Apple Safari vulnerabilities
1,592 known vulnerabilities affecting apple/safari.
Total CVEs
1,592
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1
Vulnerabilities
Page 52 of 80
CVE-2014-4363MEDIUMCVSS 5.0≥ 6.0, ≤ 6.1.5≥ 7.0, ≤ 7.0.52014-09-18
CVE-2014-4363 [MEDIUM] CWE-255 CVE-2014-4363: Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element.
nvd
CVE-2014-1387MEDIUMCVSS 6.8≤ 6.1.5v6.0+16 more2014-08-14
CVE-2014-1387 [MEDIUM] CWE-119 CVE-2014-1387: WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
nvd
CVE-2014-1388MEDIUMCVSS 6.8v7.0v7.0.1+16 more2014-08-14
CVE-2014-1388 [MEDIUM] CWE-119 CVE-2014-1388: WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
nvd
CVE-2014-1386MEDIUMCVSS 6.8v7.0v7.0.1+16 more2014-08-14
CVE-2014-1386 [MEDIUM] CWE-119 CVE-2014-1386: WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
nvd
CVE-2014-1389MEDIUMCVSS 6.8≤ 6.1.5v6.0+16 more2014-08-14
CVE-2014-1389 [MEDIUM] CWE-119 CVE-2014-1389: WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
nvd
CVE-2014-1390MEDIUMCVSS 6.8v7.0v7.0.1+16 more2014-08-14
CVE-2014-1390 [MEDIUM] CWE-119 CVE-2014-1390: WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
nvd
CVE-2014-1384MEDIUMCVSS 6.8≤ 6.1.5v6.0+16 more2014-08-14
CVE-2014-1384 [MEDIUM] CWE-119 CVE-2014-1384: WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
nvd
CVE-2014-1385MEDIUMCVSS 6.8≤ 6.1.5v6.0+16 more2014-08-14
CVE-2014-1385 [MEDIUM] CWE-119 CVE-2014-1385: WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
nvd
CVE-2014-1382MEDIUMCVSS 6.8v7.0v7.0.1+14 more2014-07-01
CVE-2014-1382 [MEDIUM] CWE-119 CVE-2014-1382: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA
nvd
CVE-2014-1369MEDIUMCVSS 4.3≤ 6.1.4v6.0+14 more2014-07-01
CVE-2014-1369 [MEDIUM] CWE-20 CVE-2014-1369: WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to ac
WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site.
nvd
CVE-2014-1340MEDIUMCVSS 6.8v7.0v7.0.1+14 more2014-07-01
CVE-2014-1340 [MEDIUM] CWE-119 CVE-2014-1340: WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1.
nvd
CVE-2014-1368MEDIUMCVSS 6.8v7.0v7.0.1+14 more2014-07-01
CVE-2014-1368 [MEDIUM] CWE-119 CVE-2014-1368: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA
nvd
CVE-2014-1363MEDIUMCVSS 6.8≤ 6.1.4v6.0+14 more2014-07-01
CVE-2014-1363 [MEDIUM] CWE-119 CVE-2014-1363: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA
nvd
CVE-2014-1367MEDIUMCVSS 6.8v7.0v7.0.1+14 more2014-07-01
CVE-2014-1367 [MEDIUM] CWE-119 CVE-2014-1367: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA
nvd
CVE-2014-1365MEDIUMCVSS 6.8v7.0v7.0.1+14 more2014-07-01
CVE-2014-1365 [MEDIUM] CWE-119 CVE-2014-1365: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA
nvd
CVE-2014-1362MEDIUMCVSS 6.8v7.0v7.0.1+14 more2014-07-01
CVE-2014-1362 [MEDIUM] CWE-119 CVE-2014-1362: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA
nvd
CVE-2014-1364MEDIUMCVSS 6.8v7.0v7.0.1+14 more2014-07-01
CVE-2014-1364 [MEDIUM] CWE-119 CVE-2014-1364: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA
nvd
CVE-2014-1325MEDIUMCVSS 6.8v7.0v7.0.1+14 more2014-07-01
CVE-2014-1325 [MEDIUM] CWE-119 CVE-2014-1325: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA
nvd
CVE-2014-1345MEDIUMCVSS 4.3≤ 6.1.4v6.0+14 more2014-07-01
CVE-2014-1345 [MEDIUM] CVE-2014-1345: WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properl
WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.
nvd
CVE-2014-1366MEDIUMCVSS 6.8v7.0v7.0.1+14 more2014-07-01
CVE-2014-1366 [MEDIUM] CWE-119 CVE-2014-1366: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA
nvd