Webkit Security Vulnerabilities and Issues — Webkit CVE List

Lucene search

AppleWebkit

258 matches found

CVE•added 2017/12/25 9:29 p.m.•154 views

CVE-2017-13870

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.00947EPSS

CVE•added 2011/10/12 6:55 p.m.•134 views

CVE-2011-2813

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2017/12/25 9:29 p.m.•116 views

CVE-2017-13856

8.8CVSS7.7AI score0.00947EPSS

CVE•added 2017/12/25 9:29 p.m.•111 views

CVE-2017-13866

8.8CVSS7.7AI score0.00947EPSS

CVE•added 2017/12/27 5:8 p.m.•108 views

CVE-2017-7156

8.8CVSS7.7AI score0.00947EPSS

CVE•added 2017/12/27 5:8 p.m.•100 views

CVE-2017-7157

8.8CVSS7.7AI score0.00947EPSS

CVE•added 2017/07/20 4:29 p.m.•96 views

CVE-2017-7049

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote at...

8.8CVSS8.1AI score0.0481EPSS

CVE•added 2017/07/20 4:29 p.m.•96 views

CVE-2017-7061

8.8CVSS8.1AI score0.08109EPSS

CVE•added 2017/07/20 4:29 p.m.•93 views

CVE-2017-7037

8.8CVSS8.1AI score0.03473EPSS

CVE•added 2010/11/22 1:0 p.m.•91 views

CVE-2010-3804

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a relat...

5CVSS8.2AI score0.19249EPSS

CVE•added 2017/07/20 4:29 p.m.•89 views

CVE-2017-7034

8.8CVSS8.1AI score0.00513EPSS

CVE•added 2017/12/27 5:8 p.m.•86 views

CVE-2017-7160

8.8CVSS7.7AI score0.00365EPSS

CVE•added 2016/07/22 2:59 a.m.•85 views

CVE-2016-4590

WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

5.4CVSS5.8AI score0.00435EPSS

CVE•added 2017/07/20 4:29 p.m.•84 views

CVE-2017-7056

8.8CVSS8.1AI score0.08109EPSS

CVE•added 2017/07/20 4:29 p.m.•83 views

CVE-2017-7039

8.8CVSS8.1AI score0.03473EPSS

CVE•added 2017/07/20 4:29 p.m.•83 views

CVE-2017-7048

8.8CVSS8.1AI score0.0481EPSS

CVE•added 2017/07/20 4:29 p.m.•82 views

CVE-2017-7038

A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.

6.1CVSS5.8AI score0.0561EPSS

CVE•added 2017/07/20 4:29 p.m.•82 views

CVE-2017-7041

9.3CVSS8.1AI score0.1308EPSS

CVE•added 2017/07/20 4:29 p.m.•81 views

CVE-2017-7006

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obta...

5.3CVSS5.4AI score0.00644EPSS

CVE•added 2017/07/20 4:29 p.m.•80 views

CVE-2017-7046

8.8CVSS8.1AI score0.0481EPSS

CVE•added 2017/07/20 4:29 p.m.•80 views

CVE-2017-7055

8.8CVSS8.1AI score0.00927EPSS

CVE•added 2016/07/22 2:59 a.m.•78 views

CVE-2016-4591

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

7.8CVSS7AI score0.04036EPSS

CVE•added 2017/07/20 4:29 p.m.•78 views

CVE-2017-7019

8.8CVSS8.1AI score0.00513EPSS

CVE•added 2017/11/13 3:29 a.m.•76 views

CVE-2017-13794

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.14267EPSS

CVE•added 2017/07/20 4:29 p.m.•76 views

CVE-2017-7018

8.8CVSS8.1AI score0.03796EPSS

CVE•added 2016/07/22 2:59 a.m.•75 views

CVE-2016-4589

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.

8.8CVSS8.3AI score0.73233EPSS

CVE•added 2017/07/20 4:29 p.m.•75 views

CVE-2017-7030

8.8CVSS8.1AI score0.00513EPSS

CVE•added 2011/07/21 11:55 p.m.•74 views

CVE-2011-0255

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2017/11/13 3:29 a.m.•74 views

CVE-2017-13795

8.8CVSS7.7AI score0.14267EPSS

CVE•added 2017/11/13 3:29 a.m.•74 views

CVE-2017-13798

8.8CVSS7.7AI score0.13208EPSS

CVE•added 2017/07/20 4:29 p.m.•74 views

CVE-2017-7052

8.8CVSS8.1AI score0.00927EPSS

CVE•added 2010/06/11 7:30 p.m.•73 views

CVE-2010-1419

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close...

9.3CVSS9.1AI score0.10048EPSS

CVE•added 2017/11/13 3:29 a.m.•72 views

CVE-2017-13784

8.8CVSS7.7AI score0.14267EPSS

CVE•added 2010/02/18 6:0 p.m.•71 views

CVE-2010-0651

WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive in...

4.3CVSS7.3AI score0.02258EPSS

CVE•added 2017/11/13 3:29 a.m.•71 views

CVE-2017-13783

8.8CVSS7.7AI score0.14267EPSS

CVE•added 2017/11/13 3:29 a.m.•71 views

CVE-2017-13788

8.8CVSS7.7AI score0.01318EPSS

CVE•added 2017/11/13 3:29 a.m.•71 views

CVE-2017-13792

8.8CVSS7.7AI score0.14267EPSS

CVE•added 2017/07/20 4:29 p.m.•71 views

CVE-2017-7020

8.8CVSS8.1AI score0.00513EPSS

CVE•added 2017/07/20 4:29 p.m.•71 views

CVE-2017-7042

9.3CVSS8.1AI score0.1308EPSS

CVE•added 2010/11/22 1:0 p.m.•70 views

CVE-2010-3812

Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause...

9.3CVSS9.3AI score0.06675EPSS

CVE•added 2017/11/13 3:29 a.m.•70 views

CVE-2017-13793

8.8CVSS8.7AI score0.01318EPSS

CVE•added 2017/11/13 3:29 a.m.•70 views

CVE-2017-13803

8.8CVSS7.7AI score0.01318EPSS

CVE•added 2010/06/11 6:0 p.m.•69 views

CVE-2010-1395

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issu...

4.3CVSS7AI score0.01195EPSS

CVE•added 2012/11/15 11:58 a.m.•67 views

CVE-2012-5851

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka r...

4.3CVSS5.2AI score0.00344EPSS

CVE•added 2017/11/13 3:29 a.m.•66 views

CVE-2017-13791

8.8CVSS7.7AI score0.14267EPSS

CVE•added 2017/11/13 3:29 a.m.•66 views

CVE-2017-13802

8.8CVSS7.7AI score0.14267EPSS

CVE•added 2010/06/11 7:30 p.m.•65 views

CVE-2010-0544

4.3CVSS5.2AI score0.00763EPSS

CVE•added 2010/06/11 7:30 p.m.•64 views

CVE-2010-1770

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary ...

9.3CVSS8.7AI score0.0902EPSS

CVE•added 2017/11/13 3:29 a.m.•64 views

CVE-2017-13785

8.8CVSS7.7AI score0.14267EPSS

CVE•added 2017/11/13 3:29 a.m.•64 views

CVE-2017-13796

8.8CVSS7.7AI score0.14267EPSS

Total number of security vulnerabilities258