Webkit Security Vulnerabilities and Issues — Page 2 of Webkit CVE List

Lucene search

AppleWebkit

258 matches found

CVE•added 2010/07/30 8:30 p.m.•63 views

CVE-2010-1792

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.

9.3CVSS9.2AI score0.06539EPSS

CVE•added 2011/07/21 11:55 p.m.•63 views

CVE-2011-1288

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/04/04 12:27 p.m.•63 views

CVE-2011-1425

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

5.1CVSS7.6AI score0.09898EPSS

CVE•added 2007/01/18 2:28 a.m.•62 views

CVE-2007-0342

WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-20...

7.5CVSS6.2AI score0.12657EPSS

CVE•added 2010/07/30 8:30 p.m.•62 views

CVE-2010-1783

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory co...

9.3CVSS9.2AI score0.04924EPSS

CVE•added 2010/07/30 8:30 p.m.•62 views

CVE-2010-1784

The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of servi...

9.3CVSS9.2AI score0.04924EPSS

CVE•added 2011/03/11 9:57 p.m.•62 views

CVE-2011-1290

Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets,...

10CVSS8.9AI score0.03547EPSS

CVE•added 2010/06/11 6:0 p.m.•61 views

CVE-2010-1401

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vec...

9.3CVSS9AI score0.10956EPSS

CVE•added 2010/06/11 6:0 p.m.•60 views

CVE-2010-1393

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.

4.3CVSS8.3AI score0.01392EPSS

CVE•added 2010/06/11 7:30 p.m.•60 views

CVE-2010-2264

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages ...

4.3CVSS7.4AI score0.00732EPSS

CVE•added 2011/10/12 6:55 p.m.•60 views

CVE-2011-2352

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

7.6CVSS7.5AI score0.01016EPSS

CVE•added 2010/02/18 6:0 p.m.•59 views

CVE-2010-0656

WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted loc...

4.3CVSS8.3AI score0.00606EPSS

CVE•added 2010/06/11 6:0 p.m.•59 views

CVE-2010-1414

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.

9.3CVSS9.1AI score0.13965EPSS

CVE•added 2010/07/30 8:30 p.m.•59 views

CVE-2010-1782

9.3CVSS9.3AI score0.06539EPSS

CVE•added 2010/11/22 1:0 p.m.•59 views

CVE-2010-3813

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetchin...

5.8CVSS8.5AI score0.00848EPSS

CVE•added 2011/07/21 11:55 p.m.•59 views

CVE-2011-1797

9.3CVSS8.8AI score0.01413EPSS

CVE•added 2011/07/21 11:55 p.m.•58 views

CVE-2011-1453

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/10/12 6:55 p.m.•58 views

CVE-2011-2338

7.6CVSS7.5AI score0.01224EPSS

CVE•added 2014/02/27 1:55 a.m.•58 views

CVE-2014-1268

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.

6.8CVSS7.8AI score0.0105EPSS

CVE•added 2010/02/18 6:0 p.m.•57 views

CVE-2010-0647

WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a > sequence.

9.3CVSS9.2AI score0.10166EPSS

CVE•added 2010/06/11 6:0 p.m.•57 views

CVE-2010-1390

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of...

4.3CVSS7.1AI score0.01195EPSS

CVE•added 2010/06/11 6:0 p.m.•57 views

CVE-2010-1749

9.3CVSS8.6AI score0.12597EPSS

CVE•added 2010/06/11 7:30 p.m.•57 views

CVE-2010-1771

9.3CVSS8.7AI score0.08537EPSS

CVE•added 2010/07/30 8:30 p.m.•57 views

CVE-2010-1785

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote atta...

9.3CVSS9.1AI score0.07555EPSS

CVE•added 2010/07/30 8:30 p.m.•57 views

CVE-2010-1786

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject elemen...

9.3CVSS9.1AI score0.06495EPSS

CVE•added 2014/02/27 1:55 a.m.•57 views

CVE-2014-1270

6.8CVSS7.8AI score0.0105EPSS

CVE•added 2010/06/11 6:0 p.m.•56 views

CVE-2010-1396

9.3CVSS8.6AI score0.07407EPSS

CVE•added 2010/06/11 6:0 p.m.•56 views

CVE-2010-1417

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content ...

9.3CVSS8.9AI score0.08544EPSS

CVE•added 2010/06/11 7:30 p.m.•56 views

CVE-2010-1759

9.3CVSS8.7AI score0.48797EPSS

CVE•added 2010/11/22 1:0 p.m.•56 views

CVE-2010-3816

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.

9.3CVSS8.6AI score0.10426EPSS

CVE•added 2010/11/22 1:0 p.m.•56 views

CVE-2010-3823

9.3CVSS8.6AI score0.10426EPSS

CVE•added 2011/07/21 11:55 p.m.•56 views

CVE-2011-0222

9.3CVSS8.8AI score0.58896EPSS

CVE•added 2011/10/12 6:55 p.m.•56 views

CVE-2011-3237

7.6CVSS7.5AI score0.01157EPSS

CVE•added 2010/02/18 6:0 p.m.•55 views

CVE-2010-0661

WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.

6.8CVSS8.1AI score0.01619EPSS

CVE•added 2010/06/11 6:0 p.m.•55 views

CVE-2010-1402

Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, ...

9.3CVSS9.1AI score0.10956EPSS

CVE•added 2010/06/11 6:0 p.m.•55 views

CVE-2010-1404

9.3CVSS9.2AI score0.12489EPSS

CVE•added 2010/06/11 7:30 p.m.•55 views

CVE-2010-1758

9.3CVSS8.7AI score0.13965EPSS

CVE•added 2011/07/21 11:55 p.m.•55 views

CVE-2011-0253

9.3CVSS8.8AI score0.02627EPSS

CVE•added 2007/07/23 4:30 p.m.•54 views

CVE-2007-3944

Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: t...

9.3CVSS7.4AI score0.36787EPSS

CVE•added 2010/06/11 6:0 p.m.•54 views

CVE-2010-1389

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for...

4.3CVSS7.1AI score0.01007EPSS

CVE•added 2010/06/11 6:0 p.m.•54 views

CVE-2010-1391

Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors invol...

4.3CVSS8.9AI score0.00565EPSS

CVE•added 2010/06/11 6:0 p.m.•54 views

CVE-2010-1416

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted ...

4.3CVSS7.8AI score0.01397EPSS

CVE•added 2011/10/12 6:55 p.m.•54 views

CVE-2011-2809

7.6CVSS7.5AI score0.01016EPSS

CVE•added 2013/12/18 4:4 p.m.•54 views

CVE-2013-5199

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8CVSS7.8AI score0.02764EPSS

CVE•added 2014/02/27 1:55 a.m.•54 views

CVE-2014-1269

6.8CVSS7.8AI score0.0105EPSS

CVE•added 2008/04/17 7:5 p.m.•53 views

CVE-2008-1025

Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.

4.3CVSS5.2AI score0.01125EPSS

CVE•added 2010/06/11 6:0 p.m.•53 views

CVE-2010-1397

9.3CVSS8.7AI score0.12489EPSS

CVE•added 2010/06/11 6:0 p.m.•53 views

CVE-2010-1398

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft...

9.3CVSS8.8AI score0.09518EPSS

CVE•added 2010/06/11 6:0 p.m.•53 views

CVE-2010-1409

Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.

5.8CVSS8.1AI score0.00883EPSS

CVE•added 2010/06/11 6:0 p.m.•53 views

CVE-2010-1415

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API ...

9.3CVSS9AI score0.34318EPSS

Total number of security vulnerabilities258