258 matches found
CVE-2017-13870
CVE-2017-13870 affects Apple WebKit across multiple platforms (iOS prior to 11.2, Safari prior to 11.0.2, tvOS prior to 11.2, iCloud/ iTunes on Windows) with memory-corruption issues in WebKit that could allow arbitrary code execution or cause a crash via a crafted web site. The public documents ...
CVE-2011-2813
The CVE-2011-2813 entry corresponds to a WebKit/WebKit-based component used by Apple iTunes prior to version 10.5. The vulnerability allows MITM attackers to trigger memory corruption and an application crash, potentially enabling arbitrary code execution or a denial of service via iTunes Store b...
CVE-2017-13856
Summary: CVE-2017-13856 concerns Apple WebKit in iOS, Safari, tvOS, iCloud/iTunes components. The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site, due to memory corruption in WebKit. Affected products include iOS before 11.2, Safari befo...
CVE-2017-13866
CVE-2017-13866 affects Apple WebKit across multiple Apple platforms (iOS <11.2, Safari <11.0.2, tvOS <11.2, iCloud for Windows <7.2, iTunes for Windows
CVE-2017-7061
CVE-2017-7061 concerns WebKit in multiple Apple platforms (iOS, macOS Safari, tvOS, WebKitGTK+), with memory corruption and DOMParser handling issues that could allow arbitrary code execution or cross-origin data leakage when processing malicious web content. Public advisories link this to severa...
CVE-2017-7156
CVE-2017-7156 affects WebKit in Apple platforms: iOS <11.2, Safari <11.0.2, tvOS <11.2, iCloud for Windows 7.2, and iTunes for Windows
CVE-2017-7037
CVE-2017-7037 affects WebKit in multiple Apple platforms (iOS before 10.3.3, Safari before 10.1.2, tvOS before 10.2.2, iCloud/iTunes on Windows). Root issue: memory handling/processing of malicious web content in WebKit could allow arbitrary code execution or cross-origin data leakage when handli...
CVE-2017-7056
CVE-2017-7056 is a WebKit issue affecting multiple Apple platforms (iOS, macOS, Apple TV, Windows iCloud/iTunes components in related feeds) where an attacker-controlled website could exfiltrate cross-origin data by abusing SVG filters in a crafted web page. Descriptions in the connected docs ind...
CVE-2017-7157
CVE-2017-7157 affects WebKit components across Apple devices (iOS, Safari, tvOS, iCloud/iTunes on Windows). The root issue is multiple memory corruption vulnerabilities in WebKit that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. Affec...
CVE-2017-7049
CVE-2017-7049 affects Apple products via the WebKit component. A crafted web site may allow remote attackers to execute arbitrary code or cause memory corruption leading to a denial of service. Affected: iOS < 10.3.3; Safari < 10.1.2; iCloud on Windows < 6.2.2; iTunes on Windows < 12....
CVE-2016-4589
CVE-2016-4589 affects WebKit in Apple iOS prior to 9.3.3, Safari prior to 9.1.2, and tvOS prior to 9.2.2. The vulnerability allows a remote attacker to execute arbitrary code or cause a memory corruption-based denial of service via a crafted website. Root cause details are not expanded beyond mem...
CVE-2017-7048
CVE-2017-7048 affects WebKit components across Apple products (iOS 10.x, Safari 10.x, tvOS 10.x, iCloud/iTunes on Windows) and WebKitGTK+ before 2.16.6. In Apple products, the issue is described as memory corruption leading to remote code execution or a crash via a crafted web site; WebKitGTK+ re...
CVE-2010-3804
CVE-2010-3804 concerns the JavaScript RNG in WebKit used by Apple Safari, where a weak random-number generation algorithm makes it easier to track a user by predicting values. Affected are Safari before 5.0.3 on Mac OS X 10.5–10.6 and Windows, and before 4.1.3 on Mac OS X 10.4. Root cause is the ...
CVE-2016-4590
CVE-2016-4590 affects WebKit in iOS prior to 9.3.3 and Safari prior to 9.1.2, enabling a remote SOP bypass through crafted about: URLs. Apple advisories HT206902 and HT206900 list the WebKit-related fixes and associated CVEs (including 4590) and confirm remediation via updates to iOS Safari (iOS ...
CVE-2017-7039
CVE-2017-7039 is a WebKit vulnerability affecting Apple WebKit-based products (iOS Safari, macOS Safari, tvOS, etc.). The issue arises from memory corruption in WebKit when processing maliciously crafted web content, allowing a remote attacker to execute arbitrary code or cause a memory corruptio...
CVE-2017-7041
CVE-2017-7041 affects WebKit in multiple Apple platforms: iOS before 10.3.3, Safari before 10.1.2, iCloud on Windows before 6.2.2, iTunes on Windows before 12.6.2, and tvOS before 10.2.2. The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service by visiting...
