Webkit
by Apple Inc.
Source repositories
CVEs (498)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-4347 | 0.00 | — | 0.01 | Apr 3, 2019 | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4333 | 0.00 | — | 0.01 | Apr 3, 2019 | A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14. | |||
| CVE-2018-4307 | 0.00 | — | 0.01 | Apr 3, 2019 | A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12. | |||
| CVE-2018-4310 | 0.00 | — | 0.02 | Apr 3, 2019 | An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14. | |||
| CVE-2018-4293 | 0.00 | — | 0.01 | Apr 3, 2019 | A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | |||
| CVE-2018-4309 | 0.00 | — | 0.01 | Apr 3, 2019 | A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2019-8375 | 0.00 | — | 0.16 | Feb 24, 2019 | The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or… | |||
| CVE-2018-4208 | 0.00 | — | 0.02 | Jan 11, 2019 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | |||
| CVE-2018-4212 | 0.00 | — | 0.02 | Jan 11, 2019 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | |||
| CVE-2018-4210 | 0.00 | — | 0.02 | Jan 11, 2019 | In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. | |||
| CVE-2018-4186 