Lucene search
+L
AppleWebkit

258 matches found

CVE
CVE
added 2010/07/30 8:0 p.m.84 views

CVE-2010-1792

WebKit vulnerabilities tied to CVE-2010-1792 affect WebKit in Apple Safari (Mac OS X 10.4–10.6) and Windows, and WebKitGTK+ (before 1.2.6). The issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and crashes) via a crafted regular expression. Th...

9.3CVSS9.2AI score0.06012EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.83 views

CVE-2010-1395

CVE-2010-1395 is a WebKit-based XSS vulnerability in Apple Safari prior to 5.0 (Mac OS X 10.5–10.6 and Windows) and Safari/WebKit prior to 4.1 on Mac OS X 10.4. It arises from a DOM constructor object scope management issue that allows remote attackers to inject arbitrary script or HTML via certa...

4.3CVSS7AI score0.02933EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.83 views

CVE-2010-1783

WebKitGTK+ and Safari are affected by CVE-2010-1783 as part of a set of WebKit vulnerabilities. The issue arises from improper handling of dynamic modification of a text node, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and crash). Affected:...

9.3CVSS9.2AI score0.05961EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.82 views

CVE-2010-1390

CVE-2010-1390 is a cross-site scripting vulnerability in WebKit used by Safari that can allow remote attackers to inject arbitrary script or HTML via flaws in UTF-7 canonicalization and incomplete termination of a quoted string in HTML. The vulnerability affects WebKit/Safari on multiple platform...

4.3CVSS7.1AI score0.02933EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.82 views

CVE-2010-1414

CVE-2010-1414 is a use-after-free in WebKit used by Apple Safari prior to version 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. The issue enables remote attackers to execute arbitrary code or cause an application crash via vectors related to the removeChild DOM method....

9.3CVSS9.1AI score0.06698EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.82 views

CVE-2010-1759

Use-after-free in WebKit (Node.normalize) affects Apple Safari before 5.0 on Windows/Mac OS X 10.5–10.6 and 4.1 on OS X 10.4; also affects Safari before 4.1 on some platforms. Remote attackers could execute arbitrary code or cause a crash (DoS). The provided documents confirm the vulnerability an...

9.3CVSS8.7AI score0.15733EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.82 views

CVE-2010-1770

CVE-2010-1770 affects WebKit-based browsers (Safari up to v5 on macOS 10.5–10.6 and Windows; Safari up to v4.1 on macOS 10.4; Chrome up to 5.0.375.70). The issue is a transformation handling bug for a text node using IBM1147 charset, in HTML with a BR element, related to a type checking issue. Co...

9.3CVSS8.7AI score0.04756EPSS
CVE
CVE
added 2017/11/13 3:0 a.m.82 views

CVE-2017-13796

CVE-2017-13796 affects Apple’s WebKit across multiple platforms (iOS, Safari, tvOS, Windows iTunes/iCloud). The issue is due to memory corruption in WebKit that could allow remote attackers to execute arbitrary code or cause a crash via a crafted web page. Affected products include iOS before 11....

8.8CVSS7.7AI score0.0582EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.81 views

CVE-2010-0544

CVE-2010-0544 is an XSS vulnerability in WebKit used by Apple Safari (before 5.0 on Windows and macOS 10.5–10.6; before 4.1 on macOS 10.4). It allows remote attackers to inject arbitrary script/HTML via a malformed URL. The connected documents confirm the affected product and vectors, but do not ...

4.3CVSS5.2AI score0.02933EPSS
CVE
CVE
added 2017/11/13 3:0 a.m.81 views

CVE-2017-13802

CVE-2017-13802 affects WebKit in multiple Apple platforms (iOS before 11.1, Safari before 11.0.1, tvOS before 11.1, iCloud/iTunes on Windows). The issue allows remote code execution or memory corruption via crafted web content. Root cause: memory corruption in WebKit leading to arbitrary code exe...

8.8CVSS7.7AI score0.05787EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.80 views

CVE-2010-1771

CVE-2010-1771 is a use-after-free vulnerability in WebKit used by Apple Safari before 5.0 on Mac OS X 10.5–10.6 and Windows, and before 4.1 on Mac OS X 10.4, triggered via fonts. This allows remote attackers to execute arbitrary code or cause a denial of service (application crash). The connected...

9.3CVSS8.7AI score0.06346EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.80 views

CVE-2010-1780

CVE-2010-1780 affects WebKitGTK+ (WebKit) used by MiracleLinux & OpenSUSE/OpenVAS advisories. The vulnerability is a use-after-free in element focus paths that can allow remote code execution or a crash. MiracleLinux AXSA:2011-34:01 fixes WebKitGTK+ 1.2.6-2.AXS4; advisories for related CVEs in We...

9.3CVSS9.1AI score0.06084EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.80 views

CVE-2010-1786

CVE-2010-1786 is a use-after-free in WebKit/WebKitGTK+ permitting remote code execution or a crash via a foreignObject SVG element. Affected: WebKitGTK+ up to version 1.2.6 (and Safari prior to 5.0.1 on macOS, Windows; Safari 4.1.1 on macOS 10.4). Connected advisories show MiracleLinux/Miracle Li...

9.3CVSS9.1AI score0.06084EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.79 views

CVE-2010-1782

CVE-2010-1782 affects WebKit-based components (e.g., WebKit in Apple Safari and WebKitGTK+). The vulnerability arises from the rendering of inline elements, leading to remote code execution or a denial of service via memory corruption/application crash. The MiracleLinux advisory (AXSA:2011-34:01)...

9.3CVSS9.3AI score0.05961EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.79 views

CVE-2010-3808

CVE-2010-3808 affects WebKit/Safari: Safari before 5.0.3 on macOS 10.5–10.6 and Windows, and Safari before 4.1.3 on macOS 10.4, do not properly cast an unspecified variable during editing command processing, allowing remote code execution or a denial of service via a crafted web site. The NVD ent...

9.3CVSS8.7AI score0.04448EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.79 views

CVE-2011-1288

The CVE-2011-1288 vulnerability affects WebKit as used by Apple Safari prior to 5.0.6. A crafted website can cause remote code execution or a Denial of Service via memory corruption and application crashes. This is tied to memory corruption issues in WebKit, with core impact described as arbitrar...

9.3CVSS8.8AI score0.03923EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.79 views

CVE-2011-1797

Affected software: WebKit as used by Apple Safari prior to version 5.0.6. Description confirms a vulnerability in WebKit that allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site, via memory corruption in the rendering engine. Root cause is a WebKi...

9.3CVSS8.8AI score0.04375EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.78 views

CVE-2010-1396

CVE-2010-1396 is a use-after-free in WebKit’s handling of contentEditable and removal of container elements, allowing remote attackers to execute arbitrary code or cause a denial of service (application crash). Affected products/versions cited include Safari before 5.0 on macOS 10.5–10.6 and Wind...

9.3CVSS8.6AI score0.08732EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.78 views

CVE-2010-1401

CVE-2010-1401 is a use-after-free in WebKit’s CSS handling in Safari before version 5.0 on Mac OS X 10.5–10.6 and Windows, and before 4.1 on Mac OS X 10.4. The flaw relates to the :first-letter pseudo-element and can allow remote attackers to execute arbitrary code or trigger a crash (DoS). The d...

9.3CVSS9AI score0.08732EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.78 views

CVE-2010-1785

CVE-2010-1785 affects WebKit-based rendering in WebKitGTK+ (and Safari) before the listed fixed versions, including webkitgtk prior to 1.2.6. The root cause is uninitialized memory during processing of the SVG text element’s :first-letter and :first-line pseudo-elements, enabling remote code exec...

9.3CVSS9.1AI score0.06084EPSS
CVE
CVE
added 2011/10/12 6:0 p.m.78 views

CVE-2011-2352

CVE-2011-2352 affects WebKit used by Apple iTunes before 10.5. The vulnerability allows a MITM attacker to execute arbitrary code or cause a denial of service (memory corruption and application crash) via iTunes Store browsing vectors. Connected sources reiterate WebKit/iTunes Store browsing as t...

7.6CVSS7.5AI score0.02665EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.77 views

CVE-2010-2264

The vulnerability CVE-2010-2264 affects the CSS :visited handling in WebKit-based Safari. Affected software: Safari before 5.0 on Mac OS X 10.5–10.6 and Windows, and Safari before 4.1 on Mac OS X 10.4. Root cause: the :visited pseudo-class is not properly handled by CSS in WebKit, enabling remote...

4.3CVSS7.4AI score0.02597EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.77 views

CVE-2011-0218

CVE-2011-0218 affects WebKit as used in Apple Safari prior to 5.0.6. A crafted website can trigger memory corruption in WebKit, resulting in remote arbitrary code execution or a denial of service (application crash). The vulnerability stems from memory handling issues within WebKit when parsing o...

9.3CVSS8.8AI score0.03923EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.77 views

CVE-2011-1453

CVE-2011-1453 affects WebKit as used by Apple Safari prior to 5.0.6. The issue is a use-after-free in SVG handling (SVG Markers) in WebKit, which can allow a remote attacker to exploit memory corruption to execute arbitrary code or cause a crash. The vulnerability is tied to Safari/WebKit’s SVG o...

9.3CVSS8.8AI score0.03923EPSS
CVE
CVE
added 2017/11/13 3:0 a.m.77 views

CVE-2017-13785

CVE-2017-13785 is a WebKit-related vulnerability affecting Apple devices and software listed by Apple for the 2017-11 window: iOS <11.1, Safari <11.0.1, iCloud on Windows, iTunes for Windows, and tvOS

8.8CVSS7.7AI score0.05787EPSS
CVE
CVE
added 2011/10/12 6:0 p.m.76 views

CVE-2011-2338

CVE-2011-2338 affects WebKit as used in Apple iTunes prior to 10.5. The vulnerability is exposed via vectors related to iTunes Store browsing, allowing a man‑in‑the‑middle attacker to execute arbitrary code or cause a memory corruption/DoS (application crash). The NVD entry lists a CVSS v2 base s...

7.6CVSS7.5AI score0.02618EPSS
CVE
CVE
added 2010/02/18 5:19 p.m.75 views

CVE-2010-0647

CVE-2010-0647 affects WebKit (as used in Google Chrome prior to 4.0.249.89). The root cause is a malformed RUBY element that enables remote code execution in the Chrome sandbox, demonstrated by the > sequence. Affected software is WebKit before r53525; remediation is to apply the WebKit/Chrome...

9.3CVSS9.2AI score0.03511EPSS
CVE
CVE
added 2010/02/18 5:19 p.m.75 views

CVE-2010-0661

The CVE-2010-0661 issue affects WebKit/WebCore: V8DOMWindowCustom.cpp in WebKit before r52401, which is used in Google Chrome up to version 4.0.249.78. The vulnerability allows remote attackers to bypass the Same Origin Policy via vectors involving window.open. Connected sources confirm the affec...

6.8CVSS8.1AI score0.01592EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.75 views

CVE-2010-1394

CVE-2010-1394 is a Cross‑Site Scripting (XSS) vulnerability in WebKit used by Apple Safari. The initial data states Safari before version 5.0 on Mac OS X 10.5–10.6 and Windows, and before 4.1 on Mac OS X 10.4, is susceptible. The root cause is improper handling of HTML document fragments that all...

4.3CVSS7AI score0.02933EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.75 views

CVE-2010-1416

CVE-2010-1416 affects WebKit in Apple Safari prior to 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. It occurs because reading a canvas that contains an SVG image pattern from a different site is not properly restricted, enabling a cross-site image capture. This could a...

4.3CVSS7.8AI score0.02981EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.75 views

CVE-2010-1793

CVE-2010-1793 is a confirmed use-after-free vulnerability in WebKit/WebKitGTK+ that can allow remote code execution or a crash via a crafted SVG document (via a font-face or an SVG use element). Affected products include Safari (Mac OS X 10.4–10.6) and WebKitGTK+ up to version 1.2.6; various list...

9.3CVSS9.3AI score0.06728EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.75 views

CVE-2010-3805

The CVE-2010-3805 entry concerns Apple Safari/WebKit. Affected: Safari/WebKit prior to 5.0.3 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1.3 on Mac OS X 10.4. Description: an integer underflow in WebKit via WebSockets allows a remote attacker to execute arbitrary code or cause an applicatio...

9.3CVSS8.6AI score0.05862EPSS
CVE
CVE
added 2010/02/18 5:19 p.m.74 views

CVE-2010-0656

WebKit before r51295 (as used in Google Chrome before 4.0.249.78) may respond to a local file:// XMLHttpRequest targeting a directory with a directory listing, potentially exposing sensitive information or causing other impact via a crafted local HTML document. The mitigation is to update to the ...

4.3CVSS8.3AI score0.01149EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.74 views

CVE-2010-1393

CVE-2010-1393 affects WebKit’s CSS handling in Safari before 5.0 on Windows/Mac and before 4.1 on Mac OS X/opens with a redirecting URL, allowing remote attackers to discover sensitive URLs via an HREF attribute. The vulnerability exposes partial confidentiality as described by the NVD, with rela...

4.3CVSS8.3AI score0.02058EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.74 views

CVE-2010-1749

CVE-2010-1749 is a use-after-free vulnerability in WebKit affecting Apple Safari prior to version 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. The issue arises from the CSS run-in property and multiple invocations of a destructor for a child element that has been refe...

9.3CVSS8.6AI score0.08732EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.74 views

CVE-2010-1758

CVE-2010-1758 is a use-after-free vulnerability in WebKit affecting Safari up to version 5.x (Mac OS X 10.5–10.6) and Windows, and WebKit on Mac OS X 10.4. The issue arises from DOM Range handling and can lead to remote code execution or application crashes. Connected documents confirm related We...

9.3CVSS8.7AI score0.06698EPSS
CVE
CVE
added 2011/03/11 10:0 p.m.74 views

CVE-2011-0160

CVE-2011-0160 affects WebKit as used in Apple Safari prior to 5.0.4 and iOS prior to 4.3. The vulnerability arises when handling redirects with HTTP Basic Authentication, potentially causing the Authorization header (and thus credentials) to be logged by remote servers. The issue is tied to WebKi...

5CVSS8.3AI score0.01549EPSS
CVE
CVE
added 2008/04/17 5:0 p.m.73 views

CVE-2008-1025

The CVE-2008-1025 entry concerns Apple Safari/WebKit prior to version 3.1.1, where WebKit mishandles URLs with a colon in the hostname, enabling cross-site scripting (XSS). The vulnerability is rooted in WebKit’s URL handling and affects Safari before 3.1.1. Reported impact is that an attacker ca...

4.3CVSS5.2AI score0.02893EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.73 views

CVE-2010-1787

CVE-2010-1787 affects WebKit, notably WebKitGTK+ 1.2.6 and Safari before certain versions. The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document. The MiracleLinux AXSA:2...

9.3CVSS9.3AI score0.05961EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.73 views

CVE-2010-1788

CVE-2010-1788 affects WebKit/WebKitGTK+ with a use element in SVG able to trigger remote code execution or memory corruption causing application crashes. Affected: Safari (Mac OS X 10.4–10.6) and Windows builds prior to 5.0.1, and webkitgtk before 1.2.6. The description also notes potential denia...

9.3CVSS9.3AI score0.05961EPSS
CVE
CVE
added 2010/06/24 5:0 p.m.73 views

CVE-2010-2441

CVE-2010-2441 in WebKit: improper restrictions on focus changes enables reading keystrokes via cross-domain IFRAME gadgets. The issue is addressed by openSUSE/libwebkit updates to WebKit 1.2.7 (examples: openSUSE-SU-2011:0024/0458-1 patches for libwebkit) which list CVE-2010-2441 among fixed bugs...

