211 matches found
CVE-2010-1789
The vulnerability CVE-2010-1789 is a heap-based buffer overflow in WebKit used by Safari, triggered by handling of JavaScript string objects. Affected products include Safari on Mac OS X (versions 10.4, 10.5–10.6) and Windows, with Safari 5.0.1 (Mac OS X 10.5–10.6) and 4.1.1 (Mac OS X 10.4) addre...
CVE-2011-0117
CVE-2011-0117 affects WebKit as used by Apple iTunes on Windows prior to 10.2. The vulnerability enables man‑in‑the‑middle attackers to trigger memory corruption, leading to arbitrary code execution or a denial of service (application crash) via iTunes Store browsing related vectors. Root cause i...
CVE-2011-0132
CVE-2011-0132 is a use-after-free vulnerability in WebKit's Runin box of the CSS 2.1 Visual Formatting Model, affecting WebKit builds used by Apple iTunes before 10.2 on Windows and Apple Safari . If exploited, it could allow a remote attacker to achieve arbitrary code execution or memory corrupt...
CVE-2011-0141
CVE-2011-0141 affects WebKit used by Apple iTunes on Windows prior to 10.2. The vulnerability arises from memory corruption in WebKit during iTunes Store browsing, which can enable arbitrary code execution or cause a denial of service when loading certain content. Exploitation could lead to a com...
CVE-2011-0155
CVE-2011-0155 affects WebKit as used by Apple iTunes on Windows prior to version 10.2. The vulnerability allows a man-in-the-middle to trigger memory corruption in WebKit via iTunes Store browsing, leading to arbitrary code execution or a denial of service (application crash). Root cause is memor...
CVE-2011-0242
CVE-2011-0242 affects Safari/WebKit (Apple) with a cross-site scripting (XSS) vulnerability in WebKit that can be triggered by a URL containing a username. The initial CVE description confirms the XSS vector, and Nessus/OpenVAS-derived entries corroborate no vendor patch is available for Linux di...
CVE-2011-3238
CVE-2011-3238 affects WebKit as used in Apple iTunes before version 10.5. The vulnerability allows a man-in-the-middle attacker to cause memory corruption and application crash or to execute arbitrary code via vectors related to iTunes Store browsing. Exploitation details (specific exploit vector...
CVE-2013-5196
CVE-2013-5196 : WebKit used by Apple Safari (pre-6.1.1 and pre-7.0.1 for 7.x) is vulnerable to a crafted site that can cause memory corruption, enabling remote code execution or a denial of service (application crash). The provided documents do not specify exploit details or in‑the‑wild occurrenc...
CVE-2013-5225
CVE-2013-5225 affects WebKit as used by Apple Safari, where a crafted website can lead to remote code execution or a memory-corruption-driven crash. The advisory notes this is a WebKit vulnerability separate from other CVEs and specifies affected Safari versions: before 6.1.1 on some platforms an...
CVE-2010-1413
CVE-2010-1413 affects WebKit in Apple Safari prior to 5.0 on Windows and macOS (and Safari before 4.1 on Mac OS X 10.4). The flaw allows NTLM credentials to be sent in cleartext under unspecified circumstances, enabling man-in-the-middle attackers to access sensitive information via unspecified v...
CVE-2011-0124
CVE-2011-0124 affects WebKit as used in Apple iTunes before 10.2 on Windows. It allows a man‑in‑the‑middle attacker to execute arbitrary code or cause a memory corruption and application crash via iTunes Store browsing vectors (a distinct issue from other CVEs). Root cause and exact component/imp...
CVE-2011-0139
CVE-2011-0139 is described in the provided records as a WebKit-based vulnerability in Apple iTunes before 10.2 on Windows, allowing a man-in-the-middle attacker to execute arbitrary code or cause a denial of service (memory corruption and application crash) via iTunes Store browsing vectors. The ...
CVE-2011-0161
CVE-2011-0161 affects WebKit as used in Apple Safari before 5.0.4 and iOS before 4.3. The vulnerability arises from how the Attr.style accessor is handled, allowing remote attackers to bypass the Same Origin Policy and inject CSS token sequences via a crafted website. The described impact is that...
CVE-2011-2817
CVE-2011-2817: A WebKit vulnerability used by Apple iTunes prior to 10.5 allows man-in-the-middle attackers to trigger memory corruption and crash, with potential arbitrary code execution via iTunes Store browsing. No remediation details are provided in the supplied documents.
CVE-2011-3233
CVE-2011-3233 affects WebKit as used by Apple iTunes before version 10.5. The vulnerability, revealed through iTunes Store browsing, allows a man-in-the-middle attacker to cause memory corruption and application crash or to execute arbitrary code. This is a WebKit-related issue that can lead to a...
