Download
| Alert*
oval:org.secpod.oval:def:17345
The host is installed with Apple Safari before 4.0.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly restrict the URL scheme of the pluginspage attribute of an EMBED element. Successful exploitation could allow attackers to launc ... oval:org.secpod.oval:def:17343 The host is installed with Apple Safari before 4.0.3 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle crafted floating-point numbers. Successful exploitation could allow attackers execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:17294 The host is installed with Apple Safari before 4.0.3 and is prone to an incomplete blacklist vulnerability. A flaw is present in the application, which fails to properly properly handle unspecified homoglyphs. Successful exploitation could allow attackers to spoof domain names in URLs. oval:org.secpod.oval:def:17292 The host is installed with Apple Safari 4.x before 4.0.3 and is prone to a phishing attack vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors. Successful exploitation could allow remote web servers to place an arbitrary web site in the Top Sites view. oval:org.secpod.oval:def:17299 The host is missing a security update according to Apple advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle textnodes. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:17298 The host is installed with Apple Safari before 5.0.5 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle textnodes. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:17293 The host is installed with Apple Safari before 4.0.3 and is prone to an incomplete blacklist vulnerability. A flaw is present in the application, which fails to properly properly handle unspecified homoglyphs. Successful exploitation could allow attackers to spoof domain names in URLs. oval:org.mitre.oval:def:11802 Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. oval:org.mitre.oval:def:11923 Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-fa ... oval:org.mitre.oval:def:7180 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations ... oval:org.mitre.oval:def:7051 PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. oval:org.mitre.oval:def:7053 The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. oval:org.mitre.oval:def:7295 WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099. oval:org.mitre.oval:def:7288 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements. oval:org.mitre.oval:def:7041 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method. oval:org.mitre.oval:def:7037 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database ... oval:org.mitre.oval:def:7157 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees. oval:org.mitre.oval:def:7150 WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements. oval:org.mitre.oval:def:7031 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements. oval:org.mitre.oval:def:7143 Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management. oval:org.mitre.oval:def:7024 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 and Apple iTunes before 9.2 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML but ... oval:org.mitre.oval:def:5915 Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. oval:org.mitre.oval:def:7099 WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary c ... oval:org.mitre.oval:def:7082 Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involv ... oval:org.mitre.oval:def:7197 WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive inf ... oval:org.mitre.oval:def:7199 Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. oval:org.mitre.oval:def:7071 Double free vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, ... oval:org.mitre.oval:def:6912 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISC ... oval:org.mitre.oval:def:6915 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements. oval:org.mitre.oval:def:6901 ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. oval:org.mitre.oval:def:12148 The host is installed with Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier or Apple iTunes before 10.2 and is prone to memory corruption vulnerability. The flaw is present in the ibxml2 before 2.7.8, which reads from invalid memory locations during processing of malformed XPath expre ... oval:org.mitre.oval:def:6836 Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port. oval:org.mitre.oval:def:6709 WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. oval:org.mitre.oval:def:6817 Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. oval:org.secpod.oval:def:14268 The host is installed with Apple Safari before 4.0.4 is prone to buffer overflow vulnerability. The flaw is present in the application which fails to properly handle a crafted ColorSync profile embedded in an image. Successful exploitation allows attacker to cause a denial of service. oval:org.mitre.oval:def:6810 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality. oval:org.mitre.oval:def:6812 Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. oval:org.mitre.oval:def:6882 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content." oval:org.mitre.oval:def:6885 ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. oval:org.mitre.oval:def:6649 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for ... oval:org.mitre.oval:def:6888 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes 9.2 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lac ... oval:org.mitre.oval:def:6871 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces. oval:org.mitre.oval:def:6516 The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to con ... oval:org.mitre.oval:def:6876 The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selecto ... oval:org.mitre.oval:def:11112 The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. oval:org.mitre.oval:def:6981 Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 or Apple iTunes on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element. oval:org.mitre.oval:def:6741 Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. oval:org.mitre.oval:def:6862 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts. oval:org.mitre.oval:def:5777 WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to exec ... oval:org.mitre.oval:def:6739 The execCommand JavaScript function in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document. oval:org.mitre.oval:def:6208 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. oval:org.secpod.oval:def:751 The host is installed with Google Chrome before 4.0.249.78 or Apple Safari before 4.0.5 and is prone to information disclosure vulnerability. A flaw is present in the applications which fails to restrict cross-origin loading of CSS stylesheets when the stylesheet download has an incorrect MIME type ... oval:org.secpod.oval:def:632 The host is installed with Google Chrome before 10.0.648.204 and is prone to denial of service vulnerability. A flaw is present in the application which does not properly handle parentage. Successful exploitation allow remote attackers to cause a denial of service or possibly have unspecified other ... oval:org.mitre.oval:def:11777 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (a ... oval:org.mitre.oval:def:11898 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression. oval:org.mitre.oval:def:6656 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL. oval:org.mitre.oval:def:7335 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects. oval:org.mitre.oval:def:6362 Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. oval:org.mitre.oval:def:11524 Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. oval:org.mitre.oval:def:11766 The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of servic ... oval:org.mitre.oval:def:11639 Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. oval:org.mitre.oval:def:11877 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG docu ... oval:org.mitre.oval:def:7323 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property. oval:org.mitre.oval:def:7314 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and- ... oval:org.mitre.oval:def:11729 Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers. oval:org.mitre.oval:def:7135 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. oval:org.mitre.oval:def:7374 WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue." oval:org.mitre.oval:def:7252 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning. oval:org.mitre.oval:def:7255 WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. oval:org.mitre.oval:def:11962 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document. oval:org.mitre.oval:def:11964 WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related ... oval:org.mitre.oval:def:11837 Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element ... oval:org.mitre.oval:def:11956 Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. oval:org.secpod.oval:def:2674 The host is missing a security update according to APPLE-SA-2011-04-14-3. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application which fail to properly handle CSS style and certain text nodes. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:815 The host is installed with Apple Safari and is prone to multiple vulnerabilities. The flaws are present the application that are caused by input validation and implementation errors in WebKit. Successful exploitation allows attackers to bypass certain security checks, gain knowledge of sensitive inf ... oval:org.mitre.oval:def:7005 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method. oval:org.mitre.oval:def:11820 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory cor ... oval:org.mitre.oval:def:11941 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attac ... oval:org.mitre.oval:def:10964 Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to elem ... oval:org.mitre.oval:def:11935 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering ... oval:org.mitre.oval:def:7347 WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data. oval:org.mitre.oval:def:7346 The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. oval:org.secpod.oval:def:40348 The host is missing a security update according to Apple advisory, APPLE-SA-2011-07-20-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote web servers to execute arbitrary code ... oval:org.secpod.oval:def:1801183 CVE-2018-4246 Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling. Versions affected: WebKitGTK+ before 2.20.4 CVE-2018-4261 Processing maliciously crafted web content may lead to arbitrary code execution ... oval:org.secpod.oval:def:46752 The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:46827 The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:46821 The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:115120 Chromium is an open-source web browser, powered by WebKit . oval:org.secpod.oval:def:53380 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-4117 AhsanEjaz discovered an information leak. Rob Wu discovered a way to escalate privileges using extensions. CVE-2018-6150 Rob Wu discovered an information disclosure issue . CVE-2018-6151 Rob Wu discovered an issu ... oval:org.secpod.oval:def:115022 Chromium is an open-source web browser, powered by WebKit . oval:org.secpod.oval:def:44802 The host is missing a security update according to Apple advisory, APPLE-SA-2018-3-29-8. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly perform input validation. Successful exploitation could allow attackers to disclose sensi ... oval:org.secpod.oval:def:704334 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:2000193 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. oval:org.secpod.oval:def:14273 The host is installed with Apple Safari before 4.0.4 is prone to information disclosure vulnerability. The flaw is present in the application which fails to properly handle Open Image and Open Link menu options via a crafted web site. Successful exploitation allows attacker to execute arbitrary code ... oval:org.secpod.oval:def:14271 The host is installed with Apple Safari before 4.0.4 is prone to cross-site request forgery vulnerability. The flaw is present in the application which fails to properly handle certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight. Successful exploitation a ... oval:org.secpod.oval:def:14272 The host is installed with Apple Safari before 4.0.4 is prone to information disclosure vulnerability. The flaw is present in the application which fails to properly handle HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480. Successful exploitatio ... oval:org.secpod.oval:def:15502 The host is installed with Apple Safari before 5.1.10 and is prone to remote code execution vulnerability. The flaw is present in the JavaScriptCore's JSArray::sort() method, which fails in proper bound checking. Successful exploitation could allow attackers to cause an unexpected application termin ... oval:org.secpod.oval:def:15501 The host is missing an important security update according to Apple advisory, APPLE-SA-2013-09-12-2. The update is required to fix multiple vulnerabilities. The flaws are present in the JavaScriptCore's JSArray::sort() method, which fails in proper bound checking. Successful exploitation could allow ... oval:org.secpod.oval:def:2981 The host is installed with Apple Safari before 5.1.1 and is prone to a security bypass vulnerability. A flaw is present in the application, a logic error when handling cookies while in Private Browsing mode. Successful exploitation could allow attackers to set cookies although the "Block cookies" op ... oval:org.secpod.oval:def:2980 The host is installed with Apple Safari before 5.1.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle uninitialized memory during the processing of X.509 certificates. Successful exploitation could allow to execute arbitr ... oval:org.secpod.oval:def:2982 The host is installed with Apple Safari before 5.1.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle vectors involving inactive DOM windows. Successful exploitation could allow to execute arbitrary JavaScript code. oval:org.secpod.oval:def:2985 The host is installed with Google Chrome before 10.0.648.204 or Apple Safari less than or equal to 5.0.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which do not properly handle parentage. Successful exploitation allow remote attackers to cause a denial ... oval:org.secpod.oval:def:2987 The host is installed with Apple Safari before 5.1.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to enforce an intended policy for file: URLs. Successful exploitation could allow to execute arbitrary code. oval:org.secpod.oval:def:2989 The host is missing a security update according to APPLE-SA-2011-07-20-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to sanitize crafted input. Successful exploitation could allow attackers to affect confidentiality, integrity, and a ... oval:org.secpod.oval:def:2979 The host is installed with Apple Safari before 5.1.1 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to handle a crafted safari extension. Successful exploitation could allow to execute arbitrary JavaScript code. oval:org.secpod.oval:def:2673 The host is missing a security update according to APPLE-SA-2011-04-14-3. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application which fail to properly handle CSS style and certain text nodes. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:2672 The host is installed with Apple Safari before 5.0.5 and is prone to use-after-free vulnerability. A flaw is present in the application which fails to properly handle certain text nodes. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:3394 The host is installed with Apple Safari before 5.1.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle vectors involving inactive DOM windows. Successful exploitation could allow to execute arbitrary JavaScript code. oval:org.secpod.oval:def:3395 The host is installed with Apple Safari before 5.1.1 and is prone to a security bypass vulnerability. A flaw is present in the application, a logic error when handling cookies while in Private Browsing mode. Successful exploitation could allow attackers to set cookies although the "Block cookies" op ... oval:org.secpod.oval:def:3495 The host is installed with Apple Safari before 4.0.5 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors related to the run-in Cascading Style Sheets (CSS) display property. Successful exploitation could allow attackers to crash the ser ... oval:org.secpod.oval:def:3496 The host is installed with Apple Safari and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors involving HTML IMG elements. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3493 The host is installed with Apple Safari before 4.0.5 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document. Successful exploitation could allow attackers to disclose sensitive information. oval:org.secpod.oval:def:3494 The host is installed with Apple Safari before 4.0.5 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors related to callbacks for HTML elements. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3491 The host is installed with Apple Safari before 4.0.5 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle HTML elements with right-to-left (RTL) text directionality. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3490 The host is installed with Apple Safari before 4.0.5 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted XML document. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3488 The host is installed with Apple Safari before 4.0.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted format arguments. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3489 The host is installed with Apple Safari before 4.0.5 and is prone to a use after free vulnerability. A flaw is present in the application, vectors related to HTML object element fallback content. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3487 The host is installed with Apple Safari before 4.0.5 and is prone to a information disclosure vulnerability. A flaw is present in the application, which fails to properly implement use of the Accept Cookies preference to block cookies. Successful exploitation could allow remote web servers to track ... oval:org.secpod.oval:def:3693 The host is installed with Apple Safari before 5.0.1 or 4.1.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle vectors related to the rendering of an inline element. Successful exploitation could allow attackers to execute arbitr ... oval:org.secpod.oval:def:3694 The host is installed with Apple Safari before 5.0.1 or 4.1.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted HTML document.. Successful exploitation could allow attackers to execute arbitrary code or crash the service ... oval:org.secpod.oval:def:3691 The host is installed with Apple Safari before 5.0.1 or 4.1.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle JavaScript code that forces keystroke events for input fields. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:3692 The host is installed with Apple Safari before 5.0.1 or 4.1.1 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle vectors related to element focus. Successful exploitation could allow attackers to execute arbitrary code or crash the s ... oval:org.secpod.oval:def:3697 The host is installed with Apple Safari before 5.0.1 or 4.1.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a floating element in an SVG document. Successful exploitation could allow attackers to execute arbitrary code or crash the ser ... oval:org.secpod.oval:def:3698 The host is installed with Apple Safari before 5.0.1 or 4.1.1 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a JavaScript string object. Successful exploitation could allow attackers to execute arbitrary code or crash the servi ... oval:org.secpod.oval:def:3695 The host is installed with Apple Safari before 5.0.1 or 4.1.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to prevent access of uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text e ... oval:org.secpod.oval:def:3696 The host is installed with Apple Safari before 5.0.1 or 4.1.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a floating element in an SVG document. Successful exploitation could allow attackers to execute arbitrary code or crash the ser ... oval:org.secpod.oval:def:3699 The host is installed with Apple Safari before 5.0.1 or 4.1.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle just-in-time (JIT) compiled JavaScript stubs. Successful exploitation could allow attackers to execute arbitrary code or crash ... oval:org.secpod.oval:def:3690 The host is installed with Apple Safari before 5.0.1 or 4.1.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle a RSS feed. Successful exploitation could allow attackers to inject arbitrary web script or HTML. oval:org.secpod.oval:def:3345 The host is installed with Apple Safari before 4.0.5 or Apple iTunes before 9.1 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to ensure that memory access is associated with initialized memory. Successful exploitation could allow attackers to cr ... oval:org.secpod.oval:def:3343 The host is installed with Apple Safari before 4.0.5 or Apple iTunes before 9.1 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to ensure that memory access is associated with initialized memory. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:3344 The host is installed with Apple Safari before 4.0.5 or Apple iTunes before 9.1 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to ensure that memory access is associated with initialized memory. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:3349 The host is installed with Apple Safari before 5.1.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to enforce an intended policy for file: URLs. Successful exploitation could allow to execute arbitrary code. oval:org.secpod.oval:def:3348 The host is installed with Apple Safari before 5.1.1 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to handle a crafted safari extension. Successful exploitation could allow to execute arbitrary JavaScript code. oval:org.secpod.oval:def:3811 The host is missing a security update according to Apple advisory, APPLE-SA-2010-11-18-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly sanitize user supplied input. Successful exploitation could allow attackers to execute a ... oval:org.secpod.oval:def:3809 The host is installed with Apple Safari before 5.0.3 or 4.1.3 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to properly handle a non-SVG document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:3701 The host is installed with Apple Safari before 5.0.1 or 4.1.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle vectors a crafted regular expression. Successful exploitation could allow attackers to execute arbitrary code or crash the serv ... oval:org.secpod.oval:def:3702 The host is installed with Apple Safari before 5.0.1 or 4.1.1 and is prone to multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a (1) font-face or (2) use element in an SVG document.. Successful exploitation could allow attackers to execute arbi ... oval:org.secpod.oval:def:3700 The host is installed with Apple Safari before 5.0.1 or 4.1.1 and is prone to an integer signedness vulnerability. A flaw is present in the application, which fails to handle vectors involving a JavaScript array index. Successful exploitation could allow attackers to execute arbitrary code or crash ... oval:org.secpod.oval:def:3705 The host is installed with Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle run-in styling in an element. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3706 The host is missing an important security update according to Apple advisory, APPLE-SA-2010-09-07-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fail to sanitize user supplied input. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:3703 The host is installed with Apple Safari before 5.0.1 or 4.1.1 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to handle crafted input. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:3704 The host is installed with Apple Safari before 5.0.2 or 4.1.2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate floating-point data. Successful exploitation could allow attackers to execute arbitrary code or crash the servic ... oval:org.mitre.oval:def:7403 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." oval:org.mitre.oval:def:7561 ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. oval:org.mitre.oval:def:7554 WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. oval:org.secpod.oval:def:3783 The host is missing a security update according to Apple advisory, APPLE-SA-2010-11-18-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly sanitize user supplied input. Successful exploitation could allow attackers to execute a ... oval:org.secpod.oval:def:3976 The host is missing an important security update according to Apple advisory, APPLE-SA-2011-10-12-4. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to sanitize user supplied input. Successful exploitation could allow to execute arbitrar ... oval:org.secpod.oval:def:3977 The host is missing an important security update according to Apple advisory, APPLE-SA-2011-10-12-4. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to sanitize user supplied input. Successful exploitation could allow to execute arbitrar ... oval:org.secpod.oval:def:45936 The host is installed with Apple Safari before 11.1.1 and is prone to an address bar spoofing vulnerability. A flaw is present in the applications, which fails to properly handle inconsistent user interface issues. Successful exploitation may lead to address bar spoofing. oval:org.secpod.oval:def:45944 The host is missing a security update according to Apple advisory, APPLE-SA-2018-06-01-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly perform input validation. Successful exploitation could allow attackers to cause arbitra ... oval:org.secpod.oval:def:4342 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle a SRC attribute composed of a javascript: sequence preceded by spaces. Successful exploitation could allow remote attac ... oval:org.secpod.oval:def:4343 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to properly handle a certain window close action that occurs during a drag-and-drop operation. Successful exploitation could allow remote attack ... oval:org.secpod.oval:def:4340 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle libxml contexts. Successful exploitation could allow remote attackers to execute arbitrary code or crash the servi ... oval:org.secpod.oval:def:4341 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a cross site image capture issue. A flaw is present in the application, which fails to properly restrict the reading of a canvas that contains an SVG image pattern from a different web site. Successful exploitation could allow ... oval:org.secpod.oval:def:4346 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to properly handle vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child elem ... oval:org.secpod.oval:def:4347 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to properly handle vectors related to the Node.normalize method. Successful exploitation could allow remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:4344 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly restrict remote execution of clipboard commands. Successful exploitation could allow remote attackers to modify the clipboard ... oval:org.secpod.oval:def:4345 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a webkit keyboard focus vulnerability. A flaw is present in the application, which fails to properly handle changes to keyboard focus that occur during processing of key press events. Successful exploitation could allow remote ... oval:org.secpod.oval:def:4348 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to properly handle vectors involving HTML document subtrees. Successful exploitation could allow remote attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:4349 The host is installed with Apple Safari before 4.1 or 5.0 or Google Chrome before 5.0.375.70 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted HTML document containing a BR element. Successful exploitation could allow re ... oval:org.secpod.oval:def:4474 The host is installed with Apple Safari before 5.0.6 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors related to improper list management for Cascading Style Sheets (CSS). Successful exploitation could allow attackers to crash the se ... oval:org.secpod.oval:def:4475 The host is installed with Apple Safari before 5.0.6 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors related to improper list management for Cascading Style Sheets (CSS). Successful exploitation could allow attackers to crash the se ... oval:org.secpod.oval:def:4351 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle a crafted HTML document. Successful exploitation could allow remote attackers to execute arbitrary code or crash the service ... oval:org.secpod.oval:def:4352 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle HTML content that contains multiple :after pseudo-selectors. Successful exploitation could allow remote attackers to corru ... oval:org.secpod.oval:def:4350 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle vectors involving fonts. Successful exploitation could allow remote attackers to execute arbitrary code or crash the service ... oval:org.secpod.oval:def:4321 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle vectors related to a malformed URL. Successful exploitation could allow attackers to inject arbitrary code. oval:org.secpod.oval:def:4324 The host is installed with Apple Safari 4.0 before 4.1 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors related to HTML buttons and the first-letter CSS style. Successful exploitation could allow attackers to inject arbitrary code o ... oval:org.secpod.oval:def:4325 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a HREF attribute associated with a redirecting URL. Successful exploitation could allow attackers to discover sensitive URLs. oval:org.secpod.oval:def:4322 The host is installed with Apple Safari 4.0 before 4.1 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors related to attribute manipulation. Successful exploitation could allow attackers to inject arbitrary code or crash the service. oval:org.secpod.oval:def:4323 The host is installed with Apple Safari 4.0 before 4.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle UTF-7 encoded text. Successful exploitation could allow attackers to inject arbitrary code or crash the service. oval:org.secpod.oval:def:4328 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly perform ordered list insertions. Successful exploitation could allow attackers to execute arbitrary code or crash the ser ... oval:org.secpod.oval:def:4329 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly perform ordered list insertions. Successful exploitation could allow attackers to execute arbitrary code or crash the ser ... oval:org.secpod.oval:def:4326 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle vectors involving DOM constructor objects. Successful exploitation could allow attackers to inject arbitrary web script or HTML. oval:org.secpod.oval:def:4327 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an un ... oval:org.secpod.oval:def:4331 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly perform ordered list insertions. Successful exploitation could allow attackers to execute arbitrary code or crash the ser ... oval:org.secpod.oval:def:4332 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a double free vulnerability. A flaw is present in the application, which fails to properly handle vectors related to an event listener in an SVG document. Successful exploitation could allow attackers to execute arbitrary code ... oval:org.secpod.oval:def:4330 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle vectors involving caption elements. Successful exploitation could allow attackers to execute arbitrary code or crash the ser ... oval:org.secpod.oval:def:4335 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to properly handle a HTML element that has custom vertical positioning. Successful exploitation could allow attackers to execute arbitrary code ... oval:org.secpod.oval:def:4336 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted port number. Successful exploitation could allow attackers to bypass security restrictions. oval:org.secpod.oval:def:4333 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted document containing XML that triggers a parsing error. Successful exploitation could allow attackers to exec ... oval:org.secpod.oval:def:4334 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to properly handle SVG document that contains recursive Use elements. Successful exploitation could allow attackers to execute arbitrary code or ... oval:org.secpod.oval:def:4339 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to properly handle vectors related to hover events. Successful exploitation could allow remote attackers to execute arbitrary code or crash the ... oval:org.secpod.oval:def:4337 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to an incomplete blacklist vulnerability. A flaw is present in the application, which fails to properly handle vectors involving an IRC service port. Successful exploitation could allow remote attackers to trigger disclosure of d ... oval:org.secpod.oval:def:4338 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a SVG document with nested use element. Successful exploitation could allow remote attackers to execute arbitrary code or ... oval:org.secpod.oval:def:2001499 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:42607 The host is installed with Apple Safari before 11.0.