- Home
- CVEs with nessus.description==The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 10.1.2. It is, therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists in the WebKit component due to improper handling of SVG filters.
An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose sensitive cross-domain information. (CVE-2017-7006)
- An unspecified flaw exists that allows an unauthenticated, remote attacker to spoof the address bar via a specially crafted website. (CVE-2017-7011)
- Multiple memory corruption issues exists in the 'WebKit Web Inspector' component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7012)
- Multiple memory corruption issues exist in the WebKit component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7018, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)
- A memory corruption issue exists in the 'WebKit Page Loading' component due to improper validation of input.
An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7019)
- Multiple cross-site scripting (XSS) vulnerabilities exist in the WebKit component in the DOMParser due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit these issue, via a specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2017-7038, CVE-2017-7059)
- A denial of service vulnerability exists in the Safari Printing component. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to create an infinite number of print dialogs.
(CVE-2017-7060)
- An unspecified memory initialization flaw exists in WebKit. A local attacker can exploit this, via a specially crafted application, to disclose restricted memory. (CVE-2017-7064)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top