4.3CVSS8.6AI score0.01898EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.73 views

CVE-2010-3823

CVE-2010-3823 is a use-after-free in WebKit affecting Apple Safari prior to 5.0.3 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1.3 on Mac OS X 10.4, exploitable via Geolocation object vectors. The vulnerability can allow remote code execution or cause an application crash (DoS). The issue is...

9.3CVSS8.6AI score0.05829EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.72 views

CVE-2010-1422

CVE-2010-1422 affects WebKit used by Safari on Mac OS X and Windows (pre-5.0 on certain macOS versions; before 4.1 on Mac OS X 10.4). Root cause: improper handling of keyboard focus changes during key-press processing, enabling a crafted HTML document to force arbitrary key presses. Exploitation ...

4.3CVSS7.8AI score0.03007EPSS
CVE
CVE
added 2011/03/11 10:0 p.m.72 views

CVE-2011-0163

CVE-2011-0163 affects WebKit as used by Apple Safari before 5.0.4 and iOS before 4.3 . The vulnerability arises from WebKit’s improper handling of unspecified "cached resources", enabling a remote attacker to cause a denial of service (resource unavailability) via a crafted website that performs ...

4.3CVSS7.9AI score0.01592EPSS
CVE
CVE
added 2011/03/11 10:0 p.m.72 views

CVE-2011-0167

CVE-2011-0167 is a WebKit/WebKit-based vulnerability in Apple Safari affecting Safari before 5.0.4. The issue allows remote attackers to bypass the Same Origin Policy and force the upload of arbitrary local files from a client computer via a crafted website. The condition is a cross-origin/contro...

4.3CVSS8.2AI score0.03344EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.72 views

CVE-2011-0222

CVE-2011-0222 affects WebKit as used in Apple Safari prior to version 5.0.6. A crafted web site can trigger memory corruption in WebKit, enabling remote arbitrary code execution or causing an application crash (DoS). The vulnerability is tied to WebKit’s SVG handling and related memory-corruption...

9.3CVSS8.8AI score0.21639EPSS
CVE
CVE
added 2011/10/12 6:0 p.m.72 views

CVE-2011-2341

CVE-2011-2341 affects WebKit as used in Apple iTunes before 10.5. The vulnerability allows man-in-the-middle attackers to execute arbitrary code or cause memory corruption and an application crash via iTunes Store browsing related vectors. The OpenVAS/Nessus entries in the connected data corrobor...

7.6CVSS7.5AI score0.02618EPSS
CVE
CVE
added 2011/10/12 6:0 p.m.72 views

CVE-2011-2814

CVE-2011-2814 affects WebKit as used in Apple iTunes before 10.5. It allows a man-in-the-middle attacker to cause arbitrary code execution or a denial of service via vectors related to iTunes Store browsing, tied to memory corruption and application crashes. The provided documents do not specify ...

7.6CVSS7.5AI score0.02288EPSS
CVE
CVE
added 2011/10/12 6:0 p.m.72 views

CVE-2011-3237

CVE-2011-3237 affects WebKit as used by Apple iTunes before version 10.5. The vulnerability allows a man-in-the-middle attacker to execute arbitrary code or cause a denial of service (memory corruption and application crash) via iTunes Store browsing-related vectors. The connected Nessus entry no...

7.6CVSS7.5AI score0.0268EPSS
CVE
CVE
added 2014/02/27 1:0 a.m.72 views

CVE-2014-1268

CVE-2014-1268 concerns WebKit as used in Apple Safari, specifically versions affected by memory corruption via a crafted web site that can lead to remote code execution or a denial of service. The vulnerability is described as affecting Safari before 6.1.2 and Safari 7.x before 7.0.2. The underly...

6.8CVSS7.8AI score0.01877EPSS
Total number of security vulnerabilities258