79 matches found
macOS : Apple Safari < 10.0.3 Multiple Vulnerabilities
The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 10.0.3. It is, therefore, affected by multiple vulnerabilities : - A prototype access flaw exists in WebKit when handling exceptions. An unauthenticated, remote attacker can exploit this, via specially crafted...
Chrome Address Bar URL Spoofing on IOS
来源链接: http://xlab.tencent.com/cn/2016/10/11/CVE-2016-1707-Chrome-Address-Bar-URL-Spoofing-on-IOS/ (英文版)http://xisigr.com/x/cve-2016-1707/ 0x00 Vulnerability Overview Chrome浏览器地址栏欺骗漏洞CVE-2016-1707,这个漏洞笔者于2016年6月报告给Google,现在把漏洞细节分享给大家。URL Spoofing漏洞可以伪造一个合法的网站地址。攻击者可以利用这个漏洞对用户发起网络钓鱼攻击。 受影响版本:Chrome...
Memory Corruption Vulnerability in Multiple Apple Products (CNVD-2016-05667)
Apple iOS, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices. safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems. tvOS is an operating system for smart TVs. webKit Page Loading is a WebKit...
Cross-Site Scripting Vulnerability in Multiple Apple Products
Apple iOS, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices. safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems. tvOS is an operating system for smart TVs. webKit Page Loading is a WebKit...
UBUNTU-CVE-2016-4584
The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site...
CVE-2016-4585
Cross-site scripting XSS vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari...
Apple TV < 9.2.2 Multiple Vulnerabilities
According to its banner, the version of the remote Apple TV device is prior to 9.2.2. It is, therefore, affected by multiple vulnerabilities in the following components : - CoreGraphics - ImageIO - IOAcceleratorFamily - IOHIDFamily - Kernel - libxml2 - libxslt - Sandbox Profiles - WebKit - WebKit...
UBUNTU-CVE-2016-4585
Cross-site scripting XSS vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari...
Mac OS X : Apple Safari < 9.1.2 Multiple Vulnerabilities
The version of Apple Safari installed on the remote Mac OS X host is prior to 9.1.2. It is, therefore, affected by multiple vulnerabilities, the most serious of which can result in remote code execution, in the following components : - WebKit - WebKit JavaScript Bindings - WebKit Page Loading C...
The vulnerability of Safari browser and iOS operating system allows attackers to obtain confidential information or circumvent existing access control policies.
The vulnerability of the Page Loading component implemented in WebKit of the Safari browser and the iOS operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to circumvent existing access restrictions or obtain confidenti...
The vulnerability of the iOS operating system and the Safari browser allows a hacker to replace the displayed URL address, circumvent existing access restrictions, and obtain confidential information.
The vulnerability of the Page Loading component implemented in WebKit of the iOS operating system and the Safari browser is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to replace the displayed URL address, circumvent existing access...
CVE-2016-1786
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx aka redirection status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted...
CVE-2016-1786
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx aka redirection status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted...
CVE-2016-1785
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...
Design/Logic Flaw
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...
CVE-2016-1785
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...
UBUNTU-CVE-2016-1786
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx aka redirection status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted...
UBUNTU-CVE-2016-1785
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...
Design/Logic Flaw
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx aka redirection status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted...
CVE-2016-1785
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...