211 matches found
CVE-2010-1404
CVE-2010-1404 is a WebKit use-after-free vulnerability exploited via an SVG document containing recursive Use elements. In Safari (pre-5.0 on Mac OS X 10.5–10.6 and Windows) and pre-4.1 on Mac OS X 10.4, this can allow remote code execution or cause a denial of service (application crash) during ...
CVE-2010-1790
CVE-2010-1790 affects WebKit, including Safari on Mac OS X versions 10.5–10.6 and Windows, Safari 4.1.1 on Mac OS X 10.4, and webkitgtk prior to 1.2.6. The issue is a reentrancy-related flaw in handling just-in-time (JIT) compiled JavaScript stubs, enabling remote attackers to execute arbitrary c...
CVE-2010-3824
The CVE-2010-3824 issue is a Use-After-Free in WebKit used by Apple Safari. Affected: Safari prior to 5.0.3 on macOS X 10.5–10.6 and Windows, and prior to 4.1.3 on macOS X 10.4. Root cause: use-after-free in WebKit when processing SVG use elements. Impact: remote code execution or denial of servi...
CVE-2011-0222
CVE-2011-0222 affects WebKit as used in Apple Safari prior to version 5.0.6. A crafted web site can trigger memory corruption in WebKit, enabling remote arbitrary code execution or causing an application crash (DoS). The vulnerability is tied to WebKit’s SVG handling and related memory-corruption...
CVE-2014-1268
CVE-2014-1268 concerns WebKit as used in Apple Safari, specifically versions affected by memory corruption via a crafted web site that can lead to remote code execution or a denial of service. The vulnerability is described as affecting Safari before 6.1.2 and Safari 7.x before 7.0.2. The underly...
CVE-2010-1400
CVE-2010-1400 is a use-after-free in WebKit affecting Apple Safari on Mac OS X 10.5–10.6 and Windows (and Safari 4.1 on OS X 10.4). Exploitation via caption element-related vectors could allow remote code execution or cause an application crash. Connected documents confirm affected WebKit compone...
CVE-2010-1417
CVE-2010-1417 affects the WebKit CSS implementation in Apple Safari (before 5.0 on Mac OS X 10.5–10.6 and Windows; before 4.1 on Mac OS X 10.4). It allows remote attackers to trigger arbitrary code execution or a denial of service via HTML content that uses multiple :after pseudo-selectors. The p...
CVE-2010-1422
CVE-2010-1422 affects WebKit used by Safari on Mac OS X and Windows (pre-5.0 on certain macOS versions; before 4.1 on Mac OS X 10.4). Root cause: improper handling of keyboard focus changes during key-press processing, enabling a crafted HTML document to force arbitrary key presses. Exploitation ...
CVE-2010-2441
CVE-2010-2441 in WebKit: improper restrictions on focus changes enables reading keystrokes via cross-domain IFRAME gadgets. The issue is addressed by openSUSE/libwebkit updates to WebKit 1.2.7 (examples: openSUSE-SU-2011:0024/0458-1 patches for libwebkit) which list CVE-2010-2441 among fixed bugs...
CVE-2010-3816
CVE-2010-3816 is a use-after-free in WebKit used by Apple Safari (pre-5.0.3 on Mac OS X 10.5–10.6 and Windows; pre-4.1.3 on Mac OS X 10.4) that allows remote code execution or a denial of service via scrollbar-related vectors. Affected components: WebKit/Safari across specified OS versions. Root ...
CVE-2011-0157
CVE-2011-0157 affects WebKit used in Apple iOS prior to 4.3. The underlying issue is memory corruption that can be triggered by a crafted web site, enabling remote code execution or causing an application crash (DoS). Affected component: WebKit on iOS; vulnerability class and trigger are describe...
CVE-2011-2341
CVE-2011-2341 affects WebKit as used in Apple iTunes before 10.5. The vulnerability allows man-in-the-middle attackers to execute arbitrary code or cause memory corruption and an application crash via iTunes Store browsing related vectors. The OpenVAS/Nessus entries in the connected data corrobor...
CVE-2011-2354
CVE-2011-2354 affects WebKit as used in Apple iTunes before 10.5. The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing. No specific vendor/version patch details ar...
CVE-2011-2814
CVE-2011-2814 affects WebKit as used in Apple iTunes before 10.5. It allows a man-in-the-middle attacker to cause arbitrary code execution or a denial of service via vectors related to iTunes Store browsing, tied to memory corruption and application crashes. The provided documents do not specify ...
CVE-2013-5199
CVE-2013-5199 affects WebKit as used by Apple Safari , where memory corruption could be triggered by a crafted website, allowing remote code execution or a browser crash. The description specifies vulnerable targets as WebKit in Safari before 6.1.1 and 7.x before 7.0.1. Remediation available in A...
