Lucene search
K

211 matches found

CVE
CVE
added 2010/06/11 5:28 p.m.71 views

CVE-2010-1404

CVE-2010-1404 is a WebKit use-after-free vulnerability exploited via an SVG document containing recursive Use elements. In Safari (pre-5.0 on Mac OS X 10.5–10.6 and Windows) and pre-4.1 on Mac OS X 10.4, this can allow remote code execution or cause a denial of service (application crash) during ...

9.3CVSS9.2AI score0.08732EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.71 views

CVE-2010-1790

CVE-2010-1790 affects WebKit, including Safari on Mac OS X versions 10.5–10.6 and Windows, Safari 4.1.1 on Mac OS X 10.4, and webkitgtk prior to 1.2.6. The issue is a reentrancy-related flaw in handling just-in-time (JIT) compiled JavaScript stubs, enabling remote attackers to execute arbitrary c...

9.3CVSS9AI score0.06084EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.71 views

CVE-2010-3824

The CVE-2010-3824 issue is a Use-After-Free in WebKit used by Apple Safari. Affected: Safari prior to 5.0.3 on macOS X 10.5–10.6 and Windows, and prior to 4.1.3 on macOS X 10.4. Root cause: use-after-free in WebKit when processing SVG use elements. Impact: remote code execution or denial of servi...

9.3CVSS8.6AI score0.05862EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.71 views

CVE-2011-0222

CVE-2011-0222 affects WebKit as used in Apple Safari prior to version 5.0.6. A crafted web site can trigger memory corruption in WebKit, enabling remote arbitrary code execution or causing an application crash (DoS). The vulnerability is tied to WebKit’s SVG handling and related memory-corruption...

9.3CVSS8.8AI score0.21639EPSS
CVE
CVE
added 2014/02/27 1:0 a.m.71 views

CVE-2014-1268

CVE-2014-1268 concerns WebKit as used in Apple Safari, specifically versions affected by memory corruption via a crafted web site that can lead to remote code execution or a denial of service. The vulnerability is described as affecting Safari before 6.1.2 and Safari 7.x before 7.0.2. The underly...

6.8CVSS7.8AI score0.01877EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.70 views

CVE-2010-1400

CVE-2010-1400 is a use-after-free in WebKit affecting Apple Safari on Mac OS X 10.5–10.6 and Windows (and Safari 4.1 on OS X 10.4). Exploitation via caption element-related vectors could allow remote code execution or cause an application crash. Connected documents confirm affected WebKit compone...

9.3CVSS8.6AI score0.06698EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.70 views

CVE-2010-1417

CVE-2010-1417 affects the WebKit CSS implementation in Apple Safari (before 5.0 on Mac OS X 10.5–10.6 and Windows; before 4.1 on Mac OS X 10.4). It allows remote attackers to trigger arbitrary code execution or a denial of service via HTML content that uses multiple :after pseudo-selectors. The p...

9.3CVSS8.9AI score0.06563EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.70 views

CVE-2010-1422

CVE-2010-1422 affects WebKit used by Safari on Mac OS X and Windows (pre-5.0 on certain macOS versions; before 4.1 on Mac OS X 10.4). Root cause: improper handling of keyboard focus changes during key-press processing, enabling a crafted HTML document to force arbitrary key presses. Exploitation ...

4.3CVSS7.8AI score0.03007EPSS
CVE
CVE
added 2010/06/24 5:0 p.m.70 views

CVE-2010-2441

CVE-2010-2441 in WebKit: improper restrictions on focus changes enables reading keystrokes via cross-domain IFRAME gadgets. The issue is addressed by openSUSE/libwebkit updates to WebKit 1.2.7 (examples: openSUSE-SU-2011:0024/0458-1 patches for libwebkit) which list CVE-2010-2441 among fixed bugs...

4.3CVSS8.6AI score0.01898EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.70 views

CVE-2010-3816

CVE-2010-3816 is a use-after-free in WebKit used by Apple Safari (pre-5.0.3 on Mac OS X 10.5–10.6 and Windows; pre-4.1.3 on Mac OS X 10.4) that allows remote code execution or a denial of service via scrollbar-related vectors. Affected components: WebKit/Safari across specified OS versions. Root ...

9.3CVSS8.6AI score0.05829EPSS
CVE
CVE
added 2011/03/11 10:0 p.m.70 views

CVE-2011-0157

CVE-2011-0157 affects WebKit used in Apple iOS prior to 4.3. The underlying issue is memory corruption that can be triggered by a crafted web site, enabling remote code execution or causing an application crash (DoS). Affected component: WebKit on iOS; vulnerability class and trigger are describe...

