211 matches found
CVE-2010-1778
Apple Safari contains an XSS in RSS feed handling (CVE-2010-1778). Affected: Safari before 5.0.1 on Mac OS X 10.5–10.6 and Windows; Safari before 4.1.1 on Mac OS X 10.4. Remote attackers could inject arbitrary script via a malicious RSS feed. Impact: possible script/HTML execution and data exposu...
CVE-2010-3820
CVE-2010-3820 affects WebKit/Apple Safari targets: Safari prior to 5.0.3 on Mac OS X 10.5–10.6 and Windows, and Safari before 4.1.3 on Mac OS X 10.4. The issue is an uninitialized memory access during processing of editable elements, enabling remote attackers to execute arbitrary code or cause a ...
CVE-2011-0233
The CVE-2011-0233 entry affects WebKit as used by Apple Safari prior to version 5.0.6. A crafted web site could trigger memory corruption in WebKit, enabling remote attackers to execute arbitrary code or cause a denial of service (application crash). The vulnerability is attributed to WebKit’s ha...
CVE-2011-3236
CVE-2011-3236 affects WebKit as used by Apple iTunes prior to 10.5. The vulnerability allows man-in-the-middle attackers to cause memory corruption and an application crash, enabling arbitrary code execution or denial of service via iTunes Store browsing vectors. The provided documents do not inc...
CVE-2013-5228
CVE-2013-5228 affects WebKit as used in Apple Safari before 6.1.1 and in Safari 7.x before 7.0.1 . It allows a remote attacker to execute arbitrary code or cause a denial of service via a crafted website, with memory corruption and an application crash as outcomes. This CVE is described as distin...
CVE-2011-0128
Technical details of CVE-2011-0128 are not publicly provided in the supplied documents. No explicit affected product versions or fixes are confirmed here. Monitor for updates from vendor/security advisories; current sources reference WebKit/iTunes exposure but lack concrete specifics.
CVE-2011-0164
CVE-2011-0164 affects WebKit as used by Apple iTunes before version 10.2 on Windows. The vulnerability stems from memory corruption in WebKit related to iTunes Store browsing, allowing a MITM attacker to cause an arbitrary code execution or a denial of service (application crash). The description...
CVE-2011-0166
CVE-2011-0166 applies to WebKit in Apple Safari up to version 5.0.3, where HTML5 drag-and-drop could bypass Same Origin Policy and leak sensitive data. Root cause: drag-and-drop handling in WebKit. Impact: user-assisted remote information disclosure with no explicit exploit details provided. Reme...
CVE-2011-0254
WebKit used by Apple Safari before version 5.0.6 is affected by CVE-2011-0254. A crafted web site can cause memory corruption, allowing remote code execution or a denial of service (application crash). The issue is documented across multiple sources (Apple advisories and third-party vulnerability...
CVE-2011-2356
CVE-2011-2356 affects WebKit as used in Apple iTunes prior to 10.5. The vulnerability enables MITM-related vectors via iTunes Store browsing, leading to arbitrary code execution or a memory corruption/DoS (application crash). Exploit details and specific remediation are not provided in the connec...
CVE-2011-2820
CVE-2011-2820 affects WebKit as used by Apple iTunes prior to 10.5. The vulnerability allows a man-in-the-middle attacker to execute arbitrary code or cause a denial of service (memory corruption and application crash) through vectors related to iTunes Store browsing. This is documented in the CV...
CVE-2010-1421
CVE-2010-1421 refers to a vulnerability in WebKit used by Safari and the libwebkit component, where execCommand could be misused to modify the clipboard via a crafted HTML document. The connected data shows this CVE being addressed as part of openSUSE libwebkit updates (examples include openSUSE-...
CVE-2010-1729
CVE-2010-1729 affects WebKit.dll used by Apple Safari (Safari.exe 4.531.9.1). The vulnerability arises from JavaScript that writes sequences in an infinite loop, enabling remote attackers to cause a denial of service (application crash). The provided documents reiterate the same description acro...
CVE-2011-0125
CVE-2011-0125 affects WebKit as used in Apple iTunes before 10.2 on Windows. The underlying flaw is a memory corruption issue in WebKit triggered during iTunes Store/browsing flows, which can allow a man-in-the-middle attacker to execute arbitrary code or cause a denial of service (application cr...
CVE-2011-0148
CVE-2011-0148 affects WebKit as used in Apple iTunes before 10.2 on Windows. The vulnerability allows a man-in-the-middle attacker to execute arbitrary code or cause a denial of service (memory corruption and app crash) via vectors related to iTunes Store browsing. Nessus/OpenVAS entries corrobor...
CVE-2011-0234
CVE-2011-0234 affects WebKit as used by Apple Safari prior to 5.0.6. A crafted web site can trigger memory corruption in WebKit, enabling remote code execution or a denial of service (application crash). Mitigation noted in public Apple advisories; remedy is to update Safari/WebKit to 5.0.6 or la...
