Webkit@* Security Vulnerabilities and Issues — Webkit@* CVE List

Lucene search

AppleWebkit*

217 matches found

CVE•added 2011/10/12 6:55 p.m.•135 views

CVE-2011-2813

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2010/11/22 1:0 p.m.•92 views

CVE-2010-3804

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a relat...

5CVSS8.2AI score0.18677EPSS

CVE•added 2016/07/22 2:59 a.m.•86 views

CVE-2016-4590

WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

5.4CVSS5.8AI score0.00435EPSS

CVE•added 2016/07/22 2:59 a.m.•85 views

CVE-2016-4589

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.

8.8CVSS8.3AI score0.71303EPSS

CVE•added 2016/07/22 2:59 a.m.•79 views

CVE-2016-4591

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

7.8CVSS7AI score0.04036EPSS

CVE•added 2011/07/21 11:55 p.m.•75 views

CVE-2011-0255

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2010/06/11 7:30 p.m.•74 views

CVE-2010-1419

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close...

9.3CVSS9.1AI score0.10048EPSS

CVE•added 2010/11/22 1:0 p.m.•74 views

CVE-2010-3812

Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause...

9.3CVSS9.3AI score0.06675EPSS

CVE•added 2010/02/18 6:0 p.m.•72 views

CVE-2010-0651

WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive in...

4.3CVSS7.3AI score0.02258EPSS

CVE•added 2010/06/11 6:0 p.m.•70 views

CVE-2010-1395

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issu...

4.3CVSS7AI score0.01195EPSS

CVE•added 2012/11/15 11:58 a.m.•68 views

CVE-2012-5851

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka r...

4.3CVSS5.2AI score0.00344EPSS

CVE•added 2010/06/11 7:30 p.m.•66 views

CVE-2010-0544

4.3CVSS5.2AI score0.00763EPSS

CVE•added 2010/07/30 8:30 p.m.•66 views

CVE-2010-1792

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.

9.3CVSS9.2AI score0.06539EPSS

CVE•added 2011/04/04 12:27 p.m.•66 views

CVE-2011-1425

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

5.1CVSS7.6AI score0.09898EPSS

CVE•added 2010/06/11 7:30 p.m.•65 views

CVE-2010-1770

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary ...

9.3CVSS8.7AI score0.11733EPSS

CVE•added 2010/07/30 8:30 p.m.•65 views

CVE-2010-1783

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory co...

9.3CVSS9.2AI score0.04924EPSS

CVE•added 2010/07/30 8:30 p.m.•65 views

CVE-2010-1784

The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of servi...

9.3CVSS9.2AI score0.04924EPSS

CVE•added 2011/07/21 11:55 p.m.•64 views

CVE-2011-1288

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2010/11/22 1:0 p.m.•63 views

CVE-2010-3813

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetchin...

5.8CVSS8.5AI score0.00848EPSS

CVE•added 2011/03/11 9:57 p.m.•63 views

CVE-2011-1290

Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets,...

10CVSS8.9AI score0.06534EPSS

CVE•added 2010/06/11 6:0 p.m.•62 views

CVE-2010-1401

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vec...

9.3CVSS9AI score0.08815EPSS

CVE•added 2010/07/30 8:30 p.m.•62 views

CVE-2010-1782

9.3CVSS9.3AI score0.06539EPSS

CVE•added 2011/10/12 6:55 p.m.•62 views

CVE-2011-2352

7.6CVSS7.5AI score0.01016EPSS

CVE•added 2010/06/11 6:0 p.m.•61 views

CVE-2010-1393

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.

4.3CVSS8.3AI score0.01392EPSS

CVE•added 2010/06/11 7:30 p.m.•61 views

CVE-2010-2264

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages ...

4.3CVSS7.4AI score0.00732EPSS

CVE•added 2011/07/21 11:55 p.m.•61 views

CVE-2011-1797

9.3CVSS8.8AI score0.01413EPSS

CVE•added 2010/02/18 6:0 p.m.•60 views

CVE-2010-0656

WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted loc...

4.3CVSS8.3AI score0.00606EPSS

CVE•added 2010/06/11 6:0 p.m.•60 views

CVE-2010-1414

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.

9.3CVSS9.1AI score0.13965EPSS

CVE•added 2010/07/30 8:30 p.m.•60 views

CVE-2010-1785

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote atta...

9.3CVSS9.1AI score0.07555EPSS

CVE•added 2010/07/30 8:30 p.m.•60 views

CVE-2010-1786

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject elemen...

9.3CVSS9.1AI score0.06495EPSS

CVE•added 2011/07/21 11:55 p.m.•59 views

CVE-2011-1453

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/10/12 6:55 p.m.•59 views

CVE-2011-2338

7.6CVSS7.5AI score0.01224EPSS

CVE•added 2014/02/27 1:55 a.m.•59 views

CVE-2014-1268

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.

6.8CVSS7.8AI score0.0105EPSS

CVE•added 2010/02/18 6:0 p.m.•58 views

CVE-2010-0647

WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a > sequence.

9.3CVSS9.2AI score0.10166EPSS

CVE•added 2010/06/11 6:0 p.m.•58 views

CVE-2010-1390

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of...

4.3CVSS7.1AI score0.01195EPSS

CVE•added 2010/06/11 6:0 p.m.•58 views

CVE-2010-1749

9.3CVSS8.6AI score0.12597EPSS

CVE•added 2010/06/11 7:30 p.m.•58 views

CVE-2010-1771

9.3CVSS8.7AI score0.08537EPSS

CVE•added 2010/11/22 1:0 p.m.•58 views

CVE-2010-3823

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this ...

9.3CVSS8.6AI score0.10426EPSS

CVE•added 2014/02/27 1:55 a.m.•58 views

CVE-2014-1270

6.8CVSS7.8AI score0.0105EPSS

CVE•added 2010/06/11 6:0 p.m.•57 views

CVE-2010-1396

9.3CVSS8.6AI score0.05901EPSS

CVE•added 2010/06/11 6:0 p.m.•57 views

CVE-2010-1402

Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, ...

9.3CVSS9.1AI score0.08815EPSS

CVE•added 2010/06/11 6:0 p.m.•57 views

CVE-2010-1417

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content ...

9.3CVSS8.9AI score0.08544EPSS

CVE•added 2010/06/11 7:30 p.m.•57 views

CVE-2010-1759

9.3CVSS8.7AI score0.48797EPSS

CVE•added 2010/11/22 1:0 p.m.•57 views

CVE-2010-3816

9.3CVSS8.6AI score0.10426EPSS

CVE•added 2011/07/21 11:55 p.m.•57 views

CVE-2011-0222

9.3CVSS8.8AI score0.48517EPSS

CVE•added 2011/10/12 6:55 p.m.•57 views

CVE-2011-3237