Safari@7.1.1 Security Vulnerabilities and Issues — Safari@7.1.1 CVE List

Lucene search

AppleSafari7.1.1

39 matches found

CVE•added 2015/05/08 12:59 a.m.•80 views

CVE-2015-1152

WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.

6.8CVSS8.8AI score0.01171EPSS

CVE•added 2015/03/18 10:59 p.m.•73 views

CVE-2015-1069

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.00872EPSS

CVE•added 2015/03/18 10:59 p.m.•71 views

CVE-2015-1071

6.8CVSS8.8AI score0.00805EPSS

CVE•added 2015/05/08 12:59 a.m.•70 views

CVE-2015-1153

6.8CVSS8.8AI score0.01171EPSS

CVE•added 2015/04/10 2:59 p.m.•67 views

CVE-2015-1120

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerabi...

6.8CVSS8.9AI score0.00781EPSS

CVE•added 2015/05/08 12:59 a.m.•66 views

CVE-2015-1154

6.8CVSS8.8AI score0.01171EPSS

CVE•added 2015/01/30 11:59 a.m.•65 views

CVE-2014-4477

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulne...

6.8CVSS5.3AI score0.00913EPSS

CVE•added 2015/03/18 10:59 p.m.•65 views

CVE-2015-1077

6.8CVSS8.8AI score0.00913EPSS

CVE•added 2015/01/30 11:59 a.m.•63 views

CVE-2014-4476

6.8CVSS5.3AI score0.00913EPSS

CVE•added 2015/03/18 10:59 p.m.•62 views

CVE-2015-1075

6.8CVSS8.8AI score0.01021EPSS

CVE•added 2015/07/03 1:59 a.m.•61 views

CVE-2015-3658

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypa...

6.8CVSS7.6AI score0.00273EPSS

CVE•added 2015/01/30 11:59 a.m.•60 views

CVE-2014-4479

6.8CVSS5.3AI score0.00913EPSS

CVE•added 2015/03/18 10:59 p.m.•59 views

CVE-2015-1074

6.8CVSS7.8AI score0.00787EPSS

CVE•added 2015/03/18 10:59 p.m.•59 views

CVE-2015-1078

6.8CVSS7.8AI score0.00913EPSS

CVE•added 2015/03/18 10:59 p.m.•59 views

CVE-2015-1083

6.8CVSS7.8AI score0.00861EPSS

CVE•added 2015/04/10 2:59 p.m.•59 views

CVE-2015-1127

The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.

2.1CVSS7.3AI score0.00062EPSS

CVE•added 2015/03/18 10:59 p.m.•58 views

CVE-2015-1076

6.8CVSS8.8AI score0.00805EPSS

CVE•added 2015/05/08 12:59 a.m.•58 views

CVE-2015-1155

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

4.3CVSS7.7AI score0.5513EPSS

CVE•added 2015/03/18 10:59 p.m.•56 views

CVE-2015-1079

6.8CVSS7.8AI score0.00843EPSS

CVE•added 2015/07/03 1:59 a.m.•56 views

CVE-2015-3659

The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause...

6.8CVSS8.8AI score0.01109EPSS

CVE•added 2015/03/18 10:59 p.m.•55 views

CVE-2015-1082

6.8CVSS8.8AI score0.00913EPSS

CVE•added 2015/04/10 2:59 p.m.•55 views

CVE-2015-1121

6.8CVSS8.9AI score0.00843EPSS

CVE•added 2015/03/18 10:59 p.m.•54 views

CVE-2015-1081

6.8CVSS8.8AI score0.00861EPSS

CVE•added 2015/04/10 2:59 p.m.•54 views

CVE-2015-1119

6.8CVSS8.9AI score0.00913EPSS

CVE•added 2015/04/10 2:59 p.m.•54 views

CVE-2015-1122

6.8CVSS8.9AI score0.00836EPSS

CVE•added 2015/07/03 2:0 a.m.•54 views

CVE-2015-3727

WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.

6.8CVSS7.6AI score0.00942EPSS

CVE•added 2015/03/18 10:59 p.m.•53 views

CVE-2015-1070

6.8CVSS8.8AI score0.00787EPSS

CVE•added 2015/03/18 10:59 p.m.•52 views

CVE-2015-1072

6.8CVSS8.8AI score0.00787EPSS

CVE•added 2015/04/10 2:59 p.m.•52 views

CVE-2015-1124

6.8CVSS8.9AI score0.00913EPSS

CVE•added 2015/03/18 10:59 p.m.•51 views

CVE-2015-1080

6.8CVSS7.8AI score0.00913EPSS

CVE•added 2015/05/08 12:59 a.m.•50 views

CVE-2015-1156

The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via ...

4.3CVSS7.7AI score0.00627EPSS

CVE•added 2015/03/18 10:59 p.m.•49 views

CVE-2015-1068

6.8CVSS8.8AI score0.00853EPSS

CVE•added 2015/07/03 1:59 a.m.•49 views

CVE-2015-3660

Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content.

4.3CVSS6.6AI score0.0032EPSS

CVE•added 2015/03/18 10:59 p.m.•48 views

CVE-2015-1073

6.8CVSS8.8AI score0.00787EPSS

CVE•added 2015/03/18 10:59 p.m.•46 views

CVE-2015-1084

The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.

5CVSS6AI score0.00434EPSS

CVE•added 2015/04/10 2:59 p.m.•46 views

CVE-2015-1129

Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.

4.3CVSS6.1AI score0.00227EPSS

CVE•added 2015/04/10 2:59 p.m.•44 views

CVE-2015-1126

WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.

4.3CVSS7.5AI score0.65446EPSS

CVE•added 2015/04/10 2:59 p.m.•42 views

CVE-2015-1112

Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.

5CVSS5AI score0.00336EPSS

CVE•added 2015/04/10 2:59 p.m.•39 views

CVE-2015-1128

The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests.

5CVSS5.3AI score0.00297EPSS