Lucene search
K

211 matches found

CVE
CVE
added 2011/10/12 6:0 p.m.150 views

CVE-2011-2813

The CVE-2011-2813 entry corresponds to a WebKit/WebKit-based component used by Apple iTunes prior to version 10.5. The vulnerability allows MITM attackers to trigger memory corruption and an application crash, potentially enabling arbitrary code execution or a denial of service via iTunes Store b...

7.6CVSS7.5AI score0.02288EPSS
CVE
CVE
added 2016/07/22 1:0 a.m.110 views

CVE-2016-4589

CVE-2016-4589 affects WebKit in Apple iOS prior to 9.3.3, Safari prior to 9.1.2, and tvOS prior to 9.2.2. The vulnerability allows a remote attacker to execute arbitrary code or cause a memory corruption-based denial of service via a crafted website. Root cause details are not expanded beyond mem...

8.8CVSS8.3AI score0.02591EPSS
CVE
CVE
added 2016/07/22 1:0 a.m.108 views

CVE-2016-4590

CVE-2016-4590 affects WebKit in iOS prior to 9.3.3 and Safari prior to 9.1.2, enabling a remote SOP bypass through crafted about: URLs. Apple advisories HT206902 and HT206900 list the WebKit-related fixes and associated CVEs (including 4590) and confirm remediation via updates to iOS Safari (iOS ...

5.4CVSS5.8AI score0.01464EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.107 views

CVE-2010-3804

CVE-2010-3804 concerns the JavaScript RNG in WebKit used by Apple Safari, where a weak random-number generation algorithm makes it easier to track a user by predicting values. Affected are Safari before 5.0.3 on Mac OS X 10.5–10.6 and Windows, and before 4.1.3 on Mac OS X 10.4. Root cause is the ...

5CVSS8.2AI score0.09126EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.96 views

CVE-2011-0255

CVE-2011-0255 affects WebKit as used by Apple Safari prior to 5.0.6. The issue is a memory corruption vulnerability in WebKit that can be exploited by a crafted website to run arbitrary code or cause a denial of service (crash). Root cause: memory corruption in WebKit components exposed via malic...

9.3CVSS8.8AI score0.03923EPSS
CVE
CVE
added 2016/07/22 1:0 a.m.91 views

CVE-2016-4591

CVE-2016-4591 is a WebKit flaw affecting Apple platforms: WebKit in iOS prior to 9.3.3, Safari prior to 9.1.2, and tvOS prior to 9.2.2 mishandles the location variable, enabling remote attackers to access the local filesystem via unspecified vectors. Public documentation in Apple security notes a...

7.8CVSS7AI score0.04221EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.88 views

CVE-2010-3812

CVE-2010-3812 : Integer overflow in WebKit’s Text::wholeText (dom/Text.cpp) allows remote code execution or crash via Text objects. Affected: Safari before 5.0.3 on OS X 10.5–10.6 and Windows; Safari before 4.1.3 on OS X 10.4; webkitgtk prior to 1.2.6; possibly other products. Connected advisorie...

9.3CVSS9.3AI score0.06513EPSS
CVE
CVE
added 2011/04/03 1:0 a.m.86 views

CVE-2011-1425

XML Security Library (xmlsec) prior to 1.2.17 with XSLT enabled is vulnerable: during signature verification, using the libxslt output extension and a ds:Transform element can cause an attacker to create or overwrite arbitrary files. This is triggered by the XSLT processing path and affects produ...

5.1CVSS7.6AI score0.08057EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.85 views

CVE-2010-1419

CVE-2010-1419 describes a use-after-free in WebKit used by Apple Safari on Windows and macOS (Safari before 5.0 on Mac OS X 10.5–10.6 and Windows; before 4.1 on Mac OS X 10.4). The flaw can be triggered by a window close action during a drag-and-drop operation, allowing a user‑assisted remote att...

