Lucene search
+L

211 matches found

cve
cve
added 2010/07/30 8:0 p.m.66 views

CVE-2010-1778

Apple Safari contains an XSS in RSS feed handling (CVE-2010-1778). Affected: Safari before 5.0.1 on Mac OS X 10.5–10.6 and Windows; Safari before 4.1.1 on Mac OS X 10.4. Remote attackers could inject arbitrary script via a malicious RSS feed. Impact: possible script/HTML execution and data exposu...

4.3CVSS6.7AI score0.01693EPSS
cve
cve
added 2010/11/20 9:0 p.m.66 views

CVE-2010-3820

CVE-2010-3820 affects WebKit/Apple Safari targets: Safari prior to 5.0.3 on Mac OS X 10.5–10.6 and Windows, and Safari before 4.1.3 on Mac OS X 10.4. The issue is an uninitialized memory access during processing of editable elements, enabling remote attackers to execute arbitrary code or cause a ...

9.3CVSS8.6AI score0.04448EPSS
cve
cve
added 2011/07/21 11:0 p.m.66 views

CVE-2011-0233

The CVE-2011-0233 entry affects WebKit as used by Apple Safari prior to version 5.0.6. A crafted web site could trigger memory corruption in WebKit, enabling remote attackers to execute arbitrary code or cause a denial of service (application crash). The vulnerability is attributed to WebKit’s ha...

9.3CVSS8.8AI score0.03923EPSS
cve
cve
added 2011/10/12 6:0 p.m.66 views

CVE-2011-3236

CVE-2011-3236 affects WebKit as used by Apple iTunes prior to 10.5. The vulnerability allows man-in-the-middle attackers to cause memory corruption and an application crash, enabling arbitrary code execution or denial of service via iTunes Store browsing vectors. The provided documents do not inc...

7.6CVSS7.5AI score0.0268EPSS
cve
cve
added 2013/12/18 11:0 a.m.66 views

CVE-2013-5228

CVE-2013-5228 affects WebKit as used in Apple Safari before 6.1.1 and in Safari 7.x before 7.0.1 . It allows a remote attacker to execute arbitrary code or cause a denial of service via a crafted website, with memory corruption and an application crash as outcomes. This CVE is described as distin...

6.8CVSS7.8AI score0.02154EPSS
cve
cve
added 2011/03/03 7:0 p.m.65 views

CVE-2011-0128

Technical details of CVE-2011-0128 are not publicly provided in the supplied documents. No explicit affected product versions or fixes are confirmed here. Monitor for updates from vendor/security advisories; current sources reference WebKit/iTunes exposure but lack concrete specifics.

7.6CVSS9.2AI score0.02631EPSS
cve
cve
added 2011/03/03 7:0 p.m.65 views

CVE-2011-0164

CVE-2011-0164 affects WebKit as used by Apple iTunes before version 10.2 on Windows. The vulnerability stems from memory corruption in WebKit related to iTunes Store browsing, allowing a MITM attacker to cause an arbitrary code execution or a denial of service (application crash). The description...

7.6CVSS9.1AI score0.02654EPSS
cve
cve
added 2011/03/11 10:0 p.m.65 views

CVE-2011-0166

CVE-2011-0166 applies to WebKit in Apple Safari up to version 5.0.3, where HTML5 drag-and-drop could bypass Same Origin Policy and leak sensitive data. Root cause: drag-and-drop handling in WebKit. Impact: user-assisted remote information disclosure with no explicit exploit details provided. Reme...

5.8CVSS8AI score0.02063EPSS
cve
cve
added 2011/07/21 11:0 p.m.65 views

CVE-2011-0254

WebKit used by Apple Safari before version 5.0.6 is affected by CVE-2011-0254. A crafted web site can cause memory corruption, allowing remote code execution or a denial of service (application crash). The issue is documented across multiple sources (Apple advisories and third-party vulnerability...

9.3CVSS8.8AI score0.03923EPSS
cve
cve
added 2011/10/12 6:0 p.m.65 views

CVE-2011-2356

CVE-2011-2356 affects WebKit as used in Apple iTunes prior to 10.5. The vulnerability enables MITM-related vectors via iTunes Store browsing, leading to arbitrary code execution or a memory corruption/DoS (application crash). Exploit details and specific remediation are not provided in the connec...