7.5CVSS7.9AI score0.01851EPSS
CVE
CVE
added 2011/10/12 6:0 p.m.70 views

CVE-2011-2341

CVE-2011-2341 affects WebKit as used in Apple iTunes before 10.5. The vulnerability allows man-in-the-middle attackers to execute arbitrary code or cause memory corruption and an application crash via iTunes Store browsing related vectors. The OpenVAS/Nessus entries in the connected data corrobor...

7.6CVSS7.5AI score0.02618EPSS
CVE
CVE
added 2011/10/12 6:0 p.m.70 views

CVE-2011-2354

CVE-2011-2354 affects WebKit as used in Apple iTunes before 10.5. The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing. No specific vendor/version patch details ar...

7.6CVSS7.5AI score0.02665EPSS
CVE
CVE
added 2011/10/12 6:0 p.m.70 views

CVE-2011-2814

CVE-2011-2814 affects WebKit as used in Apple iTunes before 10.5. It allows a man-in-the-middle attacker to cause arbitrary code execution or a denial of service via vectors related to iTunes Store browsing, tied to memory corruption and application crashes. The provided documents do not specify ...

7.6CVSS7.5AI score0.02288EPSS
CVE
CVE
added 2013/12/18 11:0 a.m.70 views

CVE-2013-5199

CVE-2013-5199 affects WebKit as used by Apple Safari , where memory corruption could be triggered by a crafted website, allowing remote code execution or a browser crash. The description specifies vulnerable targets as WebKit in Safari before 6.1.1 and 7.x before 7.0.1. Remediation available in A...

6.8CVSS7.8AI score0.02195EPSS
CVE
CVE
added 2014/02/27 1:0 a.m.70 views

CVE-2014-1270

Technical details for CVE-2014-1270 are not present in the provided connected documents; no explicit root cause, affected versions, or fixes are disclosed. Monitor ENISA EUVD entries and Nessus plugins for any concrete information.

6.8CVSS7.8AI score0.02181EPSS
CVE
CVE
added 2016/07/22 1:0 a.m.70 views

CVE-2016-4585

CVE-2016-4585 targets WebKit Page Loading in Apple platforms: iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2. Root cause is mishandling of HTTP redirect responses by Safari, enabling cross-site scripting (XSS) via injected web script or HTML in the redirected page. The vulnerability...

6.1CVSS6AI score0.01917EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.69 views

CVE-2010-1389

CVE-2010-1389 describes a cross-site scripting (XSS) vulnerability in WebKit used by Apple Safari on Windows and macOS. It allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag‑and‑drop operation for a selection. Affected versio...

4.3CVSS7.1AI score0.02933EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.69 views

CVE-2010-1398

CVE-2010-1398 : WebKit in Safari before 5.0 on Mac OS X 10.5–10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions due to the insertion of an unspecified element into an editable container and access of an uninitialized element. This can allow remote...

9.3CVSS8.8AI score0.08557EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.69 views

CVE-2010-1402

CVE-2010-1402 describes a double-free flaw in WebKit used by Apple Safari that can allow remote code execution or a denial of service via an SVG event listener with duplicate listeners, a timer, and an AnimateTransform object. Affected: Safari before 5.0 on Mac OS X 10.5–10.6 and Windows, and bef...

9.3CVSS9.1AI score0.08732EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.69 views

CVE-2010-1415

WebKit vulnerability CVE-2010-1415 affects Safari prior to 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. It stems from improper handling of libxml contexts in WebKit, described as an API abuse issue. Consequences described: remote attackers could execute arbitrary code...

9.3CVSS9AI score0.06691EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.69 views

CVE-2010-1774

CVE-2010-1774 affects WebKit used by Apple Safari (before 5.0 on Mac OS X 10.5–10.6 and Windows, and before 4.1 on Mac OS X 10.4). The root cause is an out-of-bounds memory access during HTML table processing, enabling remote attackers to execute arbitrary code or cause a denial of service (appli...

9.3CVSS8.6AI score0.06698EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.69 views

CVE-2011-0253

CVE-2011-0253 is tied to WebKit in Apple Safari (pre-5.0.6) and is described as allowing remote code execution or memory corruption/DoS via a crafted site. Connected documents confirm WebKit-related vulnerability in Apple software (notably iTunes/WebKit entries) but do not specify exact patch ver...

9.3CVSS8.8AI score0.03564EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.69 views

CVE-2011-1457

CVE-2011-1457 : WebKit used by Apple Safari prior to 5.0.6 is vulnerable. A crafted web site can trigger memory corruption in WebKit, leading to arbitrary code execution or a denial of service (application crash). Affected software is Safari with WebKit prior to 5.0.6. Mitigation: update Safari t...

