Lucene search

K

792 matches found

CVE
CVE
added 2017/05/22 5:29 a.m.67 views

CVE-2017-2505

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and app...

8.8CVSS8AI score0.00958EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.67 views

CVE-2017-7071

An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

8.8CVSS8.8AI score0.00887EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.67 views

CVE-2019-8556

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.7AI score0.00758EPSS
CVE
CVE
added 2020/10/27 9:15 p.m.67 views

CVE-2020-3852

A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL scheme may be incorrectly ignored when determining multimedia permission for a website.

5.3CVSS5.7AI score0.00284EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.67 views

CVE-2025-30467

The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS5.6AI score0.00029EPSS
CVE
CVE
added 2009/01/20 4:30 p.m.66 views

CVE-2008-5914

An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack....

2.1CVSS6.2AI score0.00232EPSS
CVE
CVE
added 2012/02/16 8:55 p.m.66 views

CVE-2011-3016

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.

6.8CVSS7AI score0.01955EPSS
CVE
CVE
added 2012/03/05 7:55 p.m.66 views

CVE-2011-3036

Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

6.8CVSS6.7AI score0.02756EPSS
CVE
CVE
added 2012/03/05 7:55 p.m.66 views

CVE-2011-3042

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections.

6.8CVSS6.9AI score0.02363EPSS
CVE
CVE
added 2012/03/22 4:55 p.m.66 views

CVE-2011-3053

Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.

6.8CVSS6.9AI score0.04448EPSS
CVE
CVE
added 2016/05/20 11:0 a.m.66 views

CVE-2016-1856

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857.

8.8CVSS8.4AI score0.01359EPSS
CVE
CVE
added 2017/11/13 3:29 a.m.66 views

CVE-2017-13797

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS8.7AI score0.1598EPSS
CVE
CVE
added 2020/04/01 6:15 p.m.66 views

CVE-2020-9784

A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings.

4.3CVSS5.4AI score0.00255EPSS
CVE
CVE
added 2024/06/10 9:15 p.m.66 views

CVE-2024-27830

This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.

6.5CVSS5.8AI score0.00224EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.66 views

CVE-2025-30425

This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode.

4.3CVSS5.7AI score0.00039EPSS
CVE
CVE
added 2025/07/30 12:15 a.m.66 views

CVE-2025-31278

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.

8.8CVSS5.4AI score0.0005EPSS
CVE
CVE
added 2008/06/03 3:32 p.m.65 views

CVE-2008-2540

Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allow...

9.3CVSS7.3AI score0.47836EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.65 views

CVE-2011-1115

Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS8.7AI score0.02823EPSS
CVE
CVE
added 2011/05/03 10:55 p.m.65 views

CVE-2011-1449

Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS8.6AI score0.0234EPSS
CVE
CVE
added 2011/08/29 3:55 p.m.65 views

CVE-2011-2827

Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.

7.5CVSS7AI score0.0229EPSS
CVE
CVE
added 2012/03/05 7:55 p.m.65 views

CVE-2011-3032

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values.

6.8CVSS6.9AI score0.01573EPSS
CVE
CVE
added 2017/11/13 3:29 a.m.65 views

CVE-2017-13785

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.21364EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.65 views

CVE-2017-7161

An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.

8.8CVSS7.2AI score0.00954EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.65 views

CVE-2018-4089

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of ...

8.8CVSS7.5AI score0.02333EPSS
CVE
CVE
added 2020/02/27 9:15 p.m.65 views

CVE-2020-3833

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.5. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS4.7AI score0.00351EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.65 views

CVE-2025-24180

The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.

8.1CVSS5.5AI score0.00035EPSS
CVE
CVE
added 2011/03/25 7:55 p.m.64 views

CVE-2011-1295

WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via un...

7.5CVSS8.1AI score0.0229EPSS
CVE
CVE
added 2012/03/30 10:55 p.m.64 views

CVE-2011-3064

Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.

7.5CVSS6.9AI score0.05944EPSS
CVE
CVE
added 2012/04/05 10:2 p.m.64 views

CVE-2011-3067

Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.

6.8CVSS6AI score0.00509EPSS
CVE
CVE
added 2012/04/05 10:2 p.m.64 views

CVE-2011-3069

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.

6.8CVSS6.9AI score0.02863EPSS
CVE
CVE
added 2012/04/05 10:2 p.m.64 views

CVE-2011-3073

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.

6.8CVSS6.9AI score0.02863EPSS
CVE
CVE
added 2016/05/20 11:0 a.m.64 views

CVE-2016-1857

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.

8.8CVSS8.4AI score0.01359EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.64 views

CVE-2018-4360

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

8.8CVSS8.1AI score0.00704EPSS
CVE
CVE
added 2022/09/20 9:15 p.m.64 views

CVE-2022-32861

A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address.

5.3CVSS5.8AI score0.00254EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.64 views

CVE-2025-31192

The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.

6.7CVSS5.3AI score0.00037EPSS
CVE
CVE
added 2011/03/25 7:55 p.m.63 views

CVE-2011-1296

Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS8.7AI score0.0184EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.63 views

CVE-2011-2818

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.

6.8CVSS6.9AI score0.02962EPSS
CVE
CVE
added 2012/03/05 7:55 p.m.63 views

CVE-2011-3034

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.

6.8CVSS6.9AI score0.02363EPSS
CVE
CVE
added 2011/10/25 7:55 p.m.63 views

CVE-2011-3888

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.

6.8CVSS7AI score0.02104EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.63 views

CVE-2025-31184

This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network.

7.8CVSS5.8AI score0.00018EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.62 views

CVE-2011-2800

Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.

4.3CVSS5.5AI score0.01071EPSS
CVE
CVE
added 2011/08/29 3:55 p.m.62 views

CVE-2011-2825

Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.

9.3CVSS7AI score0.03935EPSS
CVE
CVE
added 2012/03/05 7:55 p.m.62 views

CVE-2011-3035

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.

6.8CVSS6.9AI score0.02363EPSS
CVE
CVE
added 2011/10/25 7:55 p.m.62 views

CVE-2011-3881

WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedProperty...

4.3CVSS5.4AI score0.00502EPSS
CVE
CVE
added 2016/09/25 10:59 a.m.62 views

CVE-2016-4737

WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.3CVSS9.1AI score0.01841EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.62 views

CVE-2018-4271

Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

6.5CVSS7.4AI score0.00737EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.62 views

CVE-2018-4307

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.

4.3CVSS5.2AI score0.00218EPSS
CVE
CVE
added 2019/03/05 4:29 p.m.62 views

CVE-2019-6228

A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack.

6.1CVSS5.8AI score0.00333EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.62 views

CVE-2019-8505

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.

6.1CVSS5.9AI score0.00323EPSS
CVE
CVE
added 2024/01/10 10:15 p.m.62 views

CVE-2023-42872

The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data.

5.5CVSS5AI score0.00062EPSS
Total number of security vulnerabilities792