Webkit@* Security Vulnerabilities and Issues — Page 3 of Webkit@* CVE List

CVE-2011-0117

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011...

CVE-2011-0120

CVE-2011-0121

CVE-2011-0125

7.6CVSS9.2AI score0.01045EPSS

CVE-2011-0132

Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of se...

CVE-2011-0146

CVE•added 2011/03/11 10:55 p.m.•49 views

CVE-2011-0160

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

5CVSS8.3AI score0.00423EPSS

CVE•added 2011/03/11 10:55 p.m.•49 views

CVE-2011-0167

The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.

4.3CVSS8.2AI score0.02629EPSS

CVE•added 2011/10/12 6:55 p.m.•49 views

CVE-2011-2820

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2012/03/08 10:55 p.m.•49 views

CVE-2012-0637

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

7.6CVSS7.5AI score0.00861EPSS

CVE•added 2010/06/11 6:0 p.m.•48 views

CVE-2010-1412

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.

9.3CVSS8.6AI score0.16215EPSS

CVE•added 2010/05/06 2:53 p.m.•48 views

CVE-2010-1729

WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes sequences in an infinite loop.

4.3CVSS7.6AI score0.00643EPSS

CVE•added 2010/08/19 10:0 p.m.•48 views

CVE-2010-1760

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.

10CVSS8.4AI score0.01634EPSS

CVE•added 2010/11/22 1:0 p.m.•48 views

CVE-2010-3810

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack.

4.3CVSS7.8AI score0.00819EPSS

CVE•added 2011/03/03 8:0 p.m.•48 views

CVE-2011-0136

CVE•added 2011/07/21 11:55 p.m.•48 views

CVE-2011-0218

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

CVE•added 2011/07/21 11:55 p.m.•48 views

CVE-2011-0235

CVE•added 2011/07/21 11:55 p.m.•48 views

CVE-2011-0254

CVE•added 2011/10/12 6:55 p.m.•48 views

CVE-2011-3236

7.6CVSS7.5AI score0.01157EPSS

CVE•added 2011/10/12 6:55 p.m.•48 views

CVE-2011-3244

7.6CVSS7.5AI score0.01392EPSS

CVE•added 2010/06/11 7:30 p.m.•47 views

CVE-2010-1762

4.3CVSS6.7AI score0.00908EPSS

CVE•added 2010/06/11 7:30 p.m.•47 views

CVE-2010-1764

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.

4.3CVSS8.1AI score0.00905EPSS

CVE•added 2010/07/30 8:30 p.m.•47 views

CVE-2010-1778

Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.

4.3CVSS6.7AI score0.00277EPSS

CVE•added 2010/07/30 8:30 p.m.•47 views

CVE-2010-1789

Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.

9.3CVSS8.7AI score0.14348EPSS

CVE-2011-0118

CVE-2011-0124

CVE-2011-0138

7.6CVSS9.2AI score0.00861EPSS

CVE-2011-0139

CVE-2011-0155

CVE•added 2011/07/21 11:55 p.m.•47 views

CVE-2011-0232

CVE•added 2011/07/21 11:55 p.m.•47 views

CVE-2011-0234

CVE•added 2011/10/12 6:55 p.m.•47 views

CVE-2011-2814

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2011/10/12 6:55 p.m.•47 views

CVE-2011-3235

7.6CVSS7.5AI score0.01157EPSS

CVE•added 2010/06/11 6:0 p.m.•46 views

CVE-2010-1392

9.3CVSS8.6AI score0.07914EPSS

CVE•added 2010/06/11 6:0 p.m.•46 views

CVE-2010-1400

9.3CVSS8.6AI score0.14566EPSS

CVE•added 2010/06/11 7:30 p.m.•46 views

CVE-2010-1421

The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document.

4.3CVSS7.8AI score0.03913EPSS

CVE•added 2010/11/22 1:0 p.m.•46 views

CVE-2010-3803

Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string.

9.3CVSS8.7AI score0.12925EPSS

CVE•added 2010/11/22 1:0 p.m.•46 views

CVE-2010-3826

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of ...

9.3CVSS8.7AI score0.02223EPSS

CVE•added 2011/07/21 11:55 p.m.•46 views

CVE-2011-0225