Safari
Monthly
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 44.8%.
Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.8%.
Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 44.8%.
Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.8%.
Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.