Lucene search

K

792 matches found

CVE
CVE
added 2024/07/29 11:15 p.m.62 views

CVE-2024-40785

This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.

6.1CVSS5.3AI score0.00262EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.61 views

CVE-2011-1121

Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element.

7.5CVSS8.8AI score0.02823EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.61 views

CVE-2011-2857

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.

6.8CVSS7AI score0.02104EPSS
CVE
CVE
added 2012/03/05 7:55 p.m.61 views

CVE-2011-3039

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.

6.8CVSS6.9AI score0.02363EPSS
CVE
CVE
added 2012/03/05 7:55 p.m.61 views

CVE-2011-3041

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes.

6.8CVSS6.9AI score0.02363EPSS
CVE
CVE
added 2012/05/01 10:12 a.m.61 views

CVE-2011-3081

Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.

9.3CVSS6.9AI score0.07354EPSS
CVE
CVE
added 2011/12/13 9:55 p.m.61 views

CVE-2011-3908

Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.1AI score0.0234EPSS
CVE
CVE
added 2012/02/09 4:10 a.m.61 views

CVE-2011-3958

Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

6.8CVSS7AI score0.02292EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.61 views

CVE-2016-7578

An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbit...

8.8CVSS8.6AI score0.01303EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.61 views

CVE-2017-7005

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...

8.8CVSS8.6AI score0.04285EPSS
CVE
CVE
added 2017/07/20 4:29 p.m.61 views

CVE-2017-7060

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "Safari Printing" component. It allows remote attackers to cause a denial of service (excessive print dialogs) via a crafted web site.

6.5CVSS6.2AI score0.00582EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.61 views

CVE-2018-4137

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.

7.5CVSS6.7AI score0.00366EPSS
CVE
CVE
added 2007/04/24 4:19 p.m.60 views

CVE-2007-2175

Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointe...

7.6CVSS7.2AI score0.84873EPSS
CVE
CVE
added 2011/05/03 10:55 p.m.60 views

CVE-2011-1451

Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."

7.5CVSS8.7AI score0.02271EPSS
CVE
CVE
added 2012/03/05 7:55 p.m.60 views

CVE-2011-3037

Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

6.8CVSS6.7AI score0.02756EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.60 views

CVE-2011-3234

Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.02823EPSS
CVE
CVE
added 2016/02/01 11:59 a.m.60 views

CVE-2016-1727

WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.

9.3CVSS7.7AI score0.01025EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.60 views

CVE-2018-4269

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

8.6CVSS6.3AI score0.00305EPSS
CVE
CVE
added 2020/10/16 5:15 p.m.60 views

CVE-2020-9911

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy.

7.5CVSS7.2AI score0.00334EPSS
CVE
CVE
added 2024/07/29 11:15 p.m.60 views

CVE-2024-40817

The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to UI spoofing.

6.1CVSS5.9AI score0.00296EPSS
CVE
CVE
added 2011/03/11 2:1 a.m.59 views

CVE-2011-1188

Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5CVSS8.7AI score0.0323EPSS
CVE
CVE
added 2011/12/13 9:55 p.m.59 views

CVE-2011-3913

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling.

7.5CVSS7AI score0.0229EPSS
CVE
CVE
added 2012/01/24 4:3 a.m.59 views

CVE-2011-3928

Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.

7.5CVSS7AI score0.0234EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.59 views

CVE-2019-6204

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.

6.1CVSS5.9AI score0.00323EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.59 views

CVE-2024-44259

This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. An attacker may be able to misuse a trust relationship to download malicious content.

8.8CVSS6.4AI score0.00237EPSS
CVE
CVE
added 2025/07/30 12:15 a.m.59 views

CVE-2025-43227

This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information.

7.5CVSS5.3AI score0.00073EPSS
CVE
CVE
added 2011/06/29 5:55 p.m.58 views

CVE-2011-2351

Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.

6.8CVSS7AI score0.02007EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.58 views

CVE-2011-2797

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching.

6.8CVSS7AI score0.02007EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.58 views

CVE-2011-2846

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling.

6.8CVSS7AI score0.02104EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.58 views

CVE-2011-2854

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."

6.8CVSS7AI score0.0184EPSS
CVE
CVE
added 2012/04/05 10:2 p.m.58 views

CVE-2011-3075

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.

6.8CVSS6.9AI score0.02128EPSS
CVE
CVE
added 2012/04/05 10:2 p.m.58 views

CVE-2011-3076

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.

6.8CVSS6.9AI score0.02128EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.58 views

CVE-2016-4666

An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and appli...

8.8CVSS8.6AI score0.01084EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.58 views

CVE-2018-4274

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.

7.5CVSS7AI score0.0021EPSS
CVE
CVE
added 2020/10/16 5:15 p.m.58 views

CVE-2020-9903

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain.

7.5CVSS7.3AI score0.00098EPSS
CVE
CVE
added 2024/12/12 2:15 a.m.58 views

CVE-2024-44246

The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, Safari 18.2, iPadOS 17.7.3. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to ...

5.3CVSS5.6AI score0.00108EPSS
CVE
CVE
added 2025/01/27 10:15 p.m.58 views

CVE-2025-24128

The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS6AI score0.00077EPSS
CVE
CVE
added 2025/07/30 12:15 a.m.58 views

CVE-2025-43240

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. A download's origin may be incorrectly associated.

6.2CVSS5.5AI score0.00016EPSS
CVE
CVE
added 2025/07/30 12:15 a.m.58 views

CVE-2025-43265

An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may disclose internal states of the app.

4CVSS5.3AI score0.00016EPSS
CVE
CVE
added 2010/03/24 10:45 p.m.57 views

CVE-2010-1099

Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.

5CVSS6.5AI score0.00158EPSS
CVE
CVE
added 2011/03/11 2:1 a.m.57 views

CVE-2011-1204

Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.

6.8CVSS8.7AI score0.02435EPSS
CVE
CVE
added 2016/02/01 11:59 a.m.57 views

CVE-2016-1724

WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727.

8.8CVSS7.7AI score0.01025EPSS
CVE
CVE
added 2007/01/25 12:28 a.m.56 views

CVE-2007-0478

WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.

4.3CVSS4.7AI score0.0254EPSS
CVE
CVE
added 2010/09/07 6:0 p.m.56 views

CVE-2010-3257

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.

9.3CVSS9AI score0.12151EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.56 views

CVE-2011-1117

Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes."

7.5CVSS8.7AI score0.02823EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.56 views

CVE-2011-2790

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles.

6.8CVSS7AI score0.02007EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.56 views

CVE-2011-2855

Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."

6.8CVSS7.1AI score0.01647EPSS
CVE
CVE
added 2011/09/19 12:2 p.m.56 views

CVE-2011-2860

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.

7.5CVSS7AI score0.02121EPSS
CVE
CVE
added 2012/02/16 8:55 p.m.56 views

CVE-2011-3021

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.

7.5CVSS7AI score0.02774EPSS
CVE
CVE
added 2012/04/05 10:2 p.m.56 views

CVE-2011-3071

Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7AI score0.02863EPSS
Total number of security vulnerabilities792