Webkit Security Vulnerabilities and Issues — Page 4 of Webkit CVE List

Lucene search

AppleWebkit

258 matches found

CVE•added 2011/03/03 8:0 p.m.•50 views

CVE-2011-0125

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011...

7.6CVSS9.2AI score0.0084EPSS

CVE•added 2011/03/03 8:0 p.m.•50 views

CVE-2011-0132

Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of se...

7.6CVSS9.2AI score0.00771EPSS

CVE•added 2011/03/03 8:0 p.m.•50 views

CVE-2011-0146

7.6CVSS9.2AI score0.0084EPSS

CVE•added 2011/03/11 10:55 p.m.•50 views

CVE-2011-0167

The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.

4.3CVSS8.2AI score0.02629EPSS

Web

CVE•added 2011/07/21 11:55 p.m.•50 views

CVE-2011-0235

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/10/12 6:55 p.m.•50 views

CVE-2011-2820

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2012/03/08 10:55 p.m.•50 views

CVE-2012-0637

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

7.6CVSS7.5AI score0.00861EPSS

CVE•added 2010/05/06 2:53 p.m.•49 views

CVE-2010-1729

WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes sequences in an infinite loop.

4.3CVSS7.6AI score0.00643EPSS

CVE•added 2010/08/19 10:0 p.m.•49 views

CVE-2010-1760

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.

10CVSS8.4AI score0.01634EPSS

CVE•added 2010/06/11 7:30 p.m.•49 views

CVE-2010-1764

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.

4.3CVSS8.1AI score0.00905EPSS

CVE•added 2010/11/22 1:0 p.m.•49 views

CVE-2010-3810

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack.

4.3CVSS7.8AI score0.00819EPSS

CVE•added 2011/03/03 8:0 p.m.•49 views

CVE-2011-0136

7.6CVSS9.2AI score0.0084EPSS

CVE•added 2011/07/21 11:55 p.m.•49 views

CVE-2011-0218

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•49 views

CVE-2011-0254

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/10/12 6:55 p.m.•49 views

CVE-2011-3236

7.6CVSS7.5AI score0.01157EPSS

CVE•added 2011/10/12 6:55 p.m.•49 views

CVE-2011-3244

7.6CVSS7.5AI score0.01392EPSS

CVE•added 2010/06/11 7:30 p.m.•48 views

CVE-2010-1762

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.

4.3CVSS6.7AI score0.00908EPSS

CVE•added 2010/07/30 8:30 p.m.•48 views

CVE-2010-1778

Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.

4.3CVSS6.7AI score0.00277EPSS

CVE•added 2010/07/30 8:30 p.m.•48 views

CVE-2010-1789

Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.

9.3CVSS8.7AI score0.14348EPSS

CVE•added 2011/03/03 8:0 p.m.•48 views

CVE-2011-0118

7.6CVSS9.2AI score0.0084EPSS

CVE•added 2011/03/03 8:0 p.m.•48 views

CVE-2011-0124

7.6CVSS9.2AI score0.0084EPSS

CVE•added 2011/03/03 8:0 p.m.•48 views

CVE-2011-0138

7.6CVSS9.2AI score0.0084EPSS

CVE•added 2011/03/03 8:0 p.m.•48 views

CVE-2011-0139

7.6CVSS9.2AI score0.00861EPSS

CVE•added 2011/03/03 8:0 p.m.•48 views

CVE-2011-0155

7.6CVSS9.2AI score0.0084EPSS

CVE•added 2011/07/21 11:55 p.m.•48 views

CVE-2011-0232

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•48 views

CVE-2011-0234

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/10/12 6:55 p.m.•48 views

CVE-2011-2814

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2011/10/12 6:55 p.m.•48 views

CVE-2011-3235

7.6CVSS7.5AI score0.01157EPSS

CVE•added 2010/06/11 6:0 p.m.•47 views

CVE-2010-1392

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter C...

9.3CVSS8.6AI score0.07914EPSS

CVE•added 2010/06/11 6:0 p.m.•47 views

CVE-2010-1400

9.3CVSS8.6AI score0.09753EPSS

CVE•added 2010/06/11 6:0 p.m.•47 views

CVE-2010-1413

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

5CVSS7.2AI score0.01011EPSS

CVE•added 2010/06/11 7:30 p.m.•47 views

CVE-2010-1421

The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document.

4.3CVSS7.8AI score0.03913EPSS

CVE•added 2010/11/22 1:0 p.m.•47 views

CVE-2010-3803

Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string.

9.3CVSS8.7AI score0.12925EPSS

CVE•added 2010/11/22 1:0 p.m.•47 views

CVE-2010-3824

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements.

9.3CVSS8.6AI score0.11226EPSS

CVE•added 2010/11/22 1:0 p.m.•47 views

CVE-2010-3826

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of ...

9.3CVSS8.7AI score0.02223EPSS

CVE•added 2011/03/03 8:0 p.m.•47 views

CVE-2011-0114

7.6CVSS9.2AI score0.0084EPSS

CVE•added 2011/07/21 11:55 p.m.•47 views

CVE-2011-0225

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2013/12/18 4:4 p.m.•47 views

CVE-2013-5225

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8CVSS7.8AI score0.02121EPSS

CVE•added 2016/07/22 2:59 a.m.•47 views

CVE-2016-4588

WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.6AI score0.01001EPSS

CVE•added 2010/06/11 6:0 p.m.•46 views

CVE-2010-1405

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.

9.3CVSS8.7AI score0.08544EPSS

CVE•added 2010/11/22 1:0 p.m.•46 views

CVE-2010-3809

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (ap...

9.3CVSS8.7AI score0.02347EPSS

CVE•added 2010/11/22 1:0 p.m.•46 views

CVE-2010-3818

9.3CVSS8.6AI score0.10426EPSS

CVE•added 2011/03/03 8:0 p.m.•46 views

CVE-2011-0115

The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a den...

7.6CVSS9.2AI score0.01137EPSS

CVE•added 2011/03/03 8:0 p.m.•46 views

CVE-2011-0128

7.6CVSS9.2AI score0.0084EPSS

CVE•added 2011/03/03 8:0 p.m.•46 views

CVE-2011-0135

7.6CVSS9.2AI score0.0084EPSS

CVE•added 2011/03/03 8:0 p.m.•46 views

CVE-2011-0148

7.6CVSS9.2AI score0.0084EPSS

CVE•added 2011/07/21 11:55 p.m.•46 views

CVE-2011-0223