9.3CVSS9.1AI score0.06698EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.85 views

CVE-2010-3813

CVE-2010-3813 concerns WebKit: The WebCore::HTMLLinkElement::process function does not verify whether DNS prefetching is enabled when processing a LINK element. This can let remote attackers bypass intended access restrictions, demonstrated by an HTML email using a LINK element for X-Confirm-Read...

5.8CVSS8.5AI score0.01838EPSS
CVE
CVE
added 2012/11/15 11:0 a.m.85 views

CVE-2012-5851

The CVE-2012-5851 issue concerns WebKit’s XSSAuditor.cpp in WebCore, used by Google Chrome (through version 22) and Safari (5.1.7). The root cause is that reflected data output contexts aren’t fully accounted for, enabling bypass of the built-in XSS protection. The listed references (WebKit Bug 9...

4.3CVSS5.2AI score0.02337EPSS
CVE
CVE
added 2011/03/11 9:0 p.m.84 views

CVE-2011-1290

CVE-2011-1290 refers to an integer overflow in WebKit used by the BlackBerry Torch 9800 (firmware 6.0.0.246), Google Chrome prior to 10.0.648.133, and Safari prior to 5.0.5. The overflow occurs in CSS style handling, nodesets, and a length value, enabling remote code execution. The issue was demo...

10CVSS8.9AI score0.09754EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.84 views

CVE-2011-1774

WebKit in Apple Safari before 5.0.6 is affected by CVE-2011-1774 due to improper libxslt security settings, allowing remote attackers to create arbitrary files and potentially execute arbitrary code via a crafted web site. This vulnerability arises from how XSLT output handling interacts with lib...

8.8CVSS6.7AI score0.43195EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.83 views

CVE-2010-1783

WebKitGTK+ and Safari are affected by CVE-2010-1783 as part of a set of WebKit vulnerabilities. The issue arises from improper handling of dynamic modification of a text node, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and crash). Affected:...

9.3CVSS9.2AI score0.05961EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.83 views

CVE-2010-1784

CVE-2010-1784 is listed in MiracleLinux AXSA-2011-34:01 as a vulnerability fixed in webkitgtk-1.2.6-2.AXS4. The advisory groups CVE-2010-1784 with other WebKitGTK+/WebKit flaws and notes that these issues are resolved by updating the affected package. The provided documents do not include detaile...

9.3CVSS9.2AI score0.05961EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.82 views

CVE-2010-1395

CVE-2010-1395 is a WebKit-based XSS vulnerability in Apple Safari prior to 5.0 (Mac OS X 10.5–10.6 and Windows) and Safari/WebKit prior to 4.1 on Mac OS X 10.4. It arises from a DOM constructor object scope management issue that allows remote attackers to inject arbitrary script or HTML via certa...

4.3CVSS7AI score0.02933EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.82 views

CVE-2010-1792

WebKit vulnerabilities tied to CVE-2010-1792 affect WebKit in Apple Safari (Mac OS X 10.4–10.6) and Windows, and WebKitGTK+ (before 1.2.6). The issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and crashes) via a crafted regular expression. Th...

9.3CVSS9.2AI score0.06012EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.80 views

CVE-2010-0544

CVE-2010-0544 is an XSS vulnerability in WebKit used by Apple Safari (before 5.0 on Windows and macOS 10.5–10.6; before 4.1 on macOS 10.4). It allows remote attackers to inject arbitrary script/HTML via a malformed URL. The connected documents confirm the affected product and vectors, but do not ...

4.3CVSS5.2AI score0.02933EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.80 views

CVE-2010-1390

CVE-2010-1390 is a cross-site scripting vulnerability in WebKit used by Safari that can allow remote attackers to inject arbitrary script or HTML via flaws in UTF-7 canonicalization and incomplete termination of a quoted string in HTML. The vulnerability affects WebKit/Safari on multiple platform...

