National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:apple:safari:5.1.1
There are 721 matching records.
Displaying matches 561 through 580.
Vuln ID Summary CVSS Severity
CVE-2013-1023

WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009.

Published: June 05, 2013; 10:39:55 AM -04:00
    V2: 6.8 MEDIUM
CVE-2013-1013

XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors.

Published: June 05, 2013; 10:39:55 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-1012

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.

Published: June 05, 2013; 10:39:55 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-1009

WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023.

Published: June 05, 2013; 10:39:55 AM -04:00
    V2: 6.8 MEDIUM
CVE-2013-2566

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Published: March 15, 2013; 05:55:01 PM -04:00
V3.0: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2013-0961

WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960.

Published: March 15, 2013; 04:55:10 PM -04:00
    V2: 6.8 MEDIUM
CVE-2013-0960

WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961.

Published: March 15, 2013; 04:55:10 PM -04:00
    V2: 6.8 MEDIUM
CVE-2012-3748

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

Published: November 03, 2012; 01:55:01 PM -04:00
    V2: 5.1 MEDIUM
CVE-2012-3715

Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network.

Published: September 20, 2012; 05:55:02 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-3714

The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.

Published: September 20, 2012; 05:55:02 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-3713

Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document.

Published: September 20, 2012; 05:55:02 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-2647

Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.

Published: July 31, 2012; 06:45:42 AM -04:00
    V2: 5.8 MEDIUM
CVE-2012-3686

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

Published: July 25, 2012; 04:55:04 PM -04:00
    V2: 9.3 HIGH
CVE-2012-3683

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

Published: July 25, 2012; 04:55:04 PM -04:00
    V2: 9.3 HIGH
CVE-2012-3682

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

Published: July 25, 2012; 04:55:04 PM -04:00
    V2: 9.3 HIGH
CVE-2012-3681

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

Published: July 25, 2012; 04:55:04 PM -04:00
    V2: 9.3 HIGH
CVE-2012-3680

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

Published: July 25, 2012; 04:55:04 PM -04:00
    V2: 9.3 HIGH
CVE-2012-3679

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

Published: July 25, 2012; 04:55:04 PM -04:00
    V2: 9.3 HIGH
CVE-2012-3678

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

Published: July 25, 2012; 04:55:04 PM -04:00
    V2: 9.3 HIGH
CVE-2012-3674

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

Published: July 25, 2012; 04:55:04 PM -04:00
    V2: 9.3 HIGH