9.3CVSS8.8AI score0.03923EPSS
CVE
CVE
added 2011/10/12 6:0 p.m.69 views

CVE-2011-2339

The CVE-2011-2339 entry concerns WebKit as used in Apple iTunes prior to v10.5. The vulnerability enables man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and crash) via iTunes Store browsing-related vectors. This is tied to WebKit/Apple iTunes...

7.6CVSS7.5AI score0.02288EPSS
CVE
CVE
added 2011/10/12 6:0 p.m.69 views

CVE-2011-3237

CVE-2011-3237 affects WebKit as used by Apple iTunes before version 10.5. The vulnerability allows a man-in-the-middle attacker to execute arbitrary code or cause a denial of service (memory corruption and application crash) via iTunes Store browsing-related vectors. The connected Nessus entry no...

7.6CVSS7.5AI score0.0268EPSS
CVE
CVE
added 2007/07/23 4:0 p.m.68 views

CVE-2007-3944

CVE-2007-3944 describes multiple heap-based buffer overflows in the PCRE library used by the JavaScript engine in Apple Safari (WebKit) and iPhone Safari, allowing remote code execution via crafted JavaScript regex. Affected: Safari 3 Beta before Update 3.0.3 and iPhone before 1.0.1. Root cause: ...

9.3CVSS7.4AI score0.06533EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.68 views

CVE-2010-1409

CVE-2010-1409 is a WebKit vulnerability described as an incomplete blacklist that could allow data disclosure via IRC-related vectors. Affected products include Apple Safari prior to version 5.0 on Mac OS X 10.5–10.6 and Windows, and Safari before 4.1 on Mac OS X 10.4. The root cause is an incomp...

5.8CVSS8.1AI score0.02981EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.68 views

CVE-2010-1412

CVE-2010-1412 affects WebKit in Safari (pre-5.0 on Mac OS X 10.5–10.6 and Windows; pre-4.1 on Mac OS X 10.4). The issue is a use-after-free in hover-event handling that can allow remote code execution or cause an application crash (DoS). The description and related Nessus/OpenVAS entries confirm ...

9.3CVSS8.6AI score0.06698EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.68 views

CVE-2010-1764

CVE-2010-1764 affects WebKit in Apple Safari prior to 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. The vulnerability arises from following multiple redirections during form submission, enabling remote servers to record form data and access sensitive information. Conne...

4.3CVSS8.1AI score0.02262EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.68 views

CVE-2010-3810

Affected software: Apple Safari/WebKit. Vulnerability: improper handling of the History object in WebKit, enabling cross-origin manipulation to spoof the location bar URL or add URLs to history. Affected versions: Safari before 5.0.3 on Mac OS X 10.5–10.6 and Windows; Safari before 4.1.3 on Mac O...

4.3CVSS7.8AI score0.02378EPSS
CVE
CVE
added 2011/03/03 7:0 p.m.68 views

CVE-2011-0112

CVE-2011-0112 affects WebKit as used in Apple iTunes prior to version 10.2 on Windows. The vulnerability allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing. Root cause: is...

7.6CVSS9.2AI score0.02631EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.67 views

CVE-2010-1391

CVE-2010-1391 is a WebKit (Safari) directory-traversal vulnerability affecting WebKit’s Local Storage and Web SQL components. The issue allows remote attackers to create arbitrary database files by crafting URLs containing sequences like a leading slash with .. or backslash variants (e.g., %2f.. ...

4.3CVSS8.9AI score0.03661EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.67 views

CVE-2010-1397

CVE-2010-1397 is a use-after-free in WebKit used by Safari (and related WebKit deployments) that can allow remote code execution or a crash through a layout-change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in an unspecified container. Affected: Safari before 5.0 ...

9.3CVSS8.7AI score0.08732EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.67 views

CVE-2010-1403

CVE-2010-1403 affects WebKit in Apple Safari prior to 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. It arises from uninitialized memory access during processing of a use element in an SVG document (related to ProcessInstruction), allowing remote attackers to execute ar...

9.3CVSS9AI score0.08732EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.67 views

CVE-2010-1405

CVE-2010-1405 is a use-after-free in WebKit that affects Apple Safari before 5.0 on Windows/macOS (and Safari

9.3CVSS8.7AI score0.06698EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.67 views

CVE-2010-1408

WebKit in Apple Safari vulnerable to bypassing outbound-port restrictions. Affected: Safari before 5.0 on Mac OS X 10.5–10.6 and Windows; Safari before 4.1 on Mac OS X 10.4. Issue: integer truncation that allows remote attackers to reach non-default TCP ports via crafted port numbers. This CVE ma...

4.3CVSS8.2AI score0.03084EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.67 views

CVE-2010-1761

CVE-2010-1761 is a use-after-free vulnerability in WebKit that can allow remote code execution or a denial of service (application crash) via vectors involving HTML document subtrees. Affected are Apple Safari before 5.0 on Mac OS X 10.5–10.6 and Windows, and Safari before 4.1 on Mac OS X 10.4. T...