CVE-2011-0235
The CVE-2011-0235 entry affects WebKit as used by Apple Safari prior to 5.0.6. It enables remote attackers to trigger memory corruption via a crafted website, potentially allowing arbitrary code execution or causing a crash/DoS. The vulnerability is tied to WebKit in Safari; remediation exists in...
CVE-2011-2831
CVE-2011-2831 refers to a WebKit-based vulnerability in Apple iTunes prior to version 10.5. The issue enables a man-in-the-middle attacker to execute arbitrary code or cause denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing. The connected doc...
CVE-2012-0637
Technical details for CVE-2012-0637 are not publicly available in the provided documents. Monitor for updates.
CVE-2010-1126
CVE-2010-1126 targets WebKit’s JavaScript implementation. The vulnerability allows remote attackers to cause keystrokes intended for a visible frame to be sent to a form field in a hidden frame by certain focus() calls in WebKit. Affected component is the WebKit browser engine; impact is partial ...
CVE-2010-3803
CVE-2010-3803 — Integer overflow in WebKit used by Apple Safari (before 5.0.3 on macOS 10.5–10.6 and Windows; before 4.1.3 on macOS 10.4) may allow remote code execution or cause denial of service via a crafted string. Connected documents confirm the vulnerability in WebKit/Safari and reference v...
CVE-2011-0120
CVE-2011-0120 affects WebKit as used in Apple iTunes before 10.2 on Windows. The vulnerability allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing. The description indicate...
CVE-2011-0121
CVE-2011-0121 affects WebKit as used by Apple iTunes prior to version 10.2 on Windows. The vulnerability allows man-in-the-middle attackers to trigger memory corruption that can lead to arbitrary code execution or a denial of service (application crash) via iTunes Store browsing vectors. Exploita...
CVE-2011-0138
The CVE-2011-0138 entry concerns WebKit usage in Apple iTunes for Windows prior to version 10.2. The underlying issue, as described in the available documents, is a memory corruption vulnerability in WebKit triggered via iTunes Store browsing vectors, which could allow an attacker to execute arbi...
CVE-2011-0146
CVE-2011-0146 affects WebKit as used in Apple iTunes for Windows prior to 10.2. It enables a man-in-the-middle attacker to cause arbitrary code execution or a denial of service (memory corruption and app crash) via iTunes Store browsing-related vectors. The description indicates memory corruption...
CVE-2011-0225
CVE-2011-0225 affects WebKit as used in Apple Safari prior to 5.0.6. The vulnerability enables remote attackers to execute arbitrary code or cause a denial of service through a crafted website, via memory corruption that can crash the application. The connected sources corroborate that this is a ...
CVE-2011-0244
WebKit in Apple Safari before 5.0.6 is vulnerable due to improper canonicalization of URLs within RSS feeds, enabling a user-assisted remote attacker to read arbitrary files. Impact: partial disclosure of data; exploit requires user interaction. Remediation: upgrade to Safari 5.0.6 or newer (as n...
CVE-2011-2866
Technical details for CVE-2011-2866 are not publicly available in the provided documents. No explicit affected products, root cause, or remediation are shown here. Monitor for updates.
CVE-2016-4588
CVE-2016-4588 concerns WebKit in Apple tvOS prior to 9.2.2. The vulnerability is a memory corruption issue triggered by processing a crafted website in WebKit, allowing a remote attacker to execute arbitrary code or cause a denial of service on affected devices. Apple tvOS 9.2.2 addresses this is...
CVE-2010-1406
CVE-2010-1406 affects WebKit used by Apple Safari on Mac OS X 10.4–10.6 and Windows. The issue arises when Safari/WebKit sends an HTTPS URL in the Referer header of an HTTP request in scenarios involving HTTPS-to-HTTP redirection, allowing remote HTTP servers to log potentially sensitive informat...
CVE-2010-3809
CVE-2010-3809 affects WebKit in Apple Safari prior to 5.0.3 (Mac OS X 10.5–10.6 and Windows) and prior to 4.1.3 on Mac OS X 10.4, where an improper cast of an unspecified variable during processing of inline styling can allow remote attackers to execute arbitrary code or cause a denial of service...
CVE-2011-0122
CVE-2011-0122 affects WebKit used by Apple iTunes on Windows prior to version 10.2. The vulnerability allows a man-in-the-middle attacker to execute arbitrary code or cause a denial of service via iTunes Store browsing-related vectors. Root cause: memory corruption/unsafe handling in WebKit when ...
CVE-2011-0145
CVE-2011-0145 affects WebKit as used by Apple iTunes before 10.2 on Windows. It allows a man-in-the-middle to cause memory corruption and application crash or execute arbitrary code via iTunes Store browsing. Root cause and specific exploit vectors are described as tied to WebKit memory handling ...