CVE-2017-7038
CVE-2017-7038 is a WebKit/DOMParser vulnerability affecting Apple platforms. A logic issue in the DOMParser handling could allow cross‑site scripting when processing malicious web content. Affected: iOS prior to 10.3.3, Safari prior to 10.1.2, and tvOS prior to 10.2.2. Mitigation: upgrade to iOS ...
CVE-2017-7034
CVE-2017-7034 concerns WebKit/WebKitGTK+ components used in Apple platforms and WebKitGTK+ on Linux. The issue is described as memory corruption during processing of maliciously crafted web content, enabling arbitrary code execution on affected systems and potentially memory corruption leading to...
CVE-2017-7055
CVE-2017-7055 affects WebKit components in Apple software (iOS Safari, macOS Safari, WebKitGTK+ for Linux) with a memory-corruption/related issue that could allow remote code execution or memory corruption via a crafted web site. Public records show multiple related CVEs in WebKit/GTK ports aroun...
CVE-2017-7006
CVE-2017-7006 affects Apple WebKit components used in iOS, Safari, and tvOS prior to patches (iOS 10.3.3, Safari 10.1.2, tvOS 10.2.2). The issue is a timing side-channel vulnerability that allows a remote attacker to bypass the Same Origin Policy and exfiltrate cross-origin data via a crafted web...
CVE-2017-7160
CVE-2017-7160 affects Apple products with the WebKit engine (iOS <11.2, Safari <11.0.2, tvOS
CVE-2017-7046
CVE-2017-7046 affects WebKit components in Apple products (iOS, Safari, tvOS, iCloud/iTunes on Windows). The issue is described as memory corruption that can be triggered by processing crafted web content, leading to remote arbitrary code execution or a crash. The Apple advisories confirm affecte...
CVE-2011-0255
CVE-2011-0255 affects WebKit as used by Apple Safari prior to 5.0.6. The issue is a memory corruption vulnerability in WebKit that can be exploited by a crafted website to run arbitrary code or cause a denial of service (crash). Root cause: memory corruption in WebKit components exposed via malic...
CVE-2017-13792
CVE-2017-13792 is a WebKit use-after-free/memory corruption issue that could allow remote code execution or a memory corruption crash via a crafted web page. Affected products per Apple advisories: iOS before 11.1, Safari before 11.0.1, iCloud on Windows, iTunes 12.7.1 for Windows, and tvOS befor...
CVE-2017-7018
CVE-2017-7018 affects WebKit in Apple platforms (iOS before 10.3.3, Safari before 10.1.2, tvOS before 10.2.2; iCloud/iTunes on Windows) and can be triggered by processing malicious web content to cause arbitrary code execution or memory corruption leading to a crash. Connected documents indicate ...
CVE-2017-7052
CVE-2017-7052 affects Apple’s WebKit-based stack across multiple Apple platforms: iOS <10.3.3, Safari <10.1.2, iCloud on Windows <6.2.2, iTunes on Windows <12.6.2, and tvOS
CVE-2017-13794
CVE-2017-13794 relates to WebKit/WebKitGTK+ vulnerabilities discovered in 2017. Multiple memory-corruption issues in WebKit allow remote attackers to execute arbitrary code or cause a denial of service when a user visits crafted web content. Affected products include WebKitGTK+ (Linux distributio...
CVE-2017-7019
CVE-2017-7019 affects WebKit Page Loading in multiple Apple platforms (iOS <10.3.3, Safari <10.1.2, tvOS
CVE-2017-13784
CVE-2017-13784 affects Apple WebKit in multiple products (iOS <11.1, Safari <11.0.1, iCloud for Windows <7.1, iTunes for Windows <12.7.1, tvOS
CVE-2017-13791
CVE-2017-13791 is a WebKit use-after-free remote code execution issue disclosed in Apple advisories. It affected iOS before 11.1, Safari before 11.0.1, tvOS before 11.1, and Windows components (iTunes 12.7.1, iCloud 7.1) via crafted web content. An exploit exists (Exploit-DB: 43176). Patches were...
CVE-2016-4591
CVE-2016-4591 is a WebKit flaw affecting Apple platforms: WebKit in iOS prior to 9.3.3, Safari prior to 9.1.2, and tvOS prior to 9.2.2 mishandles the location variable, enabling remote attackers to access the local filesystem via unspecified vectors. Public documentation in Apple security notes a...
CVE-2017-13798
CVE-2017-13798 affects WebKit components in several Apple platforms (iOS, Safari, tvOS, iCloud/iTunes) prior to their 11.1/11.0.1 updates. The issue enables remote code execution or a memory-corruption-based denial of service via crafted web content, as described by Apple’s security notes for iOS...
CVE-2017-7030
CVE-2017-7030 affects WebKit components across Apple platforms (iOS Safari, tvOS, Windows iCloud/iTunes) and WebKitGTK+ ecosystems. The issue is a memory corruption/misdirected processing vulnerability in WebKit that can allow arbitrary code execution or memory corruption when visiting a crafted ...