9.3CVSS8.6AI score0.06698EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.67 views

CVE-2010-1791

Technical details for CVE-2010-1791 are not publicly available in the provided documents. Monitor for updates; the connected sources list CVE references but do not provide affected product/version, root cause, impact, or remediation specifics.

9.3CVSS9.1AI score0.0605EPSS
CVE
CVE
added 2011/03/03 7:0 p.m.67 views

CVE-2011-0130

CVE-2011-0130 affects WebKit as used in Apple iTunes before 10.2 on Windows. The vulnerability allows memory corruption during iTunes Store browsing, enabling a man-in-the-middle attacker to execute arbitrary code or cause a denial of service (application crash). The description mentions a memory...

7.6CVSS9.2AI score0.02631EPSS
CVE
CVE
added 2011/03/03 7:0 p.m.67 views

CVE-2011-0149

CVE-2011-0149 concerns WebKit as used in Apple iTunes before 10.2 on Windows. The vulnerability arises from improper parsing of HTML elements related to document namespaces, enabling a man-in-the-middle attacker to trigger arbitrary code execution or cause a denial of service (memory corruption a...

7.6CVSS9.2AI score0.03181EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.67 views

CVE-2011-1462

CVE-2011-1462 affects WebKit as used by Apple Safari up to version 5.0.5, with a memory-corruption vulnerability that could be exploited by a crafted web site to execute arbitrary code or cause a denial of service. The linked NASL notes Safari before 5.0.6 as vulnerable and implies the fix is a S...

9.3CVSS8.8AI score0.03923EPSS
CVE
CVE
added 2011/10/12 6:0 p.m.67 views

CVE-2011-2809

CVE-2011-2809 affects WebKit as used in Apple iTunes before 10.5. The vulnerability allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing. The provided connected documents co...

7.6CVSS7.5AI score0.02595EPSS
CVE
CVE
added 2014/02/27 1:0 a.m.67 views

CVE-2014-1269

CVE-2014-1269 affects WebKit as used in Apple Safari before 6.1.2 and in Safari 7.x before 7.0.2. A crafted web site can cause remote code execution or memory corruption with an application crash; this is a separate issue from CVE-2014-1268/1270. The provided documents identify the affected platf...

6.8CVSS7.8AI score0.02181EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.66 views

CVE-2010-1399

CVE-2010-1399 affects WebKit used by Apple Safari prior to 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. The vulnerability arises when WebKit accesses uninitialized memory during a selection change on a form input element, which can let remote attackers execute arbitra...

9.3CVSS8.5AI score0.06698EPSS
CVE
CVE
added 2010/06/11 5:28 p.m.66 views

CVE-2010-1410

CVE-2010-1410 affects WebKit in Apple Safari: vulnerable when rendering SVG documents with nested use elements, causing memory corruption that can lead to remote code execution or a crash. Affected platforms include Mac OS X 10.4–10.6 and Windows, with Safari prior to 5.0 on 10.5–10.6 and prior t...

9.3CVSS9.3AI score0.06855EPSS
CVE
CVE
added 2010/06/11 7:0 p.m.66 views

CVE-2010-1418

Technical details for CVE-2010-1418 are not publicly provided in the connected documents; monitor for updates.

4.3CVSS6.8AI score0.02933EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.66 views

CVE-2010-3820

CVE-2010-3820 affects WebKit/Apple Safari targets: Safari prior to 5.0.3 on Mac OS X 10.5–10.6 and Windows, and Safari before 4.1.3 on Mac OS X 10.4. The issue is an uninitialized memory access during processing of editable elements, enabling remote attackers to execute arbitrary code or cause a ...

9.3CVSS8.6AI score0.04448EPSS
CVE
CVE
added 2011/03/11 10:0 p.m.66 views

CVE-2011-0163

CVE-2011-0163 affects WebKit as used by Apple Safari before 5.0.4 and iOS before 4.3 . The vulnerability arises from WebKit’s improper handling of unspecified "cached resources", enabling a remote attacker to cause a denial of service (resource unavailability) via a crafted website that performs ...

4.3CVSS7.9AI score0.01592EPSS
CVE
CVE
added 2011/07/21 11:0 p.m.66 views

CVE-2011-0233

The CVE-2011-0233 entry affects WebKit as used by Apple Safari prior to version 5.0.6. A crafted web site could trigger memory corruption in WebKit, enabling remote attackers to execute arbitrary code or cause a denial of service (application crash). The vulnerability is attributed to WebKit’s ha...

9.3CVSS8.8AI score0.03923EPSS
Total number of security vulnerabilities211