7.6CVSS7.5AI score0.02668EPSS
cve
cve
added 2011/10/12 6:0 p.m.65 views

CVE-2011-2820

CVE-2011-2820 affects WebKit as used by Apple iTunes prior to 10.5. The vulnerability allows a man-in-the-middle attacker to execute arbitrary code or cause a denial of service (memory corruption and application crash) through vectors related to iTunes Store browsing. This is documented in the CV...

7.6CVSS7.5AI score0.02288EPSS
cve
cve
added 2010/06/11 7:0 p.m.64 views

CVE-2010-1421

CVE-2010-1421 refers to a vulnerability in WebKit used by Safari and the libwebkit component, where execCommand could be misused to modify the clipboard via a crafted HTML document. The connected data shows this CVE being addressed as part of openSUSE libwebkit updates (examples include openSUSE-...

4.3CVSS7.8AI score0.04153EPSS
cve
cve
added 2010/05/05 2:0 p.m.64 views

CVE-2010-1729

CVE-2010-1729 affects WebKit.dll used by Apple Safari (Safari.exe 4.531.9.1). The vulnerability arises from JavaScript that writes sequences in an infinite loop, enabling remote attackers to cause a denial of service (application crash). The provided documents reiterate the same description acro...

4.3CVSS7.6AI score0.01978EPSS
cve
cve
added 2011/03/03 7:0 p.m.64 views

CVE-2011-0125

CVE-2011-0125 affects WebKit as used in Apple iTunes before 10.2 on Windows. The underlying flaw is a memory corruption issue in WebKit triggered during iTunes Store/browsing flows, which can allow a man-in-the-middle attacker to execute arbitrary code or cause a denial of service (application cr...

7.6CVSS9.2AI score0.02631EPSS
cve
cve
added 2011/03/03 7:0 p.m.64 views

CVE-2011-0148

CVE-2011-0148 affects WebKit as used in Apple iTunes before 10.2 on Windows. The vulnerability allows a man-in-the-middle attacker to execute arbitrary code or cause a denial of service (memory corruption and app crash) via vectors related to iTunes Store browsing. Nessus/OpenVAS entries corrobor...

7.6CVSS9.2AI score0.02631EPSS
cve
cve
added 2011/07/21 11:0 p.m.64 views

CVE-2011-0234

CVE-2011-0234 affects WebKit as used by Apple Safari prior to 5.0.6. A crafted web site can trigger memory corruption in WebKit, enabling remote code execution or a denial of service (application crash). Mitigation noted in public Apple advisories; remedy is to update Safari/WebKit to 5.0.6 or la...

9.3CVSS8.8AI score0.03923EPSS
cve
cve
added 2011/07/21 11:0 p.m.64 views

CVE-2011-0235

The CVE-2011-0235 entry affects WebKit as used by Apple Safari prior to 5.0.6. It enables remote attackers to trigger memory corruption via a crafted website, potentially allowing arbitrary code execution or causing a crash/DoS. The vulnerability is tied to WebKit in Safari; remediation exists in...

9.3CVSS8.8AI score0.03923EPSS
cve
cve
added 2011/10/12 6:0 p.m.64 views

CVE-2011-2831

CVE-2011-2831 refers to a WebKit-based vulnerability in Apple iTunes prior to version 10.5. The issue enables a man-in-the-middle attacker to execute arbitrary code or cause denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing. The connected doc...

7.6CVSS7.5AI score0.02288EPSS
cve
cve
added 2012/03/08 10:0 p.m.64 views

CVE-2012-0637

Technical details for CVE-2012-0637 are not publicly available in the provided documents. Monitor for updates.

7.6CVSS7.5AI score0.02417EPSS
cve
cve
added 2010/03/26 8:0 p.m.63 views

CVE-2010-1126

CVE-2010-1126 targets WebKit’s JavaScript implementation. The vulnerability allows remote attackers to cause keystrokes intended for a visible frame to be sent to a form field in a hidden frame by certain focus() calls in WebKit. Affected component is the WebKit browser engine; impact is partial ...