CVE-2012-0638
Technical details about CVE-2012-0638 are not provided in the connected documents. The sources reference WebKit/iTunes vulnerabilities in general but do not specify affected versions, root cause, or fixes for this CVE. Monitor for updates.
CVE-2010-3821
WebKit in Apple Safari prior to 5.0.3 (Mac OS X 10.5–10.6) and
CVE-2011-0111
CVE-2011-0111 affects WebKit as used in Apple iTunes before 10.2 on Windows. The vulnerability allows a man-in-the-middle to cause memory corruption, enabling arbitrary code execution or a denial of service (application crash) via vectors related to iTunes Store browsing. The provided documents i...
CVE-2011-0135
CVE-2011-0135 affects WebKit used by Apple iTunes on Windows (pre-10.2). It allows a man-in-the-middle to cause memory corruption and arbitrary code execution or a denial of service via iTunes Store browsing. Exploitation details are not provided in the connected documents.
CVE-2011-0156
Technical details about CVE-2011-0156 are not publicly provided in the connected documents. The initial description notes WebKit/iTunes Store browsing vectors, but there are no explicit affected versions, root cause analysis, or fixes in the supplied sources. Monitor for updates.
CVE-2011-0223
CVE-2011-0223 affects WebKit as used in Apple Safari prior to 5.0.6. The vulnerability enables remote attackers to cause memory corruption or arbitrary code execution (or a denial of service) via a crafted web site. Several connected sources reiterate this WebKit/WebKit-derived issue in Safari, w...
CVE-2011-2815
CVE-2011-2815 affects WebKit as used in Apple iTunes before 10.5. The vulnerability allows a man-in-the-middle to execute arbitrary code or cause a denial of service (memory corruption and application crash) via iTunes Store browsing-related vectors. The connected Nessus/OpenVAS references descri...
CVE-2011-4692
The CVE-2011-4692 issue affects WebKit as used by Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier. The root cause is that the browser does not prevent timing-based data leakage when loading images, allowing remote attackers to infer whether an image is cached via crafted JavaScrip...
CVE-2011-0129
The CVE-2011-0129 entry affects WebKit as used by Apple iTunes before version 10.2 on Windows. The vulnerability arises in WebKit and can be triggered via iTunes Store browsing, enabling memory corruption that may lead to arbitrary code execution or a denial of service (application crash). The de...
CVE-2011-0153
CVE-2011-0153 affects WebKit as used in Apple iTunes before 10.2 on Windows. The vulnerability allows MITM attackers to execute arbitrary code or cause memory corruption and application crash via iTunes Store browsing. Connected documents provide concrete details: affected component WebKit, attac...
CVE-2011-0238
CVE-2011-0238 affects WebKit as used by Apple Safari prior to 5.0.6. A crafted website can trigger memory corruption in WebKit, enabling remote code execution or causing a denial of service (application crash). Root cause: memory corruption in WebKit when handling crafted content. Affected produc...
CVE-2011-3241
CVE-2011-3241 affects WebKit as used in Apple iTunes prior to 10.5. The vulnerability allows man-in-the-middle attackers to trigger memory corruption and application crashes, potentially leading to arbitrary code execution or a denial of service via iTunes Store browsing vectors. The connected so...
CVE-2013-5195
CVE-2013-5195 affects WebKit as used by Safari (Mac OS X) before Safari 6.1.1 and Safari 7.x before 7.0.1. The issue is a memory corruption vulnerability in WebKit that can be triggered by visiting a crafted site, potentially leading to remote code execution or a denial of service (application cr...
CVE-2010-3817
CVE-2010-3817 affects WebKit/Safari: an improper cast during CSS 3D transforms in Safari < 5.0.3 (Mac OS X 10.5–10.6, Windows) and
CVE-2011-0113
CVE-2011-0113 affects WebKit as used in Apple iTunes before 10.2 on Windows. The vulnerability allows a man-in-the-middle attacker to cause memory corruption and application crash or to execute arbitrary code via vectors related to iTunes Store browsing. This is the vulnerability described for We...
CVE-2011-0119
CVE-2011-0119 affects WebKit as used in Apple iTunes before 10.2 on Windows. The vulnerability allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) through vectors related to iTunes Store browsing. The provided documen...
CVE-2011-0126
CVE-2011-0126 , as described in the initial document, affects WebKit as used by Apple iTunes prior to version 10.2 on Windows. The vulnerability enables man-in-the-middle attackers to cause memory corruption or execute arbitrary code, or to cause a denial of service, via vectors related to iTunes...
CVE-2011-0152
CVE-2011-0152 concerns WebKit in Apple iTunes for Windows prior to version 10.2. Exploitation via iTunes Store browsing could allow MITM attackers to execute arbitrary code or cause a denial of service through memory corruption and application crashes. The vulnerability involves WebKit components...