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to lead to arbitrary code execution. oval:org.secpod.oval:def:42606 The host is installed with Apple Safari before 11.0.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to lead to arbitrary code execution. oval:org.secpod.oval:def:42605 The host is installed with Apple Safari before 11.0.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to lead to arbitrary code execution. oval:org.secpod.oval:def:42611 The host is installed with Apple Safari before 11.0.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to lead to arbitrary code execution. oval:org.secpod.oval:def:42610 The host is installed with Apple Safari before 11.0.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to lead to arbitrary code execution. oval:org.secpod.oval:def:42615 The host is installed with Apple Safari before 11.0.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to lead to arbitrary code execution. oval:org.secpod.oval:def:42614 The host is installed with Apple Safari before 11.0.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to lead to arbitrary code execution. oval:org.secpod.oval:def:42613 The host is installed with Apple Safari before 11.0.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to lead to arbitrary code execution. oval:org.secpod.oval:def:42612 The host is installed with Apple Safari before 11.0.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to lead to arbitrary code execution. oval:org.secpod.oval:def:42616 The host is installed with Apple Safari before 11.0.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to lead to arbitrary code execution. oval:org.secpod.oval:def:4265 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle vectors involving a (1) paste or (2) drag-and-drop operation for a selection. Successful exploitation allows user-assisted remot ... oval:org.secpod.oval:def:4266 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document. oval:org.secpod.oval:def:4263 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors related to improper window management. Successful exploitation could allow attackers to execute arbitrary code or crash the se ... oval:org.secpod.oval:def:4264 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle vectors related to a crafted HTML document. Successful exploitation could allow attackers to read arbitrary files. oval:org.secpod.oval:def:4269 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors related to the contentEditable attribute and removing container elements. Successful exploitation could allow attackers to ex ... oval:org.secpod.oval:def:4267 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted URL. Successful exploitation could allow attackers to create arbitrary database files. oval:org.secpod.oval:def:4268 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle vectors involving HTML document fragments. Successful exploitation could allow attackers to inject arbitrary web script or HMTL. oval:org.secpod.oval:def:4261 The host is installed with Apple Safari before 5.0 and is prone to an URL obfuscation vulnerability. A flaw is present in the application, which fails to handle a crafted URL. Successful exploitation could allow attackers to conduct phishing attacks. oval:org.secpod.oval:def:2000468 An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" componen ... oval:org.secpod.oval:def:4262 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a PDF handling vulnerability. A flaw is present in the application, which fails to handle a crafted PDF document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:4276 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle multiple redirections during form submission. Successful exploitation could allow attackers to disclose sensitive information ... oval:org.secpod.oval:def:4277 The host is missing a security update according to Apple advisory, APPLE-SA-2010-06-07-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle malicious data. Successful exploitation could allow attackers to disclose sensitive inform ... oval:org.secpod.oval:def:4274 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors related to the removeChild DOM method. Successful exploitation could allow attackers to execute arbitrary code or crash the se ... oval:org.secpod.oval:def:4275 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle vectors involving HTML in a TEXTAREA element. Successful exploitation could allow attackers to inject arbitrary web script or HT ... oval:org.secpod.oval:def:4272 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which sends NTLM credentials in plain text. Successful exploitation could allow a man in the middle attacker to view the NTLM credentials. oval:org.secpod.oval:def:4273 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors related to the removeChild DOM method. Successful exploitation could allow attackers to execute arbitrary code or crash the se ... oval:org.secpod.oval:def:4270 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that ... oval:org.secpod.oval:def:4271 The host is installed with Apple Safari before 4.1 or 5.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which passes the Referer header when an HTTPS site redirects to an HTTP site. Successful exploitation could allow attackers to obtain sensitive inf ... oval:org.mitre.oval:def:7606 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events. oval:org.mitre.oval:def:7401 WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image captu ... oval:org.mitre.oval:def:7519 WebKit in Apple Safari before 5.0 or iTunes on Windows, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers ... oval:org.mitre.oval:def:7503 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element. oval:org.secpod.oval:def:45307 The host is installed with Apple Safari before 11.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fails to properly handle a memory corruption issue. Successful exploitation may lead to arbitrary code execution. oval:org.secpod.oval:def:45305 The host is missing a security update according to Apple advisory, APPLE-SA-2018-04-24-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly perform input validation. Successful exploitation could allow attackers to disclose sens ... oval:org.mitre.oval:def:7556 WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion o ... oval:org.mitre.oval:def:7552 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. oval:org.secpod.oval:def:4757 The host is installed with Apple Safari before 5.1.4 and is prone to URL spoofing vulnerability. A flaw is present in the application, which fails to properly restrict the characters in URLs. Successful exploitation allows remote attackers to spoof a domain name via unspecified homoglyphs. oval:org.secpod.oval:def:4758 The host is installed with Apple Safari before 5.1.4 and is prone to cookie setting vulnerability. A flaw is present in the application, which fails to properly block cookies from third parties and advertisers. Successful exploitation allows remote web servers to track users via a cookie. oval:org.secpod.oval:def:4756 The host is missing a security update according to APPLE-SA-2012-03-12-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle malicious contents. Successful exploitation allows remote attackers to execute remote code or gai ... oval:org.secpod.oval:def:4759 The host is installed with Apple Safari before 5.1.4 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle redirects in conjunction with HTTP authentication. Successful exploitation allows remote web servers to capture credentials ... oval:org.mitre.oval:def:7497 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during ... oval:org.secpod.oval:def:4820 The host is missing a security update according to APPLE-SA-2012-03-12-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle malicious contents. Successful exploitation allows remote attackers to execute remote code or gai ... oval:org.secpod.oval:def:4821 The host is installed with Apple Safari before 5.1.4 and is prone to cookie setting vulnerability. A flaw is present in the application, which fails to properly block cookies from third parties and advertisers. Successful exploitation allows remote web servers to track users via a cookie. oval:org.secpod.oval:def:4822 The host is installed with Apple Safari before 5.1.4 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle redirects in conjunction with HTTP authentication. Successful exploitation allows remote web servers to capture credentials ... oval:org.mitre.oval:def:7476 WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. oval:org.secpod.oval:def:45884 The host is installed with Apple iCloud before 7.5 or Apple iTunes before 12.7.5 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly perform input validation. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:45885 The host is installed with Apple iCloud before 7.5 or Apple iTunes before 12.7.5 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly perform input validation. Successful exploitation could allow attackers to execute arbitrary code. oval:org.mitre.oval:def:7591 WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document. oval:org.mitre.oval:def:7464 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue." oval:org.secpod.oval:def:45895 The host is missing a security update according to Apple advisory, APPLE-SA-2018-06-01-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:45896 The host is missing a security update according to Apple advisory, APPLE-SA-2018-06-01-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:6543 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6542 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6541 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6540 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6547 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6546 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6545 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6544 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6549 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6548 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6554 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6553 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6552 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6551 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6558 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6557 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6556 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6555 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6559 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6550 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:5671 The host is missing an important security update according to Apple advisory, APPLE-SA-2012-05-09-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle malicious data. Successful exploitation could allow attackers bypass s ... oval:org.secpod.oval:def:6529 The host is installed with Apple Safari before 6.0 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle the autocomplete attribute of a password input element. Successful exploitation could allow attackers to bypass authentication by lev ... oval:org.secpod.oval:def:6528 The host is installed with Apple Safari before 6.0 and is prone to an arbitrary file read vulnerability. A flaw is present in the application, which fails to handle a crafted feed URL. Successful exploitation could allow attackers to disclose sensitive information. oval:org.secpod.oval:def:6527 The host is installed with Apple Safari before 6.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted feed URL. Successful exploitation could allow attackers to inject arbitrary web script. oval:org.secpod.oval:def:5670 The host is installed with Apple Safari before 5.1.7 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly track state information during the processing of form input. Successful exploitation could allow attackers to fill in form fields on the ... oval:org.secpod.oval:def:6532 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6531 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6530 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6536 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6535 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6534 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6533 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6539 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6538 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6537 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:5667 The host is installed with Apple Safari before 5.1.7 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly track state information during the processing of form input. Successful exploitation could allow attackers to fill in form fields on the ... oval:org.secpod.oval:def:5668 The host is missing an important security update according to Apple advisory, APPLE-SA-2012-05-09-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle malicious data. Successful exploitation could allow attackers bypass s ... oval:org.secpod.oval:def:6602 The host is installed with Apple Safari before 6.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to disclose sensitive information. oval:org.secpod.oval:def:6601 The host is installed with Apple Safari before 6.0 and is prone to an arbitrary file read vulnerability. A flaw is present in the application, which fails to properly handle file: URLs. Successful exploitation could allow attackers to bypass intended sandbox restrictions and read arbitrary files. oval:org.secpod.oval:def:6600 The host is installed with Apple Safari before 6.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle location.href property. Successful exploitation could allow attackers to inject arbitrary web script or HTML. oval:org.secpod.oval:def:6587 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6586 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6585 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6584 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6589 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6588 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6583 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6582 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6581 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6580 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6598 The host is installed with Apple Safari before 6.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle drag-and-drop events. Successful exploitation could allow attackers to obtain sensitive information about full pathnames. oval:org.secpod.oval:def:6597 The host is installed with Apple Safari before 6.0 and is prone to an incomplete blacklist vulnerability. A flaw is present in the application, which fails to properly handle malicious data. Successful exploitation could allow attackers to spoof domain names in URLs, and possibly conduct phishing at ... oval:org.secpod.oval:def:6596 The host is installed with Apple Safari before 6.0 and is prone to a same origin bypass vulnerability. A flaw is present in the application, which fails to properly handle Cascading Style Sheets (CSS) property values. Successful exploitation could allow attackers to disclose sensitive information. oval:org.secpod.oval:def:6595 The host is installed with Apple Safari before 6.0 and is prone to a same origin bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to disclose sensitive information. oval:org.secpod.oval:def:6599 The host is installed with Apple Safari before 6.0 and is prone to a CRLF injection vulnerability. A flaw is present in the application, which fails to properly handle malicious data. Successful exploitation could allow attackers to inject arbitrary web script or HTML. oval:org.secpod.oval:def:6590 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6594 The host is installed with Apple Safari before 6.0 and is prone to a same origin bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to disclose sensitive information. oval:org.secpod.oval:def:6593 