CVE-2017-13803
CVE-2017-13803 concerns WebKit in multiple Apple OS components (iOS <11.1, Safari <11.0.1, tvOS
CVE-2017-7042
CVE-2017-7042 involves WebKit in Apple ecosystem (iOS < 10.3.3, Safari < 10.1.2, iCloud on Windows < 6.2.2, iTunes on Windows < 12.6.2, tvOS
CVE-2010-3812
CVE-2010-3812 : Integer overflow in WebKit’s Text::wholeText (dom/Text.cpp) allows remote code execution or crash via Text objects. Affected: Safari before 5.0.3 on OS X 10.5–10.6 and Windows; Safari before 4.1.3 on OS X 10.4; webkitgtk prior to 1.2.6; possibly other products. Connected advisorie...
CVE-2017-13793
CVE-2017-13793 concerns WebKit in Apple products (iOS<11.1, Safari<11.0.1, iCloud on Windows, iTunes on Windows, tvOS
CVE-2017-13795
CVE-2017-13795 affects Apple WebKit across multiple platforms (iOS, Safari, tvOS, iCloud/Windows, iTunes for Windows). Root issue is memory corruption in WebKit leading to remote code execution or memory-based DoS when processing crafted web content. Affected versions include iOS before 11.1, Saf...
CVE-2010-1419
CVE-2010-1419 describes a use-after-free in WebKit used by Apple Safari on Windows and macOS (Safari before 5.0 on Mac OS X 10.5–10.6 and Windows; before 4.1 on Mac OS X 10.4). The flaw can be triggered by a window close action during a drag-and-drop operation, allowing a user‑assisted remote att...
CVE-2011-1425
XML Security Library (xmlsec) prior to 1.2.17 with XSLT enabled is vulnerable: during signature verification, using the libxslt output extension and a ds:Transform element can cause an attacker to create or overwrite arbitrary files. This is triggered by the XSLT processing path and affects produ...
CVE-2010-0651
WebKit vulnerability CVE-2010-0651: WebKit before r52784 (used in Google Chrome < 4.0.249.78 and Apple Safari
CVE-2017-13788
CVE-2017-13788 affects Apple WebKit so that processing malicious web content could lead to arbitrary code execution or memory corruption on Apple devices. The Apple advisories correlate this with WebKit issues addressed in iOS 11.1 (and Safari 11.0.1) and tvOS 11.1, with WebKit memory-corruption ...
CVE-2011-1290
CVE-2011-1290 refers to an integer overflow in WebKit used by the BlackBerry Torch 9800 (firmware 6.0.0.246), Google Chrome prior to 10.0.648.133, and Safari prior to 5.0.5. The overflow occurs in CSS style handling, nodesets, and a length value, enabling remote code execution. The issue was demo...
CVE-2017-13783
CVE-2017-13783 impacts Apple WebKit across multiple platforms (iOS 11.1 and earlier, Safari 11.0.1 and earlier, iCloud/iTunes on Windows, tvOS 11.1). The issue is a memory corruption vulnerability in WebKit that could allow remote attackers to execute arbitrary code or cause a denial of service v...
CVE-2010-3813
CVE-2010-3813 concerns WebKit: The WebCore::HTMLLinkElement::process function does not verify whether DNS prefetching is enabled when processing a LINK element. This can let remote attackers bypass intended access restrictions, demonstrated by an HTML email using a LINK element for X-Confirm-Read...
CVE-2011-1774
WebKit in Apple Safari before 5.0.6 is affected by CVE-2011-1774 due to improper libxslt security settings, allowing remote attackers to create arbitrary files and potentially execute arbitrary code via a crafted web site. This vulnerability arises from how XSLT output handling interacts with lib...
CVE-2012-5851
The CVE-2012-5851 issue concerns WebKit’s XSSAuditor.cpp in WebCore, used by Google Chrome (through version 22) and Safari (5.1.7). The root cause is that reflected data output contexts aren’t fully accounted for, enabling bypass of the built-in XSS protection. The listed references (WebKit Bug 9...
CVE-2017-7020
CVE-2017-7020 affects WebKit components across multiple Apple platforms (iOS prior to 10.3.3, Safari prior to 10.1.2, iCloud on Windows prior to 6.2.2, iTunes on Windows prior to 12.6.2, tvOS prior to 10.2.2). The issue allows a remote attacker to execute arbitrary code or cause a denial of servi...
CVE-2010-1783
WebKitGTK+ and Safari are affected by CVE-2010-1783 as part of a set of WebKit vulnerabilities. The issue arises from improper handling of dynamic modification of a text node, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and crash). Affected:...
CVE-2010-1395
CVE-2010-1395 is a WebKit-based XSS vulnerability in Apple Safari prior to 5.0 (Mac OS X 10.5–10.6 and Windows) and Safari/WebKit prior to 4.1 on Mac OS X 10.4. It arises from a DOM constructor object scope management issue that allows remote attackers to inject arbitrary script or HTML via certa...