Apple Safari vulnerabilities
1,592 known vulnerabilities affecting apple/safari.
Total CVEs
1,592
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1
Vulnerabilities
Page 55 of 80
CVE-2013-5199MEDIUMCVSS 6.8≤ 6.1v6.0+6 more2013-12-18
CVE-2013-5199 [MEDIUM] CWE-119 CVE-2013-5199: WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
nvd
CVE-2013-5195MEDIUMCVSS 6.8≤ 6.1v6.0+6 more2013-12-18
CVE-2013-5195 [MEDIUM] CWE-119 CVE-2013-5195: WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
nvd
CVE-2013-5198MEDIUMCVSS 6.8≤ 6.1v6.0+6 more2013-12-18
CVE-2013-5198 [MEDIUM] CWE-119 CVE-2013-5198: WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
nvd
CVE-2013-5197MEDIUMCVSS 6.8≤ 6.1v6.0+6 more2013-12-18
CVE-2013-5197 [MEDIUM] CWE-119 CVE-2013-5197: WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
nvd
CVE-2013-5228MEDIUMCVSS 6.8≤ 6.1v6.0+6 more2013-12-18
CVE-2013-5228 [MEDIUM] CWE-119 CVE-2013-5228: WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
nvd
CVE-2013-5225MEDIUMCVSS 6.8≤ 6.1v6.0+6 more2013-12-18
CVE-2013-5225 [MEDIUM] CWE-119 CVE-2013-5225: WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execut
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
nvd
CVE-2013-7127LOWCVSS 2.1v6.0.52013-12-17
CVE-2013-7127 [LOW] CWE-310 CVE-2013-7127: Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist,
Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file.
nvd
CVE-2013-5130MEDIUMCVSS 5.0≤ 6.0.5v6.0+4 more2013-10-24
CVE-2013-5130 [MEDIUM] CWE-200 CVE-2013-5130: WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Ins
WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files.
nvd
CVE-2013-1041MEDIUMCVSS 6.8≤ 6.0.52013-09-19
CVE-2013-1041 [MEDIUM] CWE-119 CVE-2013-1041: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
nvd
CVE-2013-1047MEDIUMCVSS 6.8≤ 6.0.52013-09-19
CVE-2013-1047 [MEDIUM] CWE-119 CVE-2013-1047: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
nvd
CVE-2013-1039MEDIUMCVSS 6.8≤ 6.0.52013-09-19
CVE-2013-1039 [MEDIUM] CWE-119 CVE-2013-1039: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
nvd
CVE-2013-1037MEDIUMCVSS 6.8≤ 6.0.52013-09-19
CVE-2013-1037 [MEDIUM] CWE-119 CVE-2013-1037: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
nvd
CVE-2013-1040MEDIUMCVSS 6.8≤ 6.0.52013-09-19
CVE-2013-1040 [MEDIUM] CWE-119 CVE-2013-1040: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
nvd
CVE-2013-1038MEDIUMCVSS 6.8≤ 6.0.52013-09-19
CVE-2013-1038 [MEDIUM] CWE-119 CVE-2013-1038: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
nvd
CVE-2013-1009MEDIUMCVSS 6.8≤ 6.0.4v6.0+3 more2013-06-05
CVE-2013-1009 [MEDIUM] CWE-119 CVE-2013-1009: WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023.
nvd
CVE-2013-1023MEDIUMCVSS 6.8≤ 6.0.4v6.0+3 more2013-06-05
CVE-2013-1023 [MEDIUM] CVE-2013-1023: WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or c
WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009.
nvd
CVE-2013-1013MEDIUMCVSS 4.3≤ 6.0.4v6.0+3 more2013-06-05
CVE-2013-1013 [MEDIUM] CWE-20 CVE-2013-1013: XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remo
XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors.
nvd
CVE-2013-1012MEDIUMCVSS 4.3≤ 6.0.4v6.0+3 more2013-06-05
CVE-2013-1012 [MEDIUM] CWE-79 CVE-2013-1012: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attack
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.
nvd
CVE-2013-0961MEDIUMCVSS 6.8≤ 6.0.2v1.0+70 more2013-03-15
CVE-2013-0961 [MEDIUM] CVE-2013-0961: WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a den
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960.
nvd
CVE-2013-0960MEDIUMCVSS 6.8≤ 6.0.2v1.0+70 more2013-03-15
CVE-2013-0960 [MEDIUM] CVE-2013-0960: WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a den
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961.
nvd