CVE-2011-0232
CVE-2011-0232 affects WebKit as used by Apple Safari prior to 5.0.6. The vulnerability enables remote attackers to cause memory corruption and potentially execute arbitrary code or trigger a crash via a crafted website, per multiple sources in the connected documents. The issue is rooted in WebKi...
CVE-2011-0240
CVE-2011-0240 affects WebKit as used in Apple Safari prior to 5.0.6. The issue allows remote attackers to trigger memory corruption and an application crash, potentially enabling arbitrary code execution or a denial of service via a crafted web site. Root cause per the description is memory corru...
CVE-2011-3239
CVE-2011-3239 affects WebKit as used by Apple iTunes prior to version 10.5. The vulnerability allows a man-in-the-middle to either execute arbitrary code or cause a denial of service (memory corruption and application crash) via iTunes Store browsing-related vectors. The description does not spec...
CVE-2010-1392
CVE-2010-1392 is associated with WebKit/libwebkit in Open/Safari environments. Connected documents show that libwebkit updates (e.g., openSUSE openSUSE-SU-2010:0458-1 and openSUSE-SU-2011:0024-1) address multiple WebKit-related flaws including CVE-2010-1392, indicating a fixed in patched library ...
CVE-2010-1762
CVE-2010-1762 is a cross-site scripting (XSS) vulnerability in WebKit used by Safari on multiple platforms, allowing remote script/HTML injection via HTML in a TEXTAREA element. The initial description confirms the vulnerability in WebKit/Safari before certain versions. Connected documents show t...
CVE-2010-3818
CVE-2010-3818 is a WebKit use-after-free vulnerability in Apple Safari. It affects Safari before 5.0.3 on Mac OS X 10.5–10.6 and Windows, and Safari before 4.1.3 on Mac OS X 10.4. The flaw allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto...
CVE-2010-3826
CVE-2010-3826 affects WebKit used by Apple Safari on Mac OS X (10.5–10.6) and Windows, and Safari for Mac OS X 10.4. The flaw stems from an improper cast of an unspecified variable while processing colors in an SVG document, enabling remote attackers to run arbitrary code or cause a denial of ser...
CVE-2011-0114
WebKit, as used in Apple iTunes before 10.2 on Windows, is vulnerable to memory corruption that lets MITM attackers execute arbitrary code or cause a denial of service via vectors related to iTunes Store browsing.
CVE-2011-0116
CVE-2011-0116 relates to a use-after-free in the WebKit htmlelement setOuterText method, used by Apple iTunes prior to 10.2 on Windows. The underlying issue is a use-after-free during DOM manipulations in the iTunes Store browsing flow, which can lead to arbitrary code execution or memory corrupt...
CVE-2011-0118
CVE-2011-0118 involves WebKit as used in Apple iTunes before 10.2 on Windows. The issue allows MITM attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, per the description. The root cause is memor...
CVE-2011-0127
CVE-2011-0127 : The vulnerability concerns WebKit as used in Apple iTunes on Windows before version 10.2. The issue arises via iTunes Store browsing, enabling man-in-the-middle attackers to trigger arbitrary code execution or cause a denial of service through memory corruption and application cra...
CVE-2011-0136
CVE-2011-0136 affects WebKit as used in Apple iTunes prior to 10.2 on Windows. The vulnerability allows man-in-the-middle attackers to trigger memory corruption that can lead to arbitrary code execution or a denial of service (application crash) via vectors related to iTunes Store browsing. The i...
CVE-2011-2816
CVE-2011-2816 concerns WebKit as used in Apple iTunes before 10.5. The vulnerability allows a man-in-the-middle to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing. This is the explicit impact described in t...
CVE-2011-3235
CVE-2011-3235 affects WebKit as used by Apple iTunes prior to 10.5. The vulnerability allows man-in-the-middle attackers to trigger memory corruption and an application crash, potentially enabling arbitrary code execution via iTunes Store browsing vectors. The description notes a single, distinct...
CVE-2011-3244
CVE-2011-3244 is tied to WebKit in Apple iTunes before 10.5, where a memory corruption flaw during iTunes Store browsing could be exploited to execute code or crash the app. The issue is addressed by Apple's iTunes 10.5 update; no additional exploit details are provided beyond the affected compon...
CVE-2010-1796
The CVE-2010-1796 issue affects Safari before 5.0.1 on Mac OS X 10.5–10.6 and Windows, and before 4.1.1 on Mac OS X 10.4. An implementation flaw in AutoFill lets a malicious website trigger AutoFill without user action, exposing Address Book Card data via JavaScript keystroke events. The security...
CVE-2011-0115
CVE-2011-0115 concerns the WebKit DOM Level 2 implementation as used by Apple Safari and iTunes before 10.2 on Windows. The vulnerability stems from improper handling of DOM manipulations tied to event listeners while processing range objects, enabling a remote attacker to trigger arbitrary code ...