Lucene search

K

1435 matches found

CVE
CVE
added 2010/07/30 8:30 p.m.65 views

CVE-2010-1784

The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of servi...

9.3CVSS9.2AI score0.04924EPSS
CVE
CVE
added 2011/03/01 11:0 p.m.65 views

CVE-2011-1115

Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS8.7AI score0.02823EPSS
CVE
CVE
added 2012/03/05 7:55 p.m.65 views

CVE-2011-3032

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values.

6.8CVSS6.9AI score0.01573EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.65 views

CVE-2014-4459

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

6.8CVSS7.1AI score0.02966EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.65 views

CVE-2014-4476

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulne...

6.8CVSS5.3AI score0.00913EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.65 views

CVE-2015-3742

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.4AI score0.01081EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.65 views

CVE-2015-3745

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.5AI score0.00998EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.65 views

CVE-2015-3747

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.5AI score0.00998EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.65 views

CVE-2016-7652

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of ser...

8.8CVSS8.1AI score0.00728EPSS
CVE
CVE
added 2017/11/13 3:29 a.m.65 views

CVE-2017-13785

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.21364EPSS
CVE
CVE
added 2017/04/02 1:59 a.m.65 views

CVE-2017-2378

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and...

8.8CVSS8.4AI score0.00803EPSS
CVE
CVE
added 2017/04/02 1:59 a.m.65 views

CVE-2017-2392

An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

7.8CVSS7.4AI score0.00331EPSS
CVE
CVE
added 2017/05/22 5:29 a.m.65 views

CVE-2017-2528

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames.

6.1CVSS5.8AI score0.01328EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.65 views

CVE-2018-4089

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of ...

8.8CVSS7.5AI score0.02333EPSS
Web
CVE
CVE
added 2020/02/27 9:15 p.m.65 views

CVE-2020-3833

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.5. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS4.7AI score0.00351EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.65 views

CVE-2025-24180

The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.

8.1CVSS5.5AI score0.00027EPSS
CVE
CVE
added 2009/01/20 4:30 p.m.64 views

CVE-2008-5914

An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack....

2.1CVSS6.2AI score0.00232EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.64 views

CVE-2009-1687

The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption an...

9.3CVSS7.3AI score0.0736EPSS
CVE
CVE
added 2009/11/13 3:30 p.m.64 views

CVE-2009-2841

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers...

5CVSS6.8AI score0.03879EPSS
CVE
CVE
added 2009/11/13 3:30 p.m.64 views

CVE-2009-2842

Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.

4.3CVSS5.9AI score0.0083EPSS
CVE
CVE
added 2010/06/11 6:0 p.m.64 views

CVE-2010-1750

Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.

9.3CVSS7.6AI score0.05719EPSS
CVE
CVE
added 2011/07/21 11:55 p.m.64 views

CVE-2011-1288

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS
CVE
CVE
added 2011/03/25 7:55 p.m.64 views

CVE-2011-1295

WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via un...

7.5CVSS8.1AI score0.0229EPSS
CVE
CVE
added 2011/05/03 10:55 p.m.64 views

CVE-2011-1449

Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS8.6AI score0.0234EPSS
CVE
CVE
added 2011/08/29 3:55 p.m.64 views

CVE-2011-2827

Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.

7.5CVSS7AI score0.0229EPSS
CVE
CVE
added 2012/04/05 10:2 p.m.64 views

CVE-2011-3067

Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.

6.8CVSS6AI score0.00509EPSS
CVE
CVE
added 2012/04/05 10:2 p.m.64 views

CVE-2011-3069

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.

6.8CVSS6.9AI score0.02863EPSS
CVE
CVE
added 2012/04/05 10:2 p.m.64 views

CVE-2011-3073

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.

6.8CVSS6.9AI score0.02863EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.64 views

CVE-2015-3738

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.4AI score0.01081EPSS
CVE
CVE
added 2015/09/18 10:59 a.m.64 views

CVE-2015-5816

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-0...

6.8CVSS8.8AI score0.01538EPSS
CVE
CVE
added 2015/09/18 10:59 a.m.64 views

CVE-2015-5818

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-S...

6.8CVSS8.8AI score0.01009EPSS
CVE
CVE
added 2015/09/18 10:59 a.m.64 views

CVE-2015-5823

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-0...

6.8CVSS8.8AI score0.01538EPSS
CVE
CVE
added 2015/10/09 5:59 a.m.64 views

CVE-2015-5828

The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.

4.3CVSS7.8AI score0.00779EPSS
CVE
CVE
added 2016/05/20 11:0 a.m.64 views

CVE-2016-1857

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.

8.8CVSS8.4AI score0.01359EPSS
CVE
CVE
added 2016/09/25 11:0 a.m.64 views

CVE-2016-4769

WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

8.8CVSS8.9AI score0.00701EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.64 views

CVE-2017-7161

An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.

8.8CVSS7.2AI score0.00954EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.64 views

CVE-2018-4360

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

8.8CVSS8.1AI score0.00704EPSS
CVE
CVE
added 2022/09/20 9:15 p.m.64 views

CVE-2022-32861

A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address.

5.3CVSS5.8AI score0.00185EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.64 views

CVE-2025-31192

The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.

6.7CVSS5.3AI score0.00031EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.63 views

CVE-2009-1712

WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.

9.3CVSS7.4AI score0.04819EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.63 views

CVE-2009-1713

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.

7.1CVSS6.9AI score0.00861EPSS
CVE
CVE
added 2010/03/15 1:28 p.m.63 views

CVE-2010-0046

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.

9.3CVSS8.9AI score0.09029EPSS
CVE
CVE
added 2011/03/25 7:55 p.m.63 views

CVE-2011-1296

Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS8.7AI score0.0184EPSS
CVE
CVE
added 2012/03/05 7:55 p.m.63 views

CVE-2011-3034

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.

6.8CVSS6.9AI score0.02363EPSS
CVE
CVE
added 2012/03/30 10:55 p.m.63 views

CVE-2011-3064

Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.

7.5CVSS6.9AI score0.05944EPSS
CVE
CVE
added 2013/09/19 10:27 a.m.63 views

CVE-2013-1038

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.02313EPSS
CVE
CVE
added 2014/12/10 9:59 p.m.63 views

CVE-2014-4465

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.

5CVSS6.1AI score0.00977EPSS
CVE
CVE
added 2015/03/18 10:59 p.m.63 views

CVE-2015-1075

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.01021EPSS
CVE
CVE
added 2015/07/03 1:59 a.m.63 views

CVE-2015-3658

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypa...

6.8CVSS7.6AI score0.00273EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.63 views

CVE-2015-3743

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.5AI score0.00998EPSS
Total number of security vulnerabilities1435