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6592 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6591 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6565 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6564 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6563 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6562 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6569 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6568 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6567 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6566 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6561 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6560 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6576 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6575 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6574 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6573 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6579 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6578 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6577 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6572 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6571 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:6570 The host is installed with Apple Safari before 6.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:7732 The host is installed with Apple Safari before 6.0.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow remote attackers to obtain the Me card from an Address Book. oval:org.secpod.oval:def:7733 The host is installed with Apple Safari before 6.0.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle https urls. Successful exploitation could allow user-assisted remote attackers to obtain sensitive information by sniffin ... oval:org.secpod.oval:def:7731 The host is installed with Apple Safari before 6.0.1 and is prone to an arbitrary file read vulnerability. A flaw is present in the application, which fails to handle quarantine attribute in HTML documents. Successful exploitation could allow user-assisted remote attackers to read arbitrary files by ... oval:org.secpod.oval:def:9900 The host is missing a critical security update according to apple advisory, APPLE-SA-2013-03-14-2. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to handle malicious data. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:7791 The host is missing a critical security update according to Apple advisory, APPLE-SA-2012-11-01-2. The update is required to fix multiple arbitrary code execution vulnerabilities. The flaws are present in the application, which fails to handle a maliciously crafted website. Successful exploitation c ... oval:org.secpod.oval:def:7784 The host is missing a security update according to Apple advisory, APPLE-SA-2012-09-19-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle malicious data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:7789 The host is installed with Apple Safari before 6.0.2 on Apple Mac OS X 10.7 or later, Safari before 5.1.10 on Mac OS X 10.6.x or Apple iTunes before 11.0.3 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle javascript arrays. Succes ... oval:org.secpod.oval:def:2678 The host is installed with Google Chrome before 7.0.517.44 or Apple Safari before 5.0.4 and is prone to denial of service vulnerability. A flaw is present in the application which fails to properly handle memory. Successful exploitation allows remote attackers to cause a denial of service (applicati ... oval:org.secpod.oval:def:9896 The host is installed with Apple Safari before 6.0.3 or Apple iTunes before 11.0.3 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle malicious data. Successful exploitation could allow attackers to execute arbitrary code or cr ... oval:org.secpod.oval:def:9897 The host is installed with Apple Safari before 6.0.3 or Apple iTunes before 11.0.3 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle malicious data. Successful exploitation could allow attackers to execute arbitrary code or cr ... oval:org.secpod.oval:def:2000204 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:2000464 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:45942 The host is installed with Apple Safari before 11.1.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fails to properly handle memory issues. Successful exploitation may lead to arbitrary code execution. oval:org.secpod.oval:def:2001407 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows ... oval:org.secpod.oval:def:46817 The host is installed with Google Chrome before 68.0.3440.75 and is prone to a cross origin information leak vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to disclose sensitive information. oval:org.secpod.oval:def:44801 The host is installed with Apple iCloud before 7.4, Apple iTunes before 12.7.4 or Google Chrome before 68.0.3440.75 and is prone to a cross-origin information disclosure vulnerability. A flaw is present in the application, which fails to properly perform input validation. Successful exploitation cou ... oval:org.secpod.oval:def:44800 The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly perform input validation. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:2000406 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:44812 The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution. oval:org.secpod.oval:def:44814 The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution. oval:org.secpod.oval:def:44823 The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution. oval:org.secpod.oval:def:44824 The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution. oval:org.secpod.oval:def:44825 The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution. oval:org.secpod.oval:def:44826 The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution. oval:org.secpod.oval:def:2001604 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:44821 The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution. oval:org.secpod.oval:def:44829 The host is installed with Apple Safari before 11.1 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to properly handle a maliciously crafted web content. Successful exploitation may lead to a denial of service. oval:org.secpod.oval:def:44830 The host is installed with Apple Safari before 11.1 or Google Chrome before 68.0.3440.75 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to properly handle a maliciously crafted web content. Successful exploitation may lead to a denial of service ... oval:org.secpod.oval:def:2000518 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:114649 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKit2 based WebKitGTK+ for GTK+ 3. oval:org.secpod.oval:def:2000168 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:704068 webkit2gtk: Web content engine library for GTK+ A security issue was fixed in WebKitGTK+. oval:org.secpod.oval:def:2000156 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:704062 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:114541 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. oval:org.secpod.oval:def:2000389 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:114411 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKit2 based WebKitGTK+ for GTK+ 3. oval:org.secpod.oval:def:114728 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. oval:org.secpod.oval:def:2001460 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:704127 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:46785 The host is installed with Google Chrome before 68.0.3440.75 and is prone to a cross origin information leak vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to disclose sensitive information. oval:org.secpod.oval:def:46780 The host is installed with Google Chrome before 68.0.3440.75 and is prone to a cross origin information leak vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:46823 The host is installed with Google Chrome before 68.0.3440.75 and is prone to a cross origin information leak vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:51060 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:52040 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:44784 The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:44786 The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:44793 The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:44795 The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:44796 The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:44797 The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:44798 The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:45890 The host is installed with Apple iCloud before 7.5 or Apple iTunes before 12.7.5 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to execute a ... oval:org.secpod.oval:def:45934 The host is installed with Apple Safari before 11.1.