Webkit Security Vulnerabilities and Issues — Webkit CVE List

Lucene search

AppleWebkit

78 matches found

CVE•added 2017/07/20 4:29 p.m.•84 views

CVE-2017-7041

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote at...

9.3CVSS8.1AI score0.1308EPSS

CVE•added 2011/07/21 11:55 p.m.•75 views

CVE-2011-0255

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2010/06/11 7:30 p.m.•74 views

CVE-2010-1419

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close...

9.3CVSS9.1AI score0.10048EPSS

CVE•added 2010/11/22 1:0 p.m.•74 views

CVE-2010-3812

Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause...

9.3CVSS9.3AI score0.06675EPSS

CVE•added 2017/07/20 4:29 p.m.•74 views

CVE-2017-7042

9.3CVSS8.1AI score0.1308EPSS

Web

CVE•added 2010/07/30 8:30 p.m.•66 views

CVE-2010-1792

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.

9.3CVSS9.2AI score0.06539EPSS

CVE•added 2010/06/11 7:30 p.m.•65 views

CVE-2010-1770

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary ...

9.3CVSS8.7AI score0.11733EPSS

CVE•added 2010/07/30 8:30 p.m.•65 views

CVE-2010-1783

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory co...

9.3CVSS9.2AI score0.04924EPSS

CVE•added 2010/07/30 8:30 p.m.•65 views

CVE-2010-1784

The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of servi...

9.3CVSS9.2AI score0.04924EPSS

CVE•added 2011/07/21 11:55 p.m.•64 views

CVE-2011-1288

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2010/06/11 6:0 p.m.•62 views

CVE-2010-1401

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vec...

9.3CVSS9AI score0.08815EPSS

CVE•added 2010/07/30 8:30 p.m.•62 views

CVE-2010-1782

9.3CVSS9.3AI score0.06539EPSS

CVE•added 2011/07/21 11:55 p.m.•61 views

CVE-2011-1797

9.3CVSS8.8AI score0.01413EPSS

CVE•added 2010/06/11 6:0 p.m.•60 views

CVE-2010-1414

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.

9.3CVSS9.1AI score0.13965EPSS

CVE•added 2010/07/30 8:30 p.m.•60 views

CVE-2010-1785

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote atta...

9.3CVSS9.1AI score0.07555EPSS

CVE•added 2010/07/30 8:30 p.m.•60 views

CVE-2010-1786

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject elemen...

9.3CVSS9.1AI score0.06495EPSS

CVE•added 2011/07/21 11:55 p.m.•59 views

CVE-2011-1453

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2010/02/18 6:0 p.m.•58 views

CVE-2010-0647

WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a > sequence.

9.3CVSS9.2AI score0.10166EPSS

CVE•added 2010/06/11 6:0 p.m.•58 views

CVE-2010-1749

9.3CVSS8.6AI score0.12597EPSS

CVE•added 2010/06/11 7:30 p.m.•58 views

CVE-2010-1771

9.3CVSS8.7AI score0.08537EPSS

CVE•added 2010/11/22 1:0 p.m.•58 views

CVE-2010-3823

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this ...

9.3CVSS8.6AI score0.10426EPSS

CVE•added 2010/06/11 6:0 p.m.•57 views

CVE-2010-1396

9.3CVSS8.6AI score0.05901EPSS

CVE•added 2010/06/11 6:0 p.m.•57 views

CVE-2010-1402

Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, ...

9.3CVSS9.1AI score0.08815EPSS

CVE•added 2010/06/11 6:0 p.m.•57 views

CVE-2010-1417

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content ...

9.3CVSS8.9AI score0.08544EPSS

CVE•added 2010/06/11 7:30 p.m.•57 views

CVE-2010-1759

9.3CVSS8.7AI score0.48797EPSS

CVE•added 2010/11/22 1:0 p.m.•57 views

CVE-2010-3816

9.3CVSS8.6AI score0.10426EPSS

CVE•added 2011/07/21 11:55 p.m.•57 views

CVE-2011-0222

9.3CVSS8.8AI score0.48517EPSS

CVE•added 2010/06/11 6:0 p.m.•56 views

CVE-2010-1404

9.3CVSS9.2AI score0.12489EPSS

CVE•added 2010/06/11 7:30 p.m.•56 views

CVE-2010-1758

9.3CVSS8.7AI score0.13965EPSS

CVE•added 2010/07/30 8:30 p.m.•56 views

CVE-2010-1780

9.3CVSS9.1AI score0.06495EPSS

CVE•added 2010/07/30 8:30 p.m.•56 views

CVE-2010-1788

9.3CVSS9.3AI score0.06539EPSS

CVE•added 2011/07/21 11:55 p.m.•56 views

CVE-2011-0253

9.3CVSS8.8AI score0.02024EPSS

CVE•added 2007/07/23 4:30 p.m.•55 views

CVE-2007-3944

Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: t...

9.3CVSS7.4AI score0.36787EPSS

CVE•added 2010/07/30 8:30 p.m.•55 views

CVE-2010-1793

Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-f...

9.3CVSS9.3AI score0.41148EPSS

CVE•added 2010/06/11 6:0 p.m.•54 views

CVE-2010-1397

9.3CVSS8.7AI score0.12489EPSS

CVE•added 2010/06/11 6:0 p.m.•54 views

CVE-2010-1398

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft...

9.3CVSS8.8AI score0.05873EPSS

CVE•added 2010/06/11 6:0 p.m.•54 views

CVE-2010-1415

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API ...

9.3CVSS9AI score0.34318EPSS

CVE•added 2010/06/11 7:30 p.m.•54 views

CVE-2010-1761

9.3CVSS8.6AI score0.08374EPSS

CVE•added 2011/07/21 11:55 p.m.•54 views

CVE-2011-0233

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2010/02/18 6:0 p.m.•53 views

CVE-2010-0659

The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.

9.3CVSS8.8AI score0.06977EPSS

CVE•added 2010/06/11 6:0 p.m.•53 views

CVE-2010-1403

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application cras...

9.3CVSS9AI score0.1227EPSS

CVE•added 2010/06/11 6:0 p.m.•53 views

CVE-2010-1410

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.

9.3CVSS9.3AI score0.1969EPSS

CVE•added 2010/06/11 7:30 p.m.•53 views

CVE-2010-1774

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML d...

9.3CVSS8.6AI score0.05917EPSS

CVE•added 2010/07/30 8:30 p.m.•53 views

CVE-2010-1787

9.3CVSS9.3AI score0.06539EPSS

CVE•added 2010/07/30 8:30 p.m.•52 views

CVE-2010-1790

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (...

9.3CVSS9AI score0.03785EPSS

CVE•added 2010/07/30 8:30 p.m.•52 views

CVE-2010-1791

Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.

9.3CVSS9.1AI score0.10309EPSS

CVE•added 2010/11/22 1:0 p.m.•52 views

CVE-2010-3805

Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010...

9.3CVSS8.6AI score0.12024EPSS

CVE•added 2011/07/21 11:55 p.m.•52 views

CVE-2011-1457

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•52 views

CVE-2011-1462

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2010/11/22 1:0 p.m.•51 views

CVE-2010-3820

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a craf...

9.3CVSS8.6AI score0.02223EPSS

Total number of security vulnerabilities78