4.3CVSS7.1AI score0.02933EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.80 views

CVE-2010-1759

Use-after-free in WebKit (Node.normalize) affects Apple Safari before 5.0 on Windows/Mac OS X 10.5–10.6 and 4.1 on OS X 10.4; also affects Safari before 4.1 on some platforms. Remote attackers could execute arbitrary code or cause a crash (DoS). The provided documents confirm the vulnerability an...

9.3CVSS8.7AI score0.15733EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.80 views

CVE-2010-1770

CVE-2010-1770 affects WebKit-based browsers (Safari up to v5 on macOS 10.5–10.6 and Windows; Safari up to v4.1 on macOS 10.4; Chrome up to 5.0.375.70). The issue is a transformation handling bug for a text node using IBM1147 charset, in HTML with a BR element, related to a type checking issue. Co...

9.3CVSS8.7AI score0.04756EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.79 views

CVE-2010-1414

CVE-2010-1414 is a use-after-free in WebKit used by Apple Safari prior to version 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. The issue enables remote attackers to execute arbitrary code or cause an application crash via vectors related to the removeChild DOM method....

9.3CVSS9.1AI score0.06698EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.78 views

CVE-2010-1780

CVE-2010-1780 affects WebKitGTK+ (WebKit) used by MiracleLinux & OpenSUSE/OpenVAS advisories. The vulnerability is a use-after-free in element focus paths that can allow remote code execution or a crash. MiracleLinux AXSA:2011-34:01 fixes WebKitGTK+ 1.2.6-2.AXS4; advisories for related CVEs in We...

9.3CVSS9.1AI score0.06084EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.78 views

CVE-2010-1782

CVE-2010-1782 affects WebKit-based components (e.g., WebKit in Apple Safari and WebKitGTK+). The vulnerability arises from the rendering of inline elements, leading to remote code execution or a denial of service via memory corruption/application crash. The MiracleLinux advisory (AXSA:2011-34:01)...

9.3CVSS9.3AI score0.05961EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.78 views

CVE-2011-1797

Affected software: WebKit as used by Apple Safari prior to version 5.0.6. Description confirms a vulnerability in WebKit that allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site, via memory corruption in the rendering engine. Root cause is a WebKi...

9.3CVSS8.8AI score0.04375EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.77 views

CVE-2010-1401

CVE-2010-1401 is a use-after-free in WebKit’s CSS handling in Safari before version 5.0 on Mac OS X 10.5–10.6 and Windows, and before 4.1 on Mac OS X 10.4. The flaw relates to the :first-letter pseudo-element and can allow remote attackers to execute arbitrary code or trigger a crash (DoS). The d...

9.3CVSS9AI score0.08732EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.77 views

CVE-2010-1785

CVE-2010-1785 affects WebKit-based rendering in WebKitGTK+ (and Safari) before the listed fixed versions, including webkitgtk prior to 1.2.6. The root cause is uninitialized memory during processing of the SVG text element’s :first-letter and :first-line pseudo-elements, enabling remote code exec...

9.3CVSS9.1AI score0.06084EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.77 views

CVE-2010-1786

CVE-2010-1786 is a use-after-free in WebKit/WebKitGTK+ permitting remote code execution or a crash via a foreignObject SVG element. Affected: WebKitGTK+ up to version 1.2.6 (and Safari prior to 5.0.1 on macOS, Windows; Safari 4.1.1 on macOS 10.4). Connected advisories show MiracleLinux/Miracle Li...

9.3CVSS9.1AI score0.06084EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.77 views

CVE-2010-3808

CVE-2010-3808 affects WebKit/Safari: Safari before 5.0.3 on macOS 10.5–10.6 and Windows, and Safari before 4.1.3 on macOS 10.4, do not properly cast an unspecified variable during editing command processing, allowing remote code execution or a denial of service via a crafted web site. The NVD ent...

9.3CVSS8.7AI score0.04448EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.77 views

CVE-2011-1288

The CVE-2011-1288 vulnerability affects WebKit as used by Apple Safari prior to 5.0.6. A crafted website can cause remote code execution or a Denial of Service via memory corruption and application crashes. This is tied to memory corruption issues in WebKit, with core impact described as arbitrar...