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fails to properly handle maliciously crafted web content. Successful exploitation may lead to arbitrary code execution. oval:org.secpod.oval:def:2000536 In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. oval:org.secpod.oval:def:704284 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:46294 The host is installed with Apple iCloud before 7.6 or Apple iTunes before 12.8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted content. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:46290 The host is installed with Apple iCloud before 7.6 or Apple iTunes before 12.8 and is prone to a cross-origin data bypass vulnerability. A flaw is present in the application, which fails to properly perform audio taint tracking. Successful exploitation could allow attackers to exfiltrate audio data ... oval:org.secpod.oval:def:46304 The host is missing a security update according to Apple advisory, APPLE-SA-2018-7-9-5. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to spoof address bars or ... oval:org.secpod.oval:def:46307 The host is installed with Apple Safari before 11.1.2 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a malicious website. Successful exploitation allows attackers to exfiltrate cross-origin the sound fetched through audio elements. oval:org.secpod.oval:def:46311 The host is installed with Apple Safari before 11.1.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle multiple memory corruption issues. Successful exploitation allows attackers to lead to arbitrary code execution. oval:org.secpod.oval:def:46303 The host is missing a security update according to Apple advisory, APPLE-SA-2018-7-9-7. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary co ... oval:org.secpod.oval:def:46302 The host is missing a security update according to Apple advisory, APPLE-SA-2018-7-9-6. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary co ... oval:org.secpod.oval:def:45886 The host is installed with Apple iCloud before 7.5 or Apple iTunes before 12.7.5 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to properly handle memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:703931 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:44922 The host is installed with Apple iCloud before 7.2 or Apple iTunes before 12.7.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:44923 The host is installed with Apple iCloud before 7.2 or Apple iTunes before 12.7.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:113665 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. oval:org.secpod.oval:def:42608 The host is installed with Apple Safari before 11.0.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to lead to arbitrary code execution. oval:org.secpod.oval:def:42609 The host is installed with Apple Safari before 11.0.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to lead to arbitrary code execution. oval:org.secpod.oval:def:42619 The host is missing a security update according to Apple advisory, APPLE-SA-2017-10-31-6. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:42618 The host is missing a security update according to Apple advisory, APPLE-SA-2017-10-31-5. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation allow attackers to perf ... oval:org.secpod.oval:def:42617 The host is installed with Apple Safari before 11.0.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to lead to arbitrary code execution. oval:org.secpod.oval:def:44916 The host is installed with Apple Safari before 11.0.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation may lead to arbitrary code execution. oval:org.secpod.oval:def:113634 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. oval:org.secpod.oval:def:113991 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. oval:org.secpod.oval:def:51986 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:113825 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. oval:org.secpod.oval:def:113612 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. oval:org.secpod.oval:def:113854 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. oval:org.secpod.oval:def:113936 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. oval:org.secpod.oval:def:703886 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:43212 The host is missing a security update according to Apple advisory, APPLE-SA-2017-12-13-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle maliciously crafted web content or client certificates. Successful exploitation c ... oval:org.secpod.oval:def:43213 The host is missing a security update according to apple advisory, APPLE-SA-2017-12-13-4. The update is required to fix multiple memory corruption vulnerabilities.The flaws are present in the application, which fails to properly handle maliciously crafted web content or client certificates. Successf ... oval:org.secpod.oval:def:703972 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:43587 The host is missing a security update according to apple advisory, APPLE-SA-2018-1-23-6. The update is required to fix multiple memory corruption vulnerabilities.The flaws are present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could al ... oval:org.secpod.oval:def:3497 The host is installed with Apple Safari before 4.0.5 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to handle user supplied input. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3492 The host is installed with Apple Safari before 4.0.5 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle a HTML document with improperly nested tags. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3486 The host is installed with Apple Safari before 5.0.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to sanitize user supplied input. Successful exploitation could allow attackers to crash the service. oval:org.mitre.oval:def:7587 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. oval:org.secpod.oval:def:14274 The host is missing an important security update according to Apple advisory, APPLE-SA-2009-11-11-1. The update is required to fix multiple vulnerabilities. The flaw is present in the application, which fails to handle a crafted application. Successful exploitation could allow attackers to crash the ... oval:org.secpod.oval:def:14890 The host is missing an important security update according to Apple advisory, APPLE-SA-2009-11-11-1. The update is required to fix multiple vulnerabilities. The flaw are present in the application, which fails to handle a crafted application. Successful exploitation could allow attackers to crash th ... oval:org.secpod.oval:def:46789 The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:44831 The host is missing a security update according to Apple advisory, APPLE-SA-2018-3-29-6. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly perform input validation. Successful exploitation could allow attackers to disclose sensi ... oval:org.secpod.oval:def:1800708 CVE-2017-5753 Versions affected: WebKitGTK+ before 2.18.5.Impact: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker via a side-channel analysis. This variant of the Spectre vulnerability triggers the spe ... oval:org.secpod.oval:def:6603 The host is missing an important security update according to Apple advisory, APPLE-SA-2012-07-25-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to disclos ... oval:org.secpod.oval:def:17340 The host is missing a security update according to APPLE-SA-2011-03-09-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application which fails to properly handle memory. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:2677 The host is missing a security update according to APPLE-SA-2011-03-09-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application which fails to properly handle memory. Successful exploitation allows remote attackers to execute arbitrary code. |