Webkit Security Vulnerabilities and Issues — Page 3 of Webkit CVE List

Lucene search

AppleWebkit

258 matches found

CVE•added 2010/06/11 7:30 p.m.•53 views

CVE-2010-1418

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preced...

4.3CVSS6.8AI score0.01199EPSS

CVE•added 2010/06/11 7:30 p.m.•53 views

CVE-2010-1761

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees.

9.3CVSS8.6AI score0.08374EPSS

CVE•added 2010/07/30 8:30 p.m.•53 views

CVE-2010-1780

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to ele...

9.3CVSS9.1AI score0.06495EPSS

CVE•added 2010/07/30 8:30 p.m.•53 views

CVE-2010-1788

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document...

9.3CVSS9.3AI score0.06539EPSS

CVE•added 2011/03/03 8:0 p.m.•53 views

CVE-2011-0149

WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dang...

7.6CVSS9.2AI score0.01709EPSS

CVE•added 2011/07/21 11:55 p.m.•53 views

CVE-2011-0233

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•53 views

CVE-2011-1774

WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.

8.8CVSS6.7AI score0.81631EPSS

CVE•added 2011/10/12 6:55 p.m.•53 views

CVE-2011-2339

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2011/10/12 6:55 p.m.•53 views

CVE-2011-2341

7.6CVSS7.5AI score0.01224EPSS

CVE•added 2010/02/18 6:0 p.m.•52 views

CVE-2010-0659

The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.

9.3CVSS8.8AI score0.06977EPSS

CVE•added 2010/06/11 6:0 p.m.•52 views

CVE-2010-1410

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.

9.3CVSS9.3AI score0.16558EPSS

CVE•added 2010/06/11 7:30 p.m.•52 views

CVE-2010-1774

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML d...

9.3CVSS8.6AI score0.05917EPSS

CVE•added 2010/07/30 8:30 p.m.•52 views

CVE-2010-1793

Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-f...

9.3CVSS9.3AI score0.41148EPSS

CVE•added 2011/03/03 8:0 p.m.•52 views

CVE-2011-0122

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011...

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/11 10:55 p.m.•52 views

CVE-2011-0157

WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1.

7.5CVSS7.9AI score0.01607EPSS

CVE•added 2011/03/03 8:0 p.m.•52 views

CVE-2011-0164

7.6CVSS9.1AI score0.00937EPSS

CVE•added 2011/10/12 6:55 p.m.•52 views

CVE-2011-2354

7.6CVSS7.5AI score0.01016EPSS

CVE•added 2011/10/12 6:55 p.m.•52 views

CVE-2011-2356

7.6CVSS7.5AI score0.01016EPSS

CVE•added 2011/10/12 6:55 p.m.•52 views

CVE-2011-2831

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2013/12/18 4:4 p.m.•52 views

CVE-2013-5197

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8CVSS7.8AI score0.02121EPSS

CVE•added 2016/07/22 2:59 a.m.•52 views

CVE-2016-4583

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.

3.1CVSS5AI score0.00588EPSS

CVE•added 2010/06/11 6:0 p.m.•51 views

CVE-2010-1388

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document.

4.3CVSS7.7AI score0.0086EPSS

CVE•added 2010/06/11 6:0 p.m.•51 views

CVE-2010-1403

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application cras...

9.3CVSS9AI score0.16559EPSS

CVE•added 2010/07/30 8:30 p.m.•51 views

CVE-2010-1791

Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.

9.3CVSS9.1AI score0.10309EPSS

CVE•added 2010/11/22 1:0 p.m.•51 views

CVE-2010-3805

Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010...

9.3CVSS8.6AI score0.12024EPSS

CVE•added 2011/03/03 8:0 p.m.•51 views

CVE-2011-0145

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/11 10:55 p.m.•51 views

CVE-2011-0166

The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778.

5.8CVSS8AI score0.00542EPSS

CVE•added 2011/07/21 11:55 p.m.•51 views

CVE-2011-1462

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2013/12/18 4:4 p.m.•51 views

CVE-2013-5228

6.8CVSS7.8AI score0.02121EPSS

CVE•added 2016/07/22 2:59 a.m.•51 views

CVE-2016-4585

Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.

6.1CVSS6AI score0.01368EPSS

CVE•added 2010/08/19 10:0 p.m.•50 views

CVE-2010-1386

page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.

10CVSS8.4AI score0.01853EPSS

CVE•added 2010/06/11 6:0 p.m.•50 views

CVE-2010-1408

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this ma...

4.3CVSS8.2AI score0.00443EPSS

CVE•added 2010/06/11 6:0 p.m.•50 views

CVE-2010-1422

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document...

4.3CVSS7.8AI score0.01082EPSS

CVE•added 2010/07/30 8:30 p.m.•50 views

CVE-2010-1787

9.3CVSS9.3AI score0.06539EPSS

CVE•added 2010/11/22 1:0 p.m.•50 views

CVE-2010-3820

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a craf...

9.3CVSS8.6AI score0.02223EPSS

CVE•added 2011/03/03 8:0 p.m.•50 views

CVE-2011-0130

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/11 10:55 p.m.•50 views

CVE-2011-0163

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.

4.3CVSS7.9AI score0.01049EPSS

CVE•added 2011/07/21 11:55 p.m.•50 views

CVE-2011-1457

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2012/03/08 10:55 p.m.•50 views

CVE-2011-2866

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

7.6CVSS7.5AI score0.01224EPSS

CVE•added 2011/10/12 6:55 p.m.•50 views

CVE-2011-3239

7.6CVSS7.5AI score0.01363EPSS

CVE•added 2010/06/11 6:0 p.m.•49 views

CVE-2010-1394

4.3CVSS7AI score0.01195EPSS

CVE•added 2010/06/11 6:0 p.m.•49 views

CVE-2010-1399

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via...

9.3CVSS8.5AI score0.0656EPSS

CVE•added 2010/06/11 6:0 p.m.•49 views

CVE-2010-1406

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive in...

4.3CVSS8.2AI score0.00762EPSS

CVE•added 2010/07/30 8:30 p.m.•49 views

CVE-2010-1790

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (...

9.3CVSS9AI score0.03785EPSS

CVE•added 2010/11/22 1:0 p.m.•49 views

CVE-2010-3808

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (...

9.3CVSS8.7AI score0.02551EPSS

CVE•added 2011/03/03 8:0 p.m.•49 views

CVE-2011-0117

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/03 8:0 p.m.•49 views

CVE-2011-0120

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/03 8:0 p.m.•49 views

CVE-2011-0121

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/03 8:0 p.m.•49 views

CVE-2011-0125

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/03 8:0 p.m.•49 views

CVE-2011-0132

Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of se...

7.6CVSS9.2AI score0.01045EPSS

Total number of security vulnerabilities258