Webkit@* Security Vulnerabilities and Issues — Webkit@* CVE List

Lucene search

AppleWebkit*

6 matches found

cve•added 2016/07/22 2:59 a.m.•85 views

CVE-2016-4590

WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

5.4CVSS5.8AI score0.00435EPSS

cve•added 2016/07/22 2:59 a.m.•78 views

CVE-2016-4591

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

7.8CVSS7AI score0.04036EPSS

cve•added 2016/07/22 2:59 a.m.•76 views

CVE-2016-4589

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.

8.8CVSS8.3AI score0.72681EPSS

cve•added 2016/07/22 2:59 a.m.•51 views

CVE-2016-4585

Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.

6.1CVSS6AI score0.01368EPSS

cve•added 2016/07/22 2:59 a.m.•46 views

CVE-2016-4588

WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.6AI score0.01001EPSS

cve•added 2016/07/22 2:59 a.m.•34 views

CVE-2016-4587

WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site.

6.5CVSS6.4AI score0.00699EPSS