Webkit Security Vulnerabilities and Issues — Webkit CVE List

Lucene search

AppleWebkit

105 matches found

CVE•added 2011/10/12 6:55 p.m.•134 views

CVE-2011-2813

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2011/07/21 11:55 p.m.•74 views

CVE-2011-0255

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•63 views

CVE-2011-1288

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/04/04 12:27 p.m.•63 views

CVE-2011-1425

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

5.1CVSS7.6AI score0.09898EPSS

CVE•added 2011/03/11 9:57 p.m.•62 views

CVE-2011-1290

Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets,...

10CVSS8.9AI score0.03547EPSS

CVE•added 2011/10/12 6:55 p.m.•60 views

CVE-2011-2352

7.6CVSS7.5AI score0.01016EPSS

CVE•added 2011/07/21 11:55 p.m.•59 views

CVE-2011-1797

9.3CVSS8.8AI score0.01413EPSS

CVE•added 2011/07/21 11:55 p.m.•58 views

CVE-2011-1453

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/10/12 6:55 p.m.•58 views

CVE-2011-2338

7.6CVSS7.5AI score0.01224EPSS

CVE•added 2011/07/21 11:55 p.m.•56 views

CVE-2011-0222

9.3CVSS8.8AI score0.58896EPSS

CVE•added 2011/10/12 6:55 p.m.•56 views

CVE-2011-3237

7.6CVSS7.5AI score0.01157EPSS

CVE•added 2011/07/21 11:55 p.m.•55 views

CVE-2011-0253

9.3CVSS8.8AI score0.02627EPSS

CVE•added 2011/10/12 6:55 p.m.•54 views

CVE-2011-2809

7.6CVSS7.5AI score0.01016EPSS

CVE•added 2011/03/03 8:0 p.m.•53 views

CVE-2011-0149

WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dang...

7.6CVSS9.2AI score0.01709EPSS

CVE•added 2011/07/21 11:55 p.m.•53 views

CVE-2011-0233

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•53 views

CVE-2011-1774

WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.

8.8CVSS6.7AI score0.81631EPSS

CVE•added 2011/10/12 6:55 p.m.•53 views

CVE-2011-2339

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2011/10/12 6:55 p.m.•53 views

CVE-2011-2341

7.6CVSS7.5AI score0.01224EPSS

CVE•added 2011/03/03 8:0 p.m.•52 views

CVE-2011-0122

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011...

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/11 10:55 p.m.•52 views

CVE-2011-0157

WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1.

7.5CVSS7.9AI score0.01607EPSS

CVE•added 2011/03/03 8:0 p.m.•52 views

CVE-2011-0164

7.6CVSS9.1AI score0.00937EPSS

CVE•added 2011/10/12 6:55 p.m.•52 views

CVE-2011-2354

7.6CVSS7.5AI score0.01016EPSS

CVE•added 2011/10/12 6:55 p.m.•52 views

CVE-2011-2356

7.6CVSS7.5AI score0.01016EPSS

CVE•added 2011/10/12 6:55 p.m.•52 views

CVE-2011-2831

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2011/03/03 8:0 p.m.•51 views

CVE-2011-0145

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/11 10:55 p.m.•51 views

CVE-2011-0166

The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778.

5.8CVSS8AI score0.00542EPSS

CVE•added 2011/07/21 11:55 p.m.•51 views

CVE-2011-1462

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/03/03 8:0 p.m.•50 views

CVE-2011-0130

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/11 10:55 p.m.•50 views

CVE-2011-0163

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.

4.3CVSS7.9AI score0.01049EPSS

CVE•added 2011/07/21 11:55 p.m.•50 views

CVE-2011-1457

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/10/12 6:55 p.m.•50 views

CVE-2011-3239

7.6CVSS7.5AI score0.01363EPSS

CVE•added 2011/03/03 8:0 p.m.•49 views

CVE-2011-0117

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/03 8:0 p.m.•49 views

CVE-2011-0120

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/03 8:0 p.m.•49 views

CVE-2011-0121

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/03 8:0 p.m.•49 views

CVE-2011-0125

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/03 8:0 p.m.•49 views

CVE-2011-0132

Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of se...

7.6CVSS9.2AI score0.01045EPSS

CVE•added 2011/03/03 8:0 p.m.•49 views

CVE-2011-0146

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/11 10:55 p.m.•49 views

CVE-2011-0160

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

5CVSS8.3AI score0.00423EPSS

CVE•added 2011/03/11 10:55 p.m.•49 views

CVE-2011-0167

The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.

4.3CVSS8.2AI score0.02629EPSS

CVE•added 2011/10/12 6:55 p.m.•49 views

CVE-2011-2820

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2011/03/03 8:0 p.m.•48 views

CVE-2011-0136

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/07/21 11:55 p.m.•48 views

CVE-2011-0218

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•48 views

CVE-2011-0235