Lucene search
K

45 matches found

Prion
Prion
added 2020/06/19 2:15 p.m.20 views

Cross site request forgery (csrf)

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks...

6.8CVSS8.5AI score0.00426EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/04/03 6:0 a.m.23 views

CVE-2018-4118

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attacker...

9.1AI score0.01949EPSS
Exploits0References8
NVD
NVD
added 2017/05/22 5:29 a.m.13 views

CVE-2017-2495

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service application crash via a crafted web site that improperly interacts with the histor...

6.5CVSS5.7AI score0.00884EPSS
Exploits0References4
Prion
Prion
added 2017/05/22 5:29 a.m.12 views

Code injection

An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site...

4.3CVSS5.4AI score0.00796EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/05/22 5:29 a.m.13 views

CVE-2017-2511

An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site...

6.5CVSS5.6AI score0.00796EPSS
Exploits0References2
Prion
Prion
added 2017/05/22 5:29 a.m.16 views

Code injection

An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site...

4.3CVSS3.9AI score0.00694EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/04/02 1:36 a.m.22 views

CVE-2017-2444

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of...

9AI score0.0196EPSS
Exploits0References6
Prion
Prion
added 2017/03/17 12:59 a.m.32 views

Remote code execution

The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site,...

7.6CVSS7.9AI score0.5047EPSS
Exploits1References4Affected Software4
NVD
NVD
added 2017/02/20 8:59 a.m.15 views

CVE-2016-7594

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ICU" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and...

8.8CVSS8.7AI score0.01751EPSS
Exploits0References5
Prion
Prion
added 2017/02/20 8:59 a.m.25 views

Code injection

An issue was discovered in certain Apple products. Safari before 10.0.3 is affected. The issue involves the "Safari" component, which allows remote attackers to spoof the address bar via a crafted web site...

4.3CVSS5.5AI score0.01335EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2016/10/14 1:0 a.m.22 views

CVE-2016-3385

The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."...

7.5AI score0.23027EPSS
Exploits0References4
Prion
Prion
added 2016/09/25 8:59 p.m.17 views

Design/Logic Flaw

browser/ui/cocoa/browserwindowcontrollerprivate.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service unsuppressed popup via a crafted web site...

4.3CVSS6.5AI score0.00867EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2016/09/25 10:59 a.m.15 views

Code injection

The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site...

4.3CVSS6.4AI score0.01195EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2016/09/14 10:0 a.m.28 views

CVE-2016-3295

Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."...

8AI score0.14985EPSS
Exploits0References5
Prion
Prion
added 2016/07/23 7:59 p.m.13 views

Design/Logic Flaw

content/renderer/historycontroller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site...

4.3CVSS6.3AI score0.012EPSS
Exploits0References15Affected Software1
Debian CVE
Debian CVE
added 2016/07/23 7:0 p.m.33 views

CVE-2016-1707

Removed by vendor...

6.5CVSS8.1AI score0.01178EPSS
Exploits1
Debian CVE
Debian CVE
added 2016/07/22 1:0 a.m.35 views

CVE-2016-4622

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624...

8.8CVSS8.6AI score0.18843EPSS
Exploits4
Cvelist
Cvelist
added 2016/03/09 11:0 a.m.35 views

CVE-2016-0130

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0129...

7.7AI score0.13354EPSS
Exploits0References3
Cvelist
Cvelist
added 2016/01/17 2:0 a.m.19 views

CVE-2015-4960

IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site...

4AI score0.00602EPSS
Exploits0References1
Prion
Prion
added 2015/08/14 10:59 a.m.19 views

Security feature bypass

Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass."...

4.3CVSS6.9AI score0.15564EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder