258 matches found
CVE-2010-1792
WebKit vulnerabilities tied to CVE-2010-1792 affect WebKit in Apple Safari (Mac OS X 10.4–10.6) and Windows, and WebKitGTK+ (before 1.2.6). The issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and crashes) via a crafted regular expression. Th...
CVE-2010-1395
CVE-2010-1395 is a WebKit-based XSS vulnerability in Apple Safari prior to 5.0 (Mac OS X 10.5–10.6 and Windows) and Safari/WebKit prior to 4.1 on Mac OS X 10.4. It arises from a DOM constructor object scope management issue that allows remote attackers to inject arbitrary script or HTML via certa...
CVE-2010-1783
WebKitGTK+ and Safari are affected by CVE-2010-1783 as part of a set of WebKit vulnerabilities. The issue arises from improper handling of dynamic modification of a text node, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and crash). Affected:...
CVE-2010-1390
CVE-2010-1390 is a cross-site scripting vulnerability in WebKit used by Safari that can allow remote attackers to inject arbitrary script or HTML via flaws in UTF-7 canonicalization and incomplete termination of a quoted string in HTML. The vulnerability affects WebKit/Safari on multiple platform...
CVE-2010-1414
CVE-2010-1414 is a use-after-free in WebKit used by Apple Safari prior to version 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. The issue enables remote attackers to execute arbitrary code or cause an application crash via vectors related to the removeChild DOM method....
CVE-2010-1759
Use-after-free in WebKit (Node.normalize) affects Apple Safari before 5.0 on Windows/Mac OS X 10.5–10.6 and 4.1 on OS X 10.4; also affects Safari before 4.1 on some platforms. Remote attackers could execute arbitrary code or cause a crash (DoS). The provided documents confirm the vulnerability an...
CVE-2010-1770
CVE-2010-1770 affects WebKit-based browsers (Safari up to v5 on macOS 10.5–10.6 and Windows; Safari up to v4.1 on macOS 10.4; Chrome up to 5.0.375.70). The issue is a transformation handling bug for a text node using IBM1147 charset, in HTML with a BR element, related to a type checking issue. Co...
CVE-2017-13796
CVE-2017-13796 affects Apple’s WebKit across multiple platforms (iOS, Safari, tvOS, Windows iTunes/iCloud). The issue is due to memory corruption in WebKit that could allow remote attackers to execute arbitrary code or cause a crash via a crafted web page. Affected products include iOS before 11....
CVE-2010-0544
CVE-2010-0544 is an XSS vulnerability in WebKit used by Apple Safari (before 5.0 on Windows and macOS 10.5–10.6; before 4.1 on macOS 10.4). It allows remote attackers to inject arbitrary script/HTML via a malformed URL. The connected documents confirm the affected product and vectors, but do not ...
CVE-2017-13802
CVE-2017-13802 affects WebKit in multiple Apple platforms (iOS before 11.1, Safari before 11.0.1, tvOS before 11.1, iCloud/iTunes on Windows). The issue allows remote code execution or memory corruption via crafted web content. Root cause: memory corruption in WebKit leading to arbitrary code exe...
CVE-2010-1771
CVE-2010-1771 is a use-after-free vulnerability in WebKit used by Apple Safari before 5.0 on Mac OS X 10.5–10.6 and Windows, and before 4.1 on Mac OS X 10.4, triggered via fonts. This allows remote attackers to execute arbitrary code or cause a denial of service (application crash). The connected...
CVE-2010-1780
CVE-2010-1780 affects WebKitGTK+ (WebKit) used by MiracleLinux & OpenSUSE/OpenVAS advisories. The vulnerability is a use-after-free in element focus paths that can allow remote code execution or a crash. MiracleLinux AXSA:2011-34:01 fixes WebKitGTK+ 1.2.6-2.AXS4; advisories for related CVEs in We...
CVE-2010-1786
CVE-2010-1786 is a use-after-free in WebKit/WebKitGTK+ permitting remote code execution or a crash via a foreignObject SVG element. Affected: WebKitGTK+ up to version 1.2.6 (and Safari prior to 5.0.1 on macOS, Windows; Safari 4.1.1 on macOS 10.4). Connected advisories show MiracleLinux/Miracle Li...
CVE-2010-1782
CVE-2010-1782 affects WebKit-based components (e.g., WebKit in Apple Safari and WebKitGTK+). The vulnerability arises from the rendering of inline elements, leading to remote code execution or a denial of service via memory corruption/application crash. The MiracleLinux advisory (AXSA:2011-34:01)...
CVE-2010-3808
CVE-2010-3808 affects WebKit/Safari: Safari before 5.0.3 on macOS 10.5–10.6 and Windows, and Safari before 4.1.3 on macOS 10.4, do not properly cast an unspecified variable during editing command processing, allowing remote code execution or a denial of service via a crafted web site. The NVD ent...
CVE-2011-1288
The CVE-2011-1288 vulnerability affects WebKit as used by Apple Safari prior to 5.0.6. A crafted website can cause remote code execution or a Denial of Service via memory corruption and application crashes. This is tied to memory corruption issues in WebKit, with core impact described as arbitrar...
CVE-2011-1797
Affected software: WebKit as used by Apple Safari prior to version 5.0.6. Description confirms a vulnerability in WebKit that allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site, via memory corruption in the rendering engine. Root cause is a WebKi...
CVE-2010-1396
CVE-2010-1396 is a use-after-free in WebKit’s handling of contentEditable and removal of container elements, allowing remote attackers to execute arbitrary code or cause a denial of service (application crash). Affected products/versions cited include Safari before 5.0 on macOS 10.5–10.6 and Wind...
CVE-2010-1401
CVE-2010-1401 is a use-after-free in WebKit’s CSS handling in Safari before version 5.0 on Mac OS X 10.5–10.6 and Windows, and before 4.1 on Mac OS X 10.4. The flaw relates to the :first-letter pseudo-element and can allow remote attackers to execute arbitrary code or trigger a crash (DoS). The d...
CVE-2010-1785
CVE-2010-1785 affects WebKit-based rendering in WebKitGTK+ (and Safari) before the listed fixed versions, including webkitgtk prior to 1.2.6. The root cause is uninitialized memory during processing of the SVG text element’s :first-letter and :first-line pseudo-elements, enabling remote code exec...
CVE-2011-2352
CVE-2011-2352 affects WebKit used by Apple iTunes before 10.5. The vulnerability allows a MITM attacker to execute arbitrary code or cause a denial of service (memory corruption and application crash) via iTunes Store browsing vectors. Connected sources reiterate WebKit/iTunes Store browsing as t...
CVE-2010-2264
The vulnerability CVE-2010-2264 affects the CSS :visited handling in WebKit-based Safari. Affected software: Safari before 5.0 on Mac OS X 10.5–10.6 and Windows, and Safari before 4.1 on Mac OS X 10.4. Root cause: the :visited pseudo-class is not properly handled by CSS in WebKit, enabling remote...
CVE-2011-0218
CVE-2011-0218 affects WebKit as used in Apple Safari prior to 5.0.6. A crafted website can trigger memory corruption in WebKit, resulting in remote arbitrary code execution or a denial of service (application crash). The vulnerability stems from memory handling issues within WebKit when parsing o...
CVE-2011-1453
CVE-2011-1453 affects WebKit as used by Apple Safari prior to 5.0.6. The issue is a use-after-free in SVG handling (SVG Markers) in WebKit, which can allow a remote attacker to exploit memory corruption to execute arbitrary code or cause a crash. The vulnerability is tied to Safari/WebKit’s SVG o...
CVE-2017-13785
CVE-2017-13785 is a WebKit-related vulnerability affecting Apple devices and software listed by Apple for the 2017-11 window: iOS <11.1, Safari <11.0.1, iCloud on Windows, iTunes for Windows, and tvOS
CVE-2011-2338
CVE-2011-2338 affects WebKit as used in Apple iTunes prior to 10.5. The vulnerability is exposed via vectors related to iTunes Store browsing, allowing a man‑in‑the‑middle attacker to execute arbitrary code or cause a memory corruption/DoS (application crash). The NVD entry lists a CVSS v2 base s...
CVE-2010-0647
CVE-2010-0647 affects WebKit (as used in Google Chrome prior to 4.0.249.89). The root cause is a malformed RUBY element that enables remote code execution in the Chrome sandbox, demonstrated by the > sequence. Affected software is WebKit before r53525; remediation is to apply the WebKit/Chrome...
CVE-2010-0661
The CVE-2010-0661 issue affects WebKit/WebCore: V8DOMWindowCustom.cpp in WebKit before r52401, which is used in Google Chrome up to version 4.0.249.78. The vulnerability allows remote attackers to bypass the Same Origin Policy via vectors involving window.open. Connected sources confirm the affec...
CVE-2010-1394
CVE-2010-1394 is a Cross‑Site Scripting (XSS) vulnerability in WebKit used by Apple Safari. The initial data states Safari before version 5.0 on Mac OS X 10.5–10.6 and Windows, and before 4.1 on Mac OS X 10.4, is susceptible. The root cause is improper handling of HTML document fragments that all...
CVE-2010-1416
CVE-2010-1416 affects WebKit in Apple Safari prior to 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. It occurs because reading a canvas that contains an SVG image pattern from a different site is not properly restricted, enabling a cross-site image capture. This could a...
CVE-2010-1793
CVE-2010-1793 is a confirmed use-after-free vulnerability in WebKit/WebKitGTK+ that can allow remote code execution or a crash via a crafted SVG document (via a font-face or an SVG use element). Affected products include Safari (Mac OS X 10.4–10.6) and WebKitGTK+ up to version 1.2.6; various list...
CVE-2010-3805
The CVE-2010-3805 entry concerns Apple Safari/WebKit. Affected: Safari/WebKit prior to 5.0.3 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1.3 on Mac OS X 10.4. Description: an integer underflow in WebKit via WebSockets allows a remote attacker to execute arbitrary code or cause an applicatio...
CVE-2010-0656
WebKit before r51295 (as used in Google Chrome before 4.0.249.78) may respond to a local file:// XMLHttpRequest targeting a directory with a directory listing, potentially exposing sensitive information or causing other impact via a crafted local HTML document. The mitigation is to update to the ...
CVE-2010-1393
CVE-2010-1393 affects WebKit’s CSS handling in Safari before 5.0 on Windows/Mac and before 4.1 on Mac OS X/opens with a redirecting URL, allowing remote attackers to discover sensitive URLs via an HREF attribute. The vulnerability exposes partial confidentiality as described by the NVD, with rela...
CVE-2010-1749
CVE-2010-1749 is a use-after-free vulnerability in WebKit affecting Apple Safari prior to version 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. The issue arises from the CSS run-in property and multiple invocations of a destructor for a child element that has been refe...
CVE-2010-1758
CVE-2010-1758 is a use-after-free vulnerability in WebKit affecting Safari up to version 5.x (Mac OS X 10.5–10.6) and Windows, and WebKit on Mac OS X 10.4. The issue arises from DOM Range handling and can lead to remote code execution or application crashes. Connected documents confirm related We...
CVE-2011-0160
CVE-2011-0160 affects WebKit as used in Apple Safari prior to 5.0.4 and iOS prior to 4.3. The vulnerability arises when handling redirects with HTTP Basic Authentication, potentially causing the Authorization header (and thus credentials) to be logged by remote servers. The issue is tied to WebKi...
CVE-2008-1025
The CVE-2008-1025 entry concerns Apple Safari/WebKit prior to version 3.1.1, where WebKit mishandles URLs with a colon in the hostname, enabling cross-site scripting (XSS). The vulnerability is rooted in WebKit’s URL handling and affects Safari before 3.1.1. Reported impact is that an attacker ca...
CVE-2010-1787
CVE-2010-1787 affects WebKit, notably WebKitGTK+ 1.2.6 and Safari before certain versions. The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document. The MiracleLinux AXSA:2...
CVE-2010-1788
CVE-2010-1788 affects WebKit/WebKitGTK+ with a use element in SVG able to trigger remote code execution or memory corruption causing application crashes. Affected: Safari (Mac OS X 10.4–10.6) and Windows builds prior to 5.0.1, and webkitgtk before 1.2.6. The description also notes potential denia...
CVE-2010-2441
CVE-2010-2441 in WebKit: improper restrictions on focus changes enables reading keystrokes via cross-domain IFRAME gadgets. The issue is addressed by openSUSE/libwebkit updates to WebKit 1.2.7 (examples: openSUSE-SU-2011:0024/0458-1 patches for libwebkit) which list CVE-2010-2441 among fixed bugs...
CVE-2010-3823
CVE-2010-3823 is a use-after-free in WebKit affecting Apple Safari prior to 5.0.3 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1.3 on Mac OS X 10.4, exploitable via Geolocation object vectors. The vulnerability can allow remote code execution or cause an application crash (DoS). The issue is...
CVE-2010-1422
CVE-2010-1422 affects WebKit used by Safari on Mac OS X and Windows (pre-5.0 on certain macOS versions; before 4.1 on Mac OS X 10.4). Root cause: improper handling of keyboard focus changes during key-press processing, enabling a crafted HTML document to force arbitrary key presses. Exploitation ...
CVE-2011-0163
CVE-2011-0163 affects WebKit as used by Apple Safari before 5.0.4 and iOS before 4.3 . The vulnerability arises from WebKit’s improper handling of unspecified "cached resources", enabling a remote attacker to cause a denial of service (resource unavailability) via a crafted website that performs ...
CVE-2011-0167
CVE-2011-0167 is a WebKit/WebKit-based vulnerability in Apple Safari affecting Safari before 5.0.4. The issue allows remote attackers to bypass the Same Origin Policy and force the upload of arbitrary local files from a client computer via a crafted website. The condition is a cross-origin/contro...
CVE-2011-0222
CVE-2011-0222 affects WebKit as used in Apple Safari prior to version 5.0.6. A crafted web site can trigger memory corruption in WebKit, enabling remote arbitrary code execution or causing an application crash (DoS). The vulnerability is tied to WebKit’s SVG handling and related memory-corruption...
CVE-2011-2341
CVE-2011-2341 affects WebKit as used in Apple iTunes before 10.5. The vulnerability allows man-in-the-middle attackers to execute arbitrary code or cause memory corruption and an application crash via iTunes Store browsing related vectors. The OpenVAS/Nessus entries in the connected data corrobor...
CVE-2011-2814
CVE-2011-2814 affects WebKit as used in Apple iTunes before 10.5. It allows a man-in-the-middle attacker to cause arbitrary code execution or a denial of service via vectors related to iTunes Store browsing, tied to memory corruption and application crashes. The provided documents do not specify ...
CVE-2011-3237
CVE-2011-3237 affects WebKit as used by Apple iTunes before version 10.5. The vulnerability allows a man-in-the-middle attacker to execute arbitrary code or cause a denial of service (memory corruption and application crash) via iTunes Store browsing-related vectors. The connected Nessus entry no...
CVE-2014-1268
CVE-2014-1268 concerns WebKit as used in Apple Safari, specifically versions affected by memory corruption via a crafted web site that can lead to remote code execution or a denial of service. The vulnerability is described as affecting Safari before 6.1.2 and Safari 7.x before 7.0.2. The underly...