CVE-2014-1270
Technical details for CVE-2014-1270 are not present in the provided connected documents; no explicit root cause, affected versions, or fixes are disclosed. Monitor ENISA EUVD entries and Nessus plugins for any concrete information.
CVE-2016-4585
CVE-2016-4585 targets WebKit Page Loading in Apple platforms: iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2. Root cause is mishandling of HTTP redirect responses by Safari, enabling cross-site scripting (XSS) via injected web script or HTML in the redirected page. The vulnerability...
CVE-2010-1389
CVE-2010-1389 describes a cross-site scripting (XSS) vulnerability in WebKit used by Apple Safari on Windows and macOS. It allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag‑and‑drop operation for a selection. Affected versio...
CVE-2010-1398
CVE-2010-1398 : WebKit in Safari before 5.0 on Mac OS X 10.5–10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions due to the insertion of an unspecified element into an editable container and access of an uninitialized element. This can allow remote...
CVE-2010-1402
CVE-2010-1402 describes a double-free flaw in WebKit used by Apple Safari that can allow remote code execution or a denial of service via an SVG event listener with duplicate listeners, a timer, and an AnimateTransform object. Affected: Safari before 5.0 on Mac OS X 10.5–10.6 and Windows, and bef...
CVE-2010-1415
WebKit vulnerability CVE-2010-1415 affects Safari prior to 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. It stems from improper handling of libxml contexts in WebKit, described as an API abuse issue. Consequences described: remote attackers could execute arbitrary code...
CVE-2010-1774
CVE-2010-1774 affects WebKit used by Apple Safari (before 5.0 on Mac OS X 10.5–10.6 and Windows, and before 4.1 on Mac OS X 10.4). The root cause is an out-of-bounds memory access during HTML table processing, enabling remote attackers to execute arbitrary code or cause a denial of service (appli...
CVE-2011-0253
CVE-2011-0253 is tied to WebKit in Apple Safari (pre-5.0.6) and is described as allowing remote code execution or memory corruption/DoS via a crafted site. Connected documents confirm WebKit-related vulnerability in Apple software (notably iTunes/WebKit entries) but do not specify exact patch ver...
CVE-2011-1457
CVE-2011-1457 : WebKit used by Apple Safari prior to 5.0.6 is vulnerable. A crafted web site can trigger memory corruption in WebKit, leading to arbitrary code execution or a denial of service (application crash). Affected software is Safari with WebKit prior to 5.0.6. Mitigation: update Safari t...
CVE-2011-2339
The CVE-2011-2339 entry concerns WebKit as used in Apple iTunes prior to v10.5. The vulnerability enables man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and crash) via iTunes Store browsing-related vectors. This is tied to WebKit/Apple iTunes...
CVE-2011-3237
CVE-2011-3237 affects WebKit as used by Apple iTunes before version 10.5. The vulnerability allows a man-in-the-middle attacker to execute arbitrary code or cause a denial of service (memory corruption and application crash) via iTunes Store browsing-related vectors. The connected Nessus entry no...
CVE-2007-3944
CVE-2007-3944 describes multiple heap-based buffer overflows in the PCRE library used by the JavaScript engine in Apple Safari (WebKit) and iPhone Safari, allowing remote code execution via crafted JavaScript regex. Affected: Safari 3 Beta before Update 3.0.3 and iPhone before 1.0.1. Root cause: ...
CVE-2010-1409
CVE-2010-1409 is a WebKit vulnerability described as an incomplete blacklist that could allow data disclosure via IRC-related vectors. Affected products include Apple Safari prior to version 5.0 on Mac OS X 10.5–10.6 and Windows, and Safari before 4.1 on Mac OS X 10.4. The root cause is an incomp...
CVE-2010-1412
CVE-2010-1412 affects WebKit in Safari (pre-5.0 on Mac OS X 10.5–10.6 and Windows; pre-4.1 on Mac OS X 10.4). The issue is a use-after-free in hover-event handling that can allow remote code execution or cause an application crash (DoS). The description and related Nessus/OpenVAS entries confirm ...
CVE-2010-1764
CVE-2010-1764 affects WebKit in Apple Safari prior to 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. The vulnerability arises from following multiple redirections during form submission, enabling remote servers to record form data and access sensitive information. Conne...
CVE-2010-3810
Affected software: Apple Safari/WebKit. Vulnerability: improper handling of the History object in WebKit, enabling cross-origin manipulation to spoof the location bar URL or add URLs to history. Affected versions: Safari before 5.0.3 on Mac OS X 10.5–10.6 and Windows; Safari before 4.1.3 on Mac O...
CVE-2011-0112
CVE-2011-0112 affects WebKit as used in Apple iTunes prior to version 10.2 on Windows. The vulnerability allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing. Root cause: is...
