Apple Safari vulnerabilities
1,592 known vulnerabilities affecting apple/safari.
Total CVEs
1,592
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1
Vulnerabilities
Page 54 of 80
CVE-2014-1307MEDIUMCVSS 6.8≤ 6.1.2v6.0+10 more2014-04-02
CVE-2014-1307 [MEDIUM] CWE-119 CVE-2014-1307: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
nvd
CVE-2014-1297MEDIUMCVSS 5.0≤ 6.1.2v6.0+10 more2014-04-02
CVE-2014-1297 [MEDIUM] CWE-20 CVE-2014-1297: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebPro
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access.
nvd
CVE-2014-1298MEDIUMCVSS 6.8≤ 6.1.2v6.0+10 more2014-04-02
CVE-2014-1298 [MEDIUM] CWE-119 CVE-2014-1298: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
nvd
CVE-2014-1299MEDIUMCVSS 6.8≤ 6.1.2v6.0+10 more2014-04-02
CVE-2014-1299 [MEDIUM] CWE-119 CVE-2014-1299: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
nvd
CVE-2014-1312MEDIUMCVSS 6.8≤ 6.1.2v6.0+10 more2014-04-02
CVE-2014-1312 [MEDIUM] CWE-119 CVE-2014-1312: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
nvd
CVE-2014-1313MEDIUMCVSS 6.8≤ 6.1.2v6.0+10 more2014-04-02
CVE-2014-1313 [MEDIUM] CWE-119 CVE-2014-1313: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
nvd
CVE-2014-1304MEDIUMCVSS 6.8≤ 6.1.2v6.0+10 more2014-04-02
CVE-2014-1304 [MEDIUM] CWE-119 CVE-2014-1304: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
nvd
CVE-2014-1310MEDIUMCVSS 6.8≤ 6.1.2v6.0+10 more2014-04-02
CVE-2014-1310 [MEDIUM] CWE-119 CVE-2014-1310: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
nvd
CVE-2014-1311MEDIUMCVSS 6.8≤ 6.1.2v6.0+10 more2014-04-02
CVE-2014-1311 [MEDIUM] CWE-119 CVE-2014-1311: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
nvd
CVE-2014-1301MEDIUMCVSS 6.8≤ 6.1.2v6.0+10 more2014-04-02
CVE-2014-1301 [MEDIUM] CWE-119 CVE-2014-1301: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
nvd
CVE-2014-1302MEDIUMCVSS 6.8≤ 6.1.2v6.0+10 more2014-04-02
CVE-2014-1302 [MEDIUM] CWE-119 CVE-2014-1302: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
nvd
CVE-2014-1309MEDIUMCVSS 6.8≤ 6.1.2v6.0+10 more2014-04-02
CVE-2014-1309 [MEDIUM] CWE-119 CVE-2014-1309: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
nvd
CVE-2014-1305MEDIUMCVSS 6.8≤ 6.1.2v6.0+10 more2014-04-02
CVE-2014-1305 [MEDIUM] CWE-119 CVE-2014-1305: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
nvd
CVE-2014-1300CRITICALCVSS 10.0v7.0.22014-03-26
CVE-2014-1300 [CRITICAL] CVE-2014-1300: Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary
Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.
nvd
CVE-2014-1303CRITICALCVSS 10.0PoCv7.0.22014-03-26
CVE-2014-1303 [CRITICAL] CWE-119 CVE-2014-1303: Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code a
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.
nvd
CVE-2014-1269MEDIUMCVSS 6.8≤ 6.1.1v6.0+8 more2014-02-27
CVE-2014-1269 [MEDIUM] CVE-2014-1269: WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.
nvd
CVE-2014-1270MEDIUMCVSS 6.8≤ 6.1.1v6.0+8 more2014-02-27
CVE-2014-1270 [MEDIUM] CVE-2014-1270: WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.
nvd
CVE-2014-1268MEDIUMCVSS 6.8≤ 6.1.1v6.0+8 more2014-02-27
CVE-2014-1268 [MEDIUM] CWE-119 CVE-2014-1268: WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.
nvd
CVE-2013-5227MEDIUMCVSS 6.4≤ 6.1v6.0+6 more2013-12-18
CVE-2013-5227 [MEDIUM] CWE-264 CVE-2013-5227: Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Pol
Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields.
nvd
CVE-2013-5196MEDIUMCVSS 6.8≤ 6.1v6.0+6 more2013-12-18
CVE-2013-5196 [MEDIUM] CWE-119 CVE-2013-5196: WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
nvd