Lucene search

K

792 matches found

CVE
CVE
added 2022/12/15 7:15 p.m.74 views

CVE-2022-32833

An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history.

5.3CVSS6.2AI score0.00196EPSS
CVE
CVE
added 2024/07/29 11:15 p.m.74 views

CVE-2024-40794

This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without authentication.

5.3CVSS6AI score0.00092EPSS
CVE
CVE
added 2010/09/24 7:0 p.m.73 views

CVE-2010-1823

Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a ...

9.3CVSS9AI score0.02537EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.73 views

CVE-2011-1114

Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."

7.5CVSS8.7AI score0.02823EPSS
CVE
CVE
added 2017/11/13 3:29 a.m.73 views

CVE-2017-13783

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.21364EPSS
CVE
CVE
added 2017/11/13 3:29 a.m.73 views

CVE-2017-13784

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.21364EPSS
CVE
CVE
added 2017/11/13 3:29 a.m.73 views

CVE-2017-13788

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.01056EPSS
CVE
CVE
added 2011/02/10 7:0 p.m.72 views

CVE-2011-0981

Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS8.8AI score0.02239EPSS
CVE
CVE
added 2011/03/25 7:55 p.m.72 views

CVE-2011-1293

Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS8.6AI score0.01451EPSS
CVE
CVE
added 2012/03/22 4:55 p.m.72 views

CVE-2011-3056

Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."

6.8CVSS6AI score0.00892EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.72 views

CVE-2018-4311

The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

8.1CVSS7.6AI score0.00443EPSS
CVE
CVE
added 2011/03/11 2:1 a.m.71 views

CVE-2011-1203

Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS8.7AI score0.02103EPSS
CVE
CVE
added 2011/08/29 3:55 p.m.71 views

CVE-2011-2823

Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.

7.5CVSS7AI score0.0229EPSS
CVE
CVE
added 2012/03/05 7:55 p.m.71 views

CVE-2011-3038

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling.

6.8CVSS6.9AI score0.01173EPSS
CVE
CVE
added 2012/03/05 7:55 p.m.71 views

CVE-2011-3044

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.

6.8CVSS6.9AI score0.02363EPSS
CVE
CVE
added 2012/03/09 12:55 a.m.71 views

CVE-2011-3046

The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.

10CVSS6.3AI score0.04464EPSS
CVE
CVE
added 2016/09/25 10:59 a.m.71 views

CVE-2016-4730

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.

9.3CVSS8.3AI score0.08398EPSS
CVE
CVE
added 2017/11/13 3:29 a.m.71 views

CVE-2017-13793

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS8.7AI score0.01056EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.71 views

CVE-2018-4377

A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

6.1CVSS6AI score0.0054EPSS
CVE
CVE
added 2025/05/19 4:15 p.m.71 views

CVE-2025-24189

The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption.

8.8CVSS5.5AI score0.00037EPSS
CVE
CVE
added 2025/05/29 10:15 p.m.71 views

CVE-2025-30466

This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy.

9.8CVSS5.8AI score0.00019EPSS
CVE
CVE
added 2020/02/03 6:15 p.m.70 views

CVE-2016-4676

A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.

7.5CVSS6.7AI score0.01783EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.70 views

CVE-2017-2492

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers pr...

6.1CVSS5.7AI score0.00312EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.70 views

CVE-2023-40417

A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.

5.4CVSS5.8AI score0.00302EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.69 views

CVE-2011-1109

Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS8.7AI score0.02321EPSS
CVE
CVE
added 2012/05/01 10:12 a.m.69 views

CVE-2011-3078

Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.

6.8CVSS6.9AI score0.07354EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.69 views

CVE-2018-4096

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affect...

8.8CVSS7.6AI score0.00673EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.69 views

CVE-2018-4133

An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "WebKit" component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

6.1CVSS5.7AI score0.00501EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.69 views

CVE-2019-8562

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows. A sandboxed process may be able to circumvent sandbox restrictions.

9.6CVSS8AI score0.00475EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.69 views

CVE-2019-8570

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, iCloud for Windows 7.10, iTunes 12.9.3 for Windows, Safari 12.0.3, tvOS 12.1.2. Processing maliciously crafted web content may disclose sensitive user information.

6.5CVSS6.3AI score0.00478EPSS
CVE
CVE
added 2020/12/08 8:15 p.m.69 views

CVE-2020-9987

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS5.1AI score0.00284EPSS
CVE
CVE
added 2024/01/23 1:15 a.m.69 views

CVE-2024-23211

A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings.

3.3CVSS4.5AI score0.00025EPSS
CVE
CVE
added 2024/06/10 9:15 p.m.69 views

CVE-2024-27844

The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5. A website's permission dialog may persist after navigation away from the site.

9.1CVSS5.9AI score0.00114EPSS
CVE
CVE
added 2007/06/12 10:30 p.m.68 views

CVE-2007-3186

Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.

9.3CVSS7.2AI score0.08926EPSS
CVE
CVE
added 2010/03/15 2:15 p.m.68 views

CVE-2010-0050

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.

9.3CVSS8.6AI score0.45126EPSS
CVE
CVE
added 2012/03/05 7:55 p.m.68 views

CVE-2011-3043

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements.

6.8CVSS6.9AI score0.02363EPSS
CVE
CVE
added 2016/09/25 10:59 a.m.68 views

CVE-2016-4728

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.

8.8CVSS8.4AI score0.01042EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.68 views

CVE-2018-4409

A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

6.5CVSS6.6AI score0.00439EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.68 views

CVE-2019-8638

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS9.1AI score0.00758EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.68 views

CVE-2019-8639

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS9.1AI score0.00758EPSS
CVE
CVE
added 2022/09/20 9:15 p.m.68 views

CVE-2022-32863

A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code execution.

9.8CVSS9.1AI score0.00472EPSS
CVE
CVE
added 2024/06/10 9:15 p.m.68 views

CVE-2024-27850

This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user.

6.5CVSS6.1AI score0.00171EPSS
CVE
CVE
added 2025/01/27 10:15 p.m.68 views

CVE-2025-24169

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.3, Safari 18.3. A malicious app may be able to bypass browser extension authentication.

7.5CVSS5.8AI score0.00102EPSS
CVE
CVE
added 2011/08/09 7:55 p.m.67 views

CVE-2008-7296

Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains...

5.8CVSS6.1AI score0.00435EPSS
CVE
CVE
added 2011/02/10 7:0 p.m.67 views

CVE-2011-0983

Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS8.7AI score0.01845EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.67 views

CVE-2011-2359

Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

6.8CVSS7AI score0.03596EPSS
CVE
CVE
added 2012/03/30 10:55 p.m.67 views

CVE-2011-3060

Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

6.8CVSS6.1AI score0.02353EPSS
CVE
CVE
added 2017/11/13 3:29 a.m.67 views

CVE-2017-13796

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.21364EPSS
CVE
CVE
added 2017/11/13 3:29 a.m.67 views

CVE-2017-13802

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.21364EPSS
CVE
CVE
added 2017/04/02 1:59 a.m.67 views

CVE-2017-2463

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to...

8.8CVSS8.6AI score0.00723EPSS
Total number of security vulnerabilities792