CVE-2010-1391
CVE-2010-1391 is a WebKit (Safari) directory-traversal vulnerability affecting WebKit’s Local Storage and Web SQL components. The issue allows remote attackers to create arbitrary database files by crafting URLs containing sequences like a leading slash with .. or backslash variants (e.g., %2f.. ...
CVE-2010-1397
CVE-2010-1397 is a use-after-free in WebKit used by Safari (and related WebKit deployments) that can allow remote code execution or a crash through a layout-change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in an unspecified container. Affected: Safari before 5.0 ...
CVE-2010-1403
CVE-2010-1403 affects WebKit in Apple Safari prior to 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. It arises from uninitialized memory access during processing of a use element in an SVG document (related to ProcessInstruction), allowing remote attackers to execute ar...
CVE-2010-1405
CVE-2010-1405 is a use-after-free in WebKit that affects Apple Safari before 5.0 on Windows/macOS (and Safari
CVE-2010-1408
WebKit in Apple Safari vulnerable to bypassing outbound-port restrictions. Affected: Safari before 5.0 on Mac OS X 10.5–10.6 and Windows; Safari before 4.1 on Mac OS X 10.4. Issue: integer truncation that allows remote attackers to reach non-default TCP ports via crafted port numbers. This CVE ma...
CVE-2010-1761
CVE-2010-1761 is a use-after-free vulnerability in WebKit that can allow remote code execution or a denial of service (application crash) via vectors involving HTML document subtrees. Affected are Apple Safari before 5.0 on Mac OS X 10.5–10.6 and Windows, and Safari before 4.1 on Mac OS X 10.4. T...
CVE-2010-1791
Technical details for CVE-2010-1791 are not publicly available in the provided documents. Monitor for updates; the connected sources list CVE references but do not provide affected product/version, root cause, impact, or remediation specifics.
CVE-2011-0130
CVE-2011-0130 affects WebKit as used in Apple iTunes before 10.2 on Windows. The vulnerability allows memory corruption during iTunes Store browsing, enabling a man-in-the-middle attacker to execute arbitrary code or cause a denial of service (application crash). The description mentions a memory...
CVE-2011-0149
CVE-2011-0149 concerns WebKit as used in Apple iTunes before 10.2 on Windows. The vulnerability arises from improper parsing of HTML elements related to document namespaces, enabling a man-in-the-middle attacker to trigger arbitrary code execution or cause a denial of service (memory corruption a...
CVE-2011-1462
CVE-2011-1462 affects WebKit as used by Apple Safari up to version 5.0.5, with a memory-corruption vulnerability that could be exploited by a crafted web site to execute arbitrary code or cause a denial of service. The linked NASL notes Safari before 5.0.6 as vulnerable and implies the fix is a S...
CVE-2011-2809
CVE-2011-2809 affects WebKit as used in Apple iTunes before 10.5. The vulnerability allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing. The provided connected documents co...
CVE-2014-1269
CVE-2014-1269 affects WebKit as used in Apple Safari before 6.1.2 and in Safari 7.x before 7.0.2. A crafted web site can cause remote code execution or memory corruption with an application crash; this is a separate issue from CVE-2014-1268/1270. The provided documents identify the affected platf...
CVE-2010-1399
CVE-2010-1399 affects WebKit used by Apple Safari prior to 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. The vulnerability arises when WebKit accesses uninitialized memory during a selection change on a form input element, which can let remote attackers execute arbitra...
CVE-2010-1410
CVE-2010-1410 affects WebKit in Apple Safari: vulnerable when rendering SVG documents with nested use elements, causing memory corruption that can lead to remote code execution or a crash. Affected platforms include Mac OS X 10.4–10.6 and Windows, with Safari prior to 5.0 on 10.5–10.6 and prior t...
CVE-2010-1418
Technical details for CVE-2010-1418 are not publicly provided in the connected documents; monitor for updates.
CVE-2010-3820
CVE-2010-3820 affects WebKit/Apple Safari targets: Safari prior to 5.0.3 on Mac OS X 10.5–10.6 and Windows, and Safari before 4.1.3 on Mac OS X 10.4. The issue is an uninitialized memory access during processing of editable elements, enabling remote attackers to execute arbitrary code or cause a ...
CVE-2011-0163
CVE-2011-0163 affects WebKit as used by Apple Safari before 5.0.4 and iOS before 4.3 . The vulnerability arises from WebKit’s improper handling of unspecified "cached resources", enabling a remote attacker to cause a denial of service (resource unavailability) via a crafted website that performs ...
CVE-2011-0233
The CVE-2011-0233 entry affects WebKit as used by Apple Safari prior to version 5.0.6. A crafted web site could trigger memory corruption in WebKit, enabling remote attackers to execute arbitrary code or cause a denial of service (application crash). The vulnerability is attributed to WebKit’s ha...