Lucene search

K

792 matches found

CVE
CVE
added 2011/11/11 11:55 a.m.56 views

CVE-2011-3897

Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.

6.8CVSS6.9AI score0.02104EPSS
CVE
CVE
added 2012/01/24 4:3 a.m.56 views

CVE-2011-3926

Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7.5AI score0.02946EPSS
CVE
CVE
added 2012/02/09 4:10 a.m.56 views

CVE-2011-3968

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.

4.3CVSS7AI score0.01891EPSS
CVE
CVE
added 2012/02/09 4:10 a.m.56 views

CVE-2011-3971

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events.

6.8CVSS7AI score0.01964EPSS
CVE
CVE
added 2016/05/20 11:0 a.m.56 views

CVE-2016-1855

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857.

8.8CVSS8.4AI score0.01359EPSS
CVE
CVE
added 2017/05/22 5:29 a.m.56 views

CVE-2017-2499

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to execute arbitrary unsigned code or cause a denial of service (memory co...

7.8CVSS7.8AI score0.00262EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.56 views

CVE-2018-4102

An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.

6.5CVSS6.2AI score0.00527EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.56 views

CVE-2018-4440

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

4.3CVSS5.3AI score0.00344EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.56 views

CVE-2025-24192

A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a website may leak sensitive data.

6.5CVSS5.5AI score0.00036EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.56 views

CVE-2025-31238

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

7.3CVSS5.8AI score0.00095EPSS
CVE
CVE
added 2007/11/29 1:46 a.m.55 views

CVE-2007-6166

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.

9.3CVSS7.6AI score0.83919EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.55 views

CVE-2008-3950

Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breaka...

5CVSS6.1AI score0.0538EPSS
CVE
CVE
added 2010/08/24 8:0 p.m.55 views

CVE-2010-3116

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to impr...

10CVSS9.2AI score0.12275EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.55 views

CVE-2011-2788

Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.

6.8CVSS6.5AI score0.03148EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.55 views

CVE-2011-2792

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.

6.8CVSS7AI score0.02007EPSS
CVE
CVE
added 2012/02/16 8:55 p.m.55 views

CVE-2011-3027

Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

4.3CVSS6.8AI score0.01656EPSS
CVE
CVE
added 2012/04/05 10:2 p.m.55 views

CVE-2011-3074

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.

6.8CVSS6.9AI score0.02128EPSS
CVE
CVE
added 2011/10/25 7:55 p.m.55 views

CVE-2011-3885

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.

7.5CVSS7AI score0.02414EPSS
CVE
CVE
added 2012/02/09 4:10 a.m.55 views

CVE-2011-3969

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents.

6.8CVSS7AI score0.01964EPSS
CVE
CVE
added 2025/07/30 12:15 a.m.55 views

CVE-2025-31273

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to memory corruption.

8.8CVSS5.4AI score0.0005EPSS
CVE
CVE
added 2025/07/30 12:15 a.m.55 views

CVE-2025-43212

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

6.5CVSS5.4AI score0.00046EPSS
CVE
CVE
added 2025/07/30 12:15 a.m.55 views

CVE-2025-43216

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

6.5CVSS5.5AI score0.00046EPSS
CVE
CVE
added 2007/09/27 9:17 p.m.54 views

CVE-2007-3756

Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain.

4.3CVSS6.6AI score0.00991EPSS
CVE
CVE
added 2008/06/02 9:30 p.m.54 views

CVE-2008-1580

CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates...

4.3CVSS5.8AI score0.01429EPSS
CVE
CVE
added 2008/11/25 11:30 p.m.54 views

CVE-2008-4231

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

9.3CVSS7.8AI score0.07665EPSS
CVE
CVE
added 2009/03/23 2:19 p.m.54 views

CVE-2009-1042

Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.

9.3CVSS7.4AI score0.16499EPSS
CVE
CVE
added 2010/10/04 9:0 p.m.54 views

CVE-2010-1822

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-...

8.8CVSS8.7AI score0.02967EPSS
CVE
CVE
added 2010/09/07 6:0 p.m.54 views

CVE-2010-3259

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sens...

4.3CVSS7.8AI score0.00823EPSS
CVE
CVE
added 2011/03/11 2:1 a.m.54 views

CVE-2011-1190

The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

5CVSS8.2AI score0.00674EPSS
CVE
CVE
added 2012/03/22 4:55 p.m.54 views

CVE-2011-3050

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.

6.8CVSS6.9AI score0.05574EPSS
CVE
CVE
added 2012/03/30 10:55 p.m.54 views

CVE-2011-3059

Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

6.8CVSS6.1AI score0.02353EPSS
CVE
CVE
added 2012/02/09 4:10 a.m.54 views

CVE-2011-3966

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data.

7.5CVSS9.3AI score0.07118EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.54 views

CVE-2018-4116

An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.

6.5CVSS6.2AI score0.00217EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.54 views

CVE-2018-4205

An issue was discovered in certain Apple products. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.

6.5CVSS6.2AI score0.00506EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.54 views

CVE-2018-4474

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure.

7.5CVSS7.1AI score0.00862EPSS
CVE
CVE
added 2025/07/30 12:15 a.m.54 views

CVE-2025-43211

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing web content may lead to a denial-of-service.

6.2CVSS5.3AI score0.00017EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.53 views

CVE-2011-2805

Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors.

6.8CVSS6.5AI score0.00575EPSS
CVE
CVE
added 2011/10/04 8:55 p.m.53 views

CVE-2011-2877

Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font."

6.8CVSS7.1AI score0.01611EPSS
CVE
CVE
added 2012/03/12 9:55 p.m.53 views

CVE-2012-0647

WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

5CVSS6.2AI score0.00276EPSS
CVE
CVE
added 2011/10/25 7:55 p.m.52 views

CVE-2011-3887

Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.

5CVSS6.2AI score0.00515EPSS
CVE
CVE
added 2011/12/13 9:55 p.m.52 views

CVE-2011-3909

The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.

5CVSS6AI score0.0234EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.52 views

CVE-2016-1784

The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site.

6.5CVSS6.5AI score0.00943EPSS
CVE
CVE
added 2016/05/20 11:0 a.m.52 views

CVE-2016-1859

The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.3AI score0.00589EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.52 views

CVE-2016-4677

An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and appli...

8.8CVSS8.6AI score0.01084EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.52 views

CVE-2024-40857

This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting.

6.1CVSS5.7AI score0.00205EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.52 views

CVE-2024-44155

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy.

6.5CVSS5.4AI score0.00142EPSS
CVE
CVE
added 2025/07/30 12:15 a.m.52 views

CVE-2025-43228

The issue was addressed with improved UI. This issue is fixed in iOS 18.6 and iPadOS 18.6, Safari 18. 6. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS5.4AI score0.00027EPSS
CVE
CVE
added 2010/05/06 2:53 p.m.51 views

CVE-2010-1729

WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes sequences in an infinite loop.

4.3CVSS7.6AI score0.00643EPSS
CVE
CVE
added 2011/10/25 7:55 p.m.51 views

CVE-2011-2845

Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.

4.3CVSS6.1AI score0.0053EPSS
CVE
CVE
added 2012/01/24 4:3 a.m.51 views

CVE-2011-3924

Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.

7.5CVSS7AI score0.0234EPSS
Total number of security vulnerabilities792