9.3CVSS8.8AI score0.03923EPSS
CVE
CVE
added 2011/10/12 6:0 p.m.77 views

CVE-2011-2352

CVE-2011-2352 affects WebKit used by Apple iTunes before 10.5. The vulnerability allows a MITM attacker to execute arbitrary code or cause a denial of service (memory corruption and application crash) via iTunes Store browsing vectors. Connected sources reiterate WebKit/iTunes Store browsing as t...

7.6CVSS7.5AI score0.02665EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.76 views

CVE-2010-1396

CVE-2010-1396 is a use-after-free in WebKit’s handling of contentEditable and removal of container elements, allowing remote attackers to execute arbitrary code or cause a denial of service (application crash). Affected products/versions cited include Safari before 5.0 on macOS 10.5–10.6 and Wind...

9.3CVSS8.6AI score0.08732EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.76 views

CVE-2010-1771

CVE-2010-1771 is a use-after-free vulnerability in WebKit used by Apple Safari before 5.0 on Mac OS X 10.5–10.6 and Windows, and before 4.1 on Mac OS X 10.4, triggered via fonts. This allows remote attackers to execute arbitrary code or cause a denial of service (application crash). The connected...

9.3CVSS8.7AI score0.06346EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.75 views

CVE-2010-2264

The vulnerability CVE-2010-2264 affects the CSS :visited handling in WebKit-based Safari. Affected software: Safari before 5.0 on Mac OS X 10.5–10.6 and Windows, and Safari before 4.1 on Mac OS X 10.4. Root cause: the :visited pseudo-class is not properly handled by CSS in WebKit, enabling remote...

4.3CVSS7.4AI score0.02597EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.75 views

CVE-2011-1453

CVE-2011-1453 affects WebKit as used by Apple Safari prior to 5.0.6. The issue is a use-after-free in SVG handling (SVG Markers) in WebKit, which can allow a remote attacker to exploit memory corruption to execute arbitrary code or cause a crash. The vulnerability is tied to Safari/WebKit’s SVG o...

9.3CVSS8.8AI score0.03923EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.74 views

CVE-2010-1394

CVE-2010-1394 is a Cross‑Site Scripting (XSS) vulnerability in WebKit used by Apple Safari. The initial data states Safari before version 5.0 on Mac OS X 10.5–10.6 and Windows, and before 4.1 on Mac OS X 10.4, is susceptible. The root cause is improper handling of HTML document fragments that all...

4.3CVSS7AI score0.02933EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.74 views

CVE-2010-3805

The CVE-2010-3805 entry concerns Apple Safari/WebKit. Affected: Safari/WebKit prior to 5.0.3 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1.3 on Mac OS X 10.4. Description: an integer underflow in WebKit via WebSockets allows a remote attacker to execute arbitrary code or cause an applicatio...

9.3CVSS8.6AI score0.05862EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.73 views

CVE-2010-1393

CVE-2010-1393 affects WebKit’s CSS handling in Safari before 5.0 on Windows/Mac and before 4.1 on Mac OS X/opens with a redirecting URL, allowing remote attackers to discover sensitive URLs via an HREF attribute. The vulnerability exposes partial confidentiality as described by the NVD, with rela...

4.3CVSS8.3AI score0.02058EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.73 views

CVE-2010-1416

CVE-2010-1416 affects WebKit in Apple Safari prior to 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. It occurs because reading a canvas that contains an SVG image pattern from a different site is not properly restricted, enabling a cross-site image capture. This could a...

4.3CVSS7.8AI score0.02981EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.73 views

CVE-2010-1793

CVE-2010-1793 is a confirmed use-after-free vulnerability in WebKit/WebKitGTK+ that can allow remote code execution or a crash via a crafted SVG document (via a font-face or an SVG use element). Affected products include Safari (Mac OS X 10.4–10.6) and WebKitGTK+ up to version 1.2.6; various list...

9.3CVSS9.3AI score0.06728EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.73 views

CVE-2011-0218

CVE-2011-0218 affects WebKit as used in Apple Safari prior to 5.0.6. A crafted website can trigger memory corruption in WebKit, resulting in remote arbitrary code execution or a denial of service (application crash). The vulnerability stems from memory handling issues within WebKit when parsing o...

9.3CVSS8.8AI score0.03923EPSS
CVE
CVE
added 2011/10/12 6:0 p.m.73 views

CVE-2011-2338

CVE-2011-2338 affects WebKit as used in Apple iTunes prior to 10.5. The vulnerability is exposed via vectors related to iTunes Store browsing, allowing a man‑in‑the‑middle attacker to execute arbitrary code or cause a memory corruption/DoS (application crash). The NVD entry lists a CVSS v2 base s...

7.6CVSS7.5AI score0.02618EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.72 views

CVE-2010-1758

CVE-2010-1758 is a use-after-free vulnerability in WebKit affecting Safari up to version 5.x (Mac OS X 10.5–10.6) and Windows, and WebKit on Mac OS X 10.4. The issue arises from DOM Range handling and can lead to remote code execution or application crashes. Connected documents confirm related We...

9.3CVSS8.7AI score0.06698EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.72 views

CVE-2010-1788

CVE-2010-1788 affects WebKit/WebKitGTK+ with a use element in SVG able to trigger remote code execution or memory corruption causing application crashes. Affected: Safari (Mac OS X 10.4–10.6) and Windows builds prior to 5.0.1, and webkitgtk before 1.2.6. The description also notes potential denia...

9.3CVSS9.3AI score0.05961EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.72 views

CVE-2010-3823

CVE-2010-3823 is a use-after-free in WebKit affecting Apple Safari prior to 5.0.3 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1.3 on Mac OS X 10.4, exploitable via Geolocation object vectors. The vulnerability can allow remote code execution or cause an application crash (DoS). The issue is...

9.3CVSS8.6AI score0.05829EPSS
CVE
CVE
added 2011/03/11 10:0 p.m.72 views

CVE-2011-0160

CVE-2011-0160 affects WebKit as used in Apple Safari prior to 5.0.4 and iOS prior to 4.3. The vulnerability arises when handling redirects with HTTP Basic Authentication, potentially causing the Authorization header (and thus credentials) to be logged by remote servers. The issue is tied to WebKi...

5CVSS8.3AI score0.01549EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.71 views

CVE-2010-1749

CVE-2010-1749 is a use-after-free vulnerability in WebKit affecting Apple Safari prior to version 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. The issue arises from the CSS run-in property and multiple invocations of a destructor for a child element that has been refe...

9.3CVSS8.6AI score0.08732EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.71 views

CVE-2011-0222

CVE-2011-0222 affects WebKit as used in Apple Safari prior to version 5.0.6. A crafted web site can trigger memory corruption in WebKit, enabling remote arbitrary code execution or causing an application crash (DoS). The vulnerability is tied to WebKit’s SVG handling and related memory-corruption...

9.3CVSS8.8AI score0.21639EPSS
CVE
CVE
added 2008/04/17 5:0 p.m.70 views

CVE-2008-1025

The CVE-2008-1025 entry concerns Apple Safari/WebKit prior to version 3.1.1, where WebKit mishandles URLs with a colon in the hostname, enabling cross-site scripting (XSS). The vulnerability is rooted in WebKit’s URL handling and affects Safari before 3.1.1. Reported impact is that an attacker ca...

4.3CVSS5.2AI score0.02893EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.70 views

CVE-2010-1404

CVE-2010-1404 is a WebKit use-after-free vulnerability exploited via an SVG document containing recursive Use elements. In Safari (pre-5.0 on Mac OS X 10.5–10.6 and Windows) and pre-4.1 on Mac OS X 10.4, this can allow remote code execution or cause a denial of service (application crash) during ...

9.3CVSS9.2AI score0.08732EPSS
Total number of security vulnerabilities211