.m.•45 views

CVE-2014-1312

6.8CVSS7.8AI score0.01795EPSS

CVE•added 2014/05/22 7:55 p.m.•45 views

CVE-2014-1336

6.8CVSS7.9AI score0.00944EPSS

CVE•added 2014/05/22 7:55 p.m.•45 views

CVE-2014-1339

6.8CVSS7.9AI score0.01344EPSS

CVE•added 2014/05/22 7:55 p.m.•45 views

CVE-2014-1341

6.8CVSS7.9AI score0.01344EPSS

CVE•added 2014/07/01 10:17 a.m.•45 views

CVE-2014-1369

WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site.

4.3CVSS6.2AI score0.00542EPSS

CVE•added 2014/05/22 7:55 p.m.•44 views

CVE-2014-1337

6.8CVSS7.9AI score0.01344EPSS

CVE•added 2014/07/01 10:17 a.m.•44 views

CVE-2014-1368

6.8CVSS7.8AI score0.01171EPSS

CVE•added 2015/04/10 2:59 p.m.•44 views

CVE-2015-1126

WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.

4.3CVSS7.5AI score0.65446EPSS

CVE•added 2014/05/22 7:55 p.m.•43 views

CVE-2014-1343

6.8CVSS7.9AI score0.00944EPSS

CVE•added 2014/04/02 4:17 p.m.•42 views

CVE-2014-1304

6.8CVSS7.8AI score0.01557EPSS

CVE•added 2014/05/22 7:55 p.m.•42 views

CVE-2014-1323

6.8CVSS7.9AI score0.01344EPSS

CVE•added 2014/05/22 7:55 p.m.•42 views

CVE-2014-1335

6.8CVSS7.9AI score0.01344EPSS

CVE•added 2015/04/10 2:59 p.m.•42 views

CVE-2015-1112

Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.

5CVSS5AI score0.00336EPSS

CVE•added 2014/05/22 7:55 p.m.•41 views

CVE-2014-1324

6.8CVSS7.9AI score0.0148EPSS

Total number of security vulnerabilities103