21 matches found
CVE-2025-43518
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3. An app may be able to inappropriately access files through the spellcheck API...
CVE-2025-43518
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, watchOS 26.2. An app may be able to inappropriately access files through the spellcheck API...
CVE-2025-43518
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3. An app may be able to inappropriately access files through the spellcheck API...
CVE-2025-43518
CVE-2025-43518 is a logic-issue vulnerability fixed in multiple Apple platforms. The flaw allows an app to potentially inappropriately access files via the spellcheck API. Affected products include watchOS 26.2; macOS Sonoma 14.8.3; macOS Tahoe 26.2; iOS 26.2 and iPadOS 26.2; macOS Sequoia 15.7.3...
PT-2025-51012
CVE-2025-43518 A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to inappropriately access files… https://t.co/CiUXjJLsoN...
EUVD-2015-1404
Malware in sbrugna...
EUVD-2015-1429
Malware in sbrugna...
SUSE CVE-2015-1263
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...
SUSE CVE-2015-1288
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...
Google Chrome Spellcheck API Man-in-the-Middle Attack Vulnerability
Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the implementation of the Spellcheck API in versions of Google Chrome prior to 44.0.2403.89, which stems from the program failing to download the Hunspell directory using an HTTPS...
CVE-2015-1288
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...
UBUNTU-CVE-2015-1288
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...
CVE-2015-1288
Removed by vendor...
CVE-2015-1288
CVE-2015-1288 affects Google Chrome’s Spellcheck API: the Hunspell dictionary was downloaded without HTTPS, enabling potential MITM manipulation of spelling suggestions. Affected code path: downloading Hunspell dictionaries over plain HTTP. Impact, as stated, includes possible incorrect spelling ...
chromium: multiple issues
CVE-2015-1251 arbitrary code execution Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem allows remote attackers to execute arbitrary code via a crafted document. - CVE-2015-1252 sandbox protection bypass It has been discovered that...
UBUNTU-CVE-2015-1263
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...
Design/Logic Flaw
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...
CVE-2015-1263
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...
CVE-2015-1263
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...
CVE-2015-1263
Removed by vendor...