5.8CVSS8.4AI score0.01757EPSS
cve
cve
added 2010/11/20 9:0 p.m.63 views

CVE-2010-3803

CVE-2010-3803 — Integer overflow in WebKit used by Apple Safari (before 5.0.3 on macOS 10.5–10.6 and Windows; before 4.1.3 on macOS 10.4) may allow remote code execution or cause denial of service via a crafted string. Connected documents confirm the vulnerability in WebKit/Safari and reference v...

9.3CVSS8.7AI score0.05829EPSS
cve
cve
added 2011/03/03 7:0 p.m.63 views

CVE-2011-0120

CVE-2011-0120 affects WebKit as used in Apple iTunes before 10.2 on Windows. The vulnerability allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing. The description indicate...

7.6CVSS9.2AI score0.02631EPSS
cve
cve
added 2011/03/03 7:0 p.m.63 views

CVE-2011-0121

CVE-2011-0121 affects WebKit as used by Apple iTunes prior to version 10.2 on Windows. The vulnerability allows man-in-the-middle attackers to trigger memory corruption that can lead to arbitrary code execution or a denial of service (application crash) via iTunes Store browsing vectors. Exploita...

7.6CVSS9.2AI score0.02631EPSS
cve
cve
added 2011/03/03 7:0 p.m.63 views

CVE-2011-0138

The CVE-2011-0138 entry concerns WebKit usage in Apple iTunes for Windows prior to version 10.2. The underlying issue, as described in the available documents, is a memory corruption vulnerability in WebKit triggered via iTunes Store browsing vectors, which could allow an attacker to execute arbi...

7.6CVSS9.2AI score0.02631EPSS
cve
cve
added 2011/03/03 7:0 p.m.63 views

CVE-2011-0146

CVE-2011-0146 affects WebKit as used in Apple iTunes for Windows prior to 10.2. It enables a man-in-the-middle attacker to cause arbitrary code execution or a denial of service (memory corruption and app crash) via iTunes Store browsing-related vectors. The description indicates memory corruption...

7.6CVSS9.2AI score0.02631EPSS
cve
cve
added 2011/07/21 11:0 p.m.63 views

CVE-2011-0225

CVE-2011-0225 affects WebKit as used in Apple Safari prior to 5.0.6. The vulnerability enables remote attackers to execute arbitrary code or cause a denial of service through a crafted website, via memory corruption that can crash the application. The connected sources corroborate that this is a ...

9.3CVSS8.8AI score0.03923EPSS
cve
cve
added 2011/07/21 11:0 p.m.63 views

CVE-2011-0244

WebKit in Apple Safari before 5.0.6 is vulnerable due to improper canonicalization of URLs within RSS feeds, enabling a user-assisted remote attacker to read arbitrary files. Impact: partial disclosure of data; exploit requires user interaction. Remediation: upgrade to Safari 5.0.6 or newer (as n...

4.3CVSS7.6AI score0.0148EPSS
cve
cve
added 2012/03/08 10:0 p.m.63 views

CVE-2011-2866

Technical details for CVE-2011-2866 are not publicly available in the provided documents. No explicit affected products, root cause, or remediation are shown here. Monitor for updates.

7.6CVSS7.5AI score0.02475EPSS
cve
cve
added 2016/07/22 1:0 a.m.63 views

CVE-2016-4588

CVE-2016-4588 concerns WebKit in Apple tvOS prior to 9.2.2. The vulnerability is a memory corruption issue triggered by processing a crafted website in WebKit, allowing a remote attacker to execute arbitrary code or cause a denial of service on affected devices. Apple tvOS 9.2.2 addresses this is...

8.8CVSS8.6AI score0.01879EPSS
cve
cve
added 2010/06/11 5:28 p.m.62 views

CVE-2010-1406

CVE-2010-1406 affects WebKit used by Apple Safari on Mac OS X 10.4–10.6 and Windows. The issue arises when Safari/WebKit sends an HTTPS URL in the Referer header of an HTTP request in scenarios involving HTTPS-to-HTTP redirection, allowing remote HTTP servers to log potentially sensitive informat...

