CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Safari » 7.0 : Security Vulnerabilities

Cpe Name:cpe:/a:apple:safari:7.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-3727 264 2015-07-02 2015-07-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.
2 CVE-2015-3660 79 XSS 2015-07-02 2015-07-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content.
3 CVE-2015-3659 264 DoS Exec Code 2015-07-02 2015-07-07
6.8
None Remote Medium Not required Partial Partial Partial
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
4 CVE-2015-3658 254 Bypass CSRF 2015-07-02 2015-07-07
6.8
None Remote Medium Not required Partial Partial Partial
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.
5 CVE-2015-1156 264 Bypass 2015-05-07 2015-07-13
4.3
None Remote Medium Not required None Partial None
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site.
6 CVE-2015-1155 264 Bypass 2015-05-07 2015-07-13
4.3
None Remote Medium Not required Partial None None
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.
7 CVE-2015-1154 DoS Exec Code Mem. Corr. 2015-05-07 2015-07-13
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153.
8 CVE-2015-1153 DoS Exec Code Mem. Corr. 2015-05-07 2015-07-13
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.
9 CVE-2015-1152 DoS Exec Code Mem. Corr. 2015-05-07 2015-07-13
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.
10 CVE-2015-1129 310 2015-04-10 2015-04-14
4.3
None Remote Medium Not required Partial None None
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.
11 CVE-2015-1128 200 +Info 2015-04-10 2015-04-14
5.0
None Remote Low Not required Partial None None
The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests.
12 CVE-2015-1127 200 +Info 2015-04-10 2015-04-14
2.1
None Local Low Not required Partial None None
The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.
13 CVE-2015-1126 20 2015-04-10 2015-04-14
4.3
None Remote Medium Not required Partial None None
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
14 CVE-2015-1124 DoS Exec Code Mem. Corr. 2015-04-10 2015-07-13
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
15 CVE-2015-1122 DoS Exec Code Mem. Corr. 2015-04-10 2015-07-13
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
16 CVE-2015-1121 DoS Exec Code Mem. Corr. 2015-04-10 2015-07-13
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
17 CVE-2015-1120 DoS Exec Code Mem. Corr. 2015-04-10 2015-07-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
18 CVE-2015-1119 DoS Exec Code Mem. Corr. 2015-04-10 2015-07-22
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
19 CVE-2015-1112 200 +Info 2015-04-10 2015-04-14
5.0
None Remote Low Not required Partial None None
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.
20 CVE-2015-1084 17 2015-03-18 2015-04-13
5.0
None Remote Low Not required None Partial None
The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.
21 CVE-2015-1083 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-14
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
22 CVE-2015-1082 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
23 CVE-2015-1081 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
24 CVE-2015-1080 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
25 CVE-2015-1079 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
26 CVE-2015-1078 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
27 CVE-2015-1077 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
28 CVE-2015-1076 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
29 CVE-2015-1075 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
30 CVE-2015-1074 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
31 CVE-2015-1073 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
32 CVE-2015-1072 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
33 CVE-2015-1071 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
34 CVE-2015-1070 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
35 CVE-2015-1069 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
36 CVE-2015-1068 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
37 CVE-2014-4479 119 DoS Exec Code Overflow Mem. Corr. 2015-01-30 2015-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477.
38 CVE-2014-4477 119 DoS Exec Code Overflow Mem. Corr. 2015-01-30 2015-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.
39 CVE-2014-4476 119 DoS Exec Code Overflow Mem. Corr. 2015-01-30 2015-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.
40 CVE-2014-4475 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
41 CVE-2014-4474 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
42 CVE-2014-4473 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
43 CVE-2014-4472 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
44 CVE-2014-4471 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
45 CVE-2014-4470 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
46 CVE-2014-4469 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
47 CVE-2014-4468 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
48 CVE-2014-4466 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-07-24
7.5
None Remote Low Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
49 CVE-2014-1390 119 DoS Exec Code Overflow Mem. Corr. 2014-08-14 2014-08-14
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
50 CVE-2014-1389 119 DoS Exec Code Overflow Mem. Corr. 2014-08-14 2014-09-19
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
Total number of vulnerabilities : 111   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.