CVE-2011-0237
CVE-2011-0237 affects WebKit as used in Apple Safari before 5.0.6. The issue permits remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website. Root cause, as described in the sources, is memory corruption within WebKit...
CVE-2011-2811
CVE-2011-2811 affects WebKit as used in Apple iTunes before 10.5. The vulnerability allows man-in-the-middle attackers to cause memory corruption in the WebKit component via iTunes Store browsing, potentially enabling arbitrary code execution or a denial of service (application crash). The descri...
CVE-2012-0648
Technical details for CVE-2012-0648 are not provided in the connected documents. No affected product/version, root cause, or remediation is specified. Monitor for updates.
CVE-2010-3811
CVE-2010-3811 affects Apple Safari/WebKit. The vulnerability is a use-after-free in WebKit’s handling of element attributes, enabling remote code execution or a denial of service. Affected: Safari before 5.0.3 on Mac OS X 10.4–10.6 and Windows (and before 4.1.3 on Mac OS X 10.4). Exploitation det...
CVE-2010-3822
CVE-2010-3822 affects WebKit used by Apple Safari: uninitialized pointer accessed during CSS counter styles processing, allowing remote code execution or a crash. Impact is high (remote code execution/DoS) across Safari versions before 5.0.3 on macOS 10.5–10.6 and Windows, and before 4.1.3 on mac...
CVE-2011-0133
The CVE-2011-0133 entry concerns WebKit as used in Apple iTunes before 10.2 on Windows. The vulnerability stems from improper access to glyph data during layout actions for floating blocks associated with pseudo-elements, which can enable a man-in-the-middle attacker to trigger arbitrary code exe...
CVE-2011-0168
CVE-2011-0168 is a WebKit-based vulnerability affecting Apple WebKit as used by iTunes on Windows prior to iTunes 10.2. The description in the initial doc states that WebKit in this context allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service via iTunes Store ...
CVE-2011-0221
CVE-2011-0221 affects WebKit as used by Apple Safari prior to 5.0.6. The vulnerability allows remote attackers to trigger memory corruption via a crafted website, leading to arbitrary code execution or a crash (DoS). Exploitation is tied to WebKit’s handling of memory; multiple public advisories ...
CVE-2013-5198
CVE-2013-5198 affects WebKit as used by Apple Safari. The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted website, due to memory corruption. Affected software versions are Safari before 6.1.1 and Safari 7.x before 7.0.1. Connected sources corrobo...
CVE-2011-0140
CVE-2011-0140 affects WebKit used by Apple iTunes on Windows prior to 10.2. It allows MITM-related vectors in iTunes Store browsing to trigger memory corruption, enabling arbitrary code execution or a denial of service (application crash). The vulnerability is rooted in WebKit components within i...
CVE-2011-0147
CVE-2011-0147 affects WebKit as used in Apple iTunes before 10.2 on Windows. The vulnerability allows a man-in-the-middle attacker to cause memory corruption in WebKit via iTunes Store browsing, leading to arbitrary code execution or a denial of service (application crash). Root cause is memory c...
CVE-2011-0151
CVE-2011-0151 concerns WebKit as used in Apple iTunes before 10.2 on Windows. The issue allows man‑in‑the‑middle attackers to trigger memory corruption via iTunes Store browsing, potentially enabling arbitrary code execution or causing a denial of service. The connected Nessus/OpenVAS entries ref...
CVE-2012-0639
WebKit in Apple iTunes before 10.6 is affected by CVE-2012-0639. The vulnerability enables MITM attackers to execute arbitrary code or cause memory corruption/DoS via iTunes Store browsing vectors. The description does not specify affected versions beyond “before 10.6” or root cause details beyon...
CVE-2010-3819
WebKit/Apple Safari vulnerability CVE-2010-3819 affects Safari before 5.0.3 on Mac OS X 10.5–10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, where an improper cast of an unspecified CSS box variable can be exploited by a crafted site to execute arbitrary code or crash the application. Impact...
CVE-2011-0131
CVE-2011-0131 affects WebKit as used by Apple iTunes on Windows prior to 10.2. The vulnerability stems from WebKit handling related to iTunes Store browsing, enabling a man‑in‑the‑middle attacker to run arbitrary code or cause a memory‑related crash/DoS. Impact is described as arbitrary code exec...
CVE-2011-0137
CVE-2011-0137 affects WebKit as used in Apple iTunes before 10.2 on Windows. Vulnerability allows a man-in-the-middle attacker to execute arbitrary code or cause a memory-corruption–driven denial of service via iTunes Store browsing vectors. Public references indicate Apple security updates HT456...
CVE-2011-0143
The CVE-2011-0143 issue affects WebKit as used in Apple iTunes before 10.2 on Windows. The vulnerability stems from WebKit-related browsing vectors in iTunes Store access, enabling a man-in-the-middle attacker to execute arbitrary code or cause a denial of service via memory corruption and applic...