4.3CVSS8.2AI score0.02262EPSS
cve
cve
added 2010/11/20 9:0 p.m.62 views

CVE-2010-3809

CVE-2010-3809 affects WebKit in Apple Safari prior to 5.0.3 (Mac OS X 10.5–10.6 and Windows) and prior to 4.1.3 on Mac OS X 10.4, where an improper cast of an unspecified variable during processing of inline styling can allow remote attackers to execute arbitrary code or cause a denial of service...

9.3CVSS8.7AI score0.04448EPSS
cve
cve
added 2011/03/03 7:0 p.m.62 views

CVE-2011-0122

CVE-2011-0122 affects WebKit used by Apple iTunes on Windows prior to version 10.2. The vulnerability allows a man-in-the-middle attacker to execute arbitrary code or cause a denial of service via iTunes Store browsing-related vectors. Root cause: memory corruption/unsafe handling in WebKit when ...

7.6CVSS9.2AI score0.02631EPSS
cve
cve
added 2011/03/03 7:0 p.m.62 views

CVE-2011-0145

CVE-2011-0145 affects WebKit as used by Apple iTunes before 10.2 on Windows. It allows a man-in-the-middle to cause memory corruption and application crash or execute arbitrary code via iTunes Store browsing. Root cause and specific exploit vectors are described as tied to WebKit memory handling ...

7.6CVSS9.2AI score0.02631EPSS
cve
cve
added 2011/07/21 11:0 p.m.62 views

CVE-2011-0232

CVE-2011-0232 affects WebKit as used by Apple Safari prior to 5.0.6. The vulnerability enables remote attackers to cause memory corruption and potentially execute arbitrary code or trigger a crash via a crafted website, per multiple sources in the connected documents. The issue is rooted in WebKi...

9.3CVSS8.8AI score0.03923EPSS
cve
cve
added 2011/07/21 11:0 p.m.62 views

CVE-2011-0240

CVE-2011-0240 affects WebKit as used in Apple Safari prior to 5.0.6. The issue allows remote attackers to trigger memory corruption and an application crash, potentially enabling arbitrary code execution or a denial of service via a crafted web site. Root cause per the description is memory corru...

9.3CVSS8.8AI score0.03564EPSS
cve
cve
added 2011/10/12 6:0 p.m.62 views

CVE-2011-3239

CVE-2011-3239 affects WebKit as used by Apple iTunes prior to version 10.5. The vulnerability allows a man-in-the-middle to either execute arbitrary code or cause a denial of service (memory corruption and application crash) via iTunes Store browsing-related vectors. The description does not spec...

7.6CVSS7.5AI score0.02301EPSS
cve
cve
added 2010/06/11 5:28 p.m.61 views

CVE-2010-1392

CVE-2010-1392 is associated with WebKit/libwebkit in Open/Safari environments. Connected documents show that libwebkit updates (e.g., openSUSE openSUSE-SU-2010:0458-1 and openSUSE-SU-2011:0024-1) address multiple WebKit-related flaws including CVE-2010-1392, indicating a fixed in patched library ...

9.3CVSS8.6AI score0.06691EPSS
cve
cve
added 2010/06/11 7:0 p.m.61 views

CVE-2010-1762

CVE-2010-1762 is a cross-site scripting (XSS) vulnerability in WebKit used by Safari on multiple platforms, allowing remote script/HTML injection via HTML in a TEXTAREA element. The initial description confirms the vulnerability in WebKit/Safari before certain versions. Connected documents show t...

4.3CVSS6.7AI score0.02958EPSS
cve
cve
added 2010/11/20 9:0 p.m.61 views

CVE-2010-3818

CVE-2010-3818 is a WebKit use-after-free vulnerability in Apple Safari. It affects Safari before 5.0.3 on Mac OS X 10.5–10.6 and Windows, and Safari before 4.1.3 on Mac OS X 10.4. The flaw allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto...

9.3CVSS8.6AI score0.05829EPSS
cve
cve
added 2010/11/20 9:0 p.m.61 views

CVE-2010-3826

CVE-2010-3826 affects WebKit used by Apple Safari on Mac OS X (10.5–10.6) and Windows, and Safari for Mac OS X 10.4. The flaw stems from an improper cast of an unspecified variable while processing colors in an SVG document, enabling remote attackers to run arbitrary code or cause a denial of ser...

9.3CVSS8.7AI score0.04448EPSS
cve
cve
added 2011/03/03 7:0 p.m.61 views

CVE-2011-0114

WebKit, as used in Apple iTunes before 10.2 on Windows, is vulnerable to memory corruption that lets MITM attackers execute arbitrary code or cause a denial of service via vectors related to iTunes Store browsing.

7.6CVSS9.2AI score0.02631EPSS
cve
cve
added 2011/03/03 7:0 p.m.61 views

CVE-2011-0116

CVE-2011-0116 relates to a use-after-free in the WebKit htmlelement setOuterText method, used by Apple iTunes prior to 10.2 on Windows. The underlying issue is a use-after-free during DOM manipulations in the iTunes Store browsing flow, which can lead to arbitrary code execution or memory corrupt...

7.6CVSS9.2AI score0.03181EPSS
cve
cve
added 2011/03/03 7:0 p.m.61 views

CVE-2011-0118

CVE-2011-0118 involves WebKit as used in Apple iTunes before 10.2 on Windows. The issue allows MITM attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, per the description. The root cause is memor...

7.6CVSS9.2AI score0.02631EPSS
cve
cve
added 2011/03/03 7:0 p.m.61 views

CVE-2011-0127

CVE-2011-0127 : The vulnerability concerns WebKit as used in Apple iTunes on Windows before version 10.2. The issue arises via iTunes Store browsing, enabling man-in-the-middle attackers to trigger arbitrary code execution or cause a denial of service through memory corruption and application cra...

7.6CVSS9.2AI score0.02631EPSS
cve
cve
added 2011/03/03 7:0 p.m.61 views

CVE-2011-0136

CVE-2011-0136 affects WebKit as used in Apple iTunes prior to 10.2 on Windows. The vulnerability allows man-in-the-middle attackers to trigger memory corruption that can lead to arbitrary code execution or a denial of service (application crash) via vectors related to iTunes Store browsing. The i...

7.6CVSS9.2AI score0.02631EPSS
cve
cve
added 2011/10/12 6:0 p.m.61 views

CVE-2011-2816

CVE-2011-2816 concerns WebKit as used in Apple iTunes before 10.5. The vulnerability allows a man-in-the-middle to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing. This is the explicit impact described in t...

7.6CVSS7.5AI score0.02288EPSS
cve
cve
added 2011/10/12 6:0 p.m.61 views

CVE-2011-3235

CVE-2011-3235 affects WebKit as used by Apple iTunes prior to 10.5. The vulnerability allows man-in-the-middle attackers to trigger memory corruption and an application crash, potentially enabling arbitrary code execution via iTunes Store browsing vectors. The description notes a single, distinct...

7.6CVSS7.5AI score0.0268EPSS
cve
cve
added 2011/10/12 6:0 p.m.61 views

CVE-2011-3244

CVE-2011-3244 is tied to WebKit in Apple iTunes before 10.5, where a memory corruption flaw during iTunes Store browsing could be exploited to execute code or crash the app. The issue is addressed by Apple's iTunes 10.5 update; no additional exploit details are provided beyond the affected compon...

7.6CVSS7.5AI score0.02631EPSS
cve
cve
added 2010/07/30 8:0 p.m.60 views

CVE-2010-1796

The CVE-2010-1796 issue affects Safari before 5.0.1 on Mac OS X 10.5–10.6 and Windows, and before 4.1.1 on Mac OS X 10.4. An implementation flaw in AutoFill lets a malicious website trigger AutoFill without user action, exposing Address Book Card data via JavaScript keystroke events. The security...

2.6CVSS5.8AI score0.01713EPSS
cve
cve
added 2011/03/03 7:0 p.m.60 views

CVE-2011-0115

CVE-2011-0115 concerns the WebKit DOM Level 2 implementation as used by Apple Safari and iTunes before 10.2 on Windows. The vulnerability stems from improper handling of DOM manipulations tied to event listeners while processing range objects, enabling a remote attacker to trigger arbitrary code ...

7.6CVSS9.2AI score0.03181EPSS
Total number of security vulnerabilities211