30 matches found
CVE-2026-20636
CVE-2026-20636 is a memory-handling issue in the WebKit/Web content processing path that may lead to an unexpected process crash when processing malicious web content. According to the CVE entry, the vulnerability is fixed in Safari 26.3, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3...
EUVD-2004-0538
Malware in sbrugna...
EUVD-2004-0485
Malware in sbrugna...
EUVD-2004-0092
Malware in sbrugna...
SUSE CVE-2015-3742
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVE...
Cross site scripting
useroidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this...
Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities
Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below - CVE-2022-32893 - An out-of-bounds write issue in WebKit which could lead to th...
Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit
As if the Log4Shell hellscape wasn’t already driving everybody starkers, it’s time to update iOS 15.2 and a crop of other Apple iGadgets, lest your iPhone get taken over by a malicious app that executes arbitrary code with kernel privileges. To paraphrase one mobile security expert, the iOS 15.2...
Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years
Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today. The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered...
WebKit Memory Misreference Vulnerability in Multiple Apple Products (CNVD-2018-20999)
Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser shipped with the Mac OS X and iOS operating systems. iTunes for Windows is a media player and application for the Windows platform. WebKit is one of the web browser engine components...
CVE-2018-4137
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement...
Apple iOS and Safari WebKit Memory Corruption Vulnerability (CNVD-2017-07606)
Apple iOS and Safari are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; WebKit is an open-source web browser engine developed by KDE, Apple, Google,...
The vulnerability of the iOS operating system and the Safari browser allows a perpetrator to trigger a service failure or execute arbitrary code.
The vulnerability of the WebKit component of the iOS operating system and the Safari browser arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure memory corruption,...
Apple Safari 2.0.4 JavaScript Regular Expression Match Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/21053/info Apple Safari web browser is prone to a denial-of-service vulnerability when executing certain JavaScript code. An attacker can exploit this issue to crash an affected browser. Presumably, this issue may also...
Apple Mac OS X 10.3.x Help Protocol Remote Code Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10356/info It has been reported that Mac OS X may be prone to a vulnerability that could allow a remote attacker to execute arbitrary script code on a vulnerable system. The issue presents itself due to the 'help:' protoc...
Apple Safari 6.0.2 (OS X) file:// Multiple Vulnerabilities
The Safari web browser allows documents opened with the file:// schema to use JavaScript in a way that can be used for malicious purposes, such as stealing information about the target user from websites such as social networks, modifying the contents of a window to other websites but keeping the...
Safari 4.0.3 / 4.0.4 Stack Exhaustion
a="var b="";while1b=b+b;document.writeb;"; while1 a=a+a; document.writea; //Written by: Fredrik Nordberg Almroth //URL: http://h.ackack.net/ //Affected: Safari 4.0.3 & 4.0.4 - Other versions might be vulnerable aswell. //Note: The error seem lay in the window.location property, when called...
Netragard Security Advisory 2009-12-19
Advisory Summary ----------------------------------------------------------------------- Advisory Author : Adriel T. Desautels Researcher : Kevin Finisterre Advisory ID : NETRAGARD-20091219 Product Name : Mac OS X Java Runtime Product Version : Java for Mac OS X 10.6 Update 1 Vendor Name :...
Apple Safari RSS Feed Information Disclosure Vulnerability
The host is running Apple Safari web browser which is prone to remote file access vulnerability. OpenVAS Vulnerability Test $Id: gbapplesafariinfodiscvuln.nasl 4865 2016-12-28 16:16:43Z teissa $ Apple Safari RSS Feed Information Disclosure Vulnerability Authors: Nikita MR Copyright: Copyright c...
Apple Safari RSS Feed Information Disclosure Vulnerability
Apple Safari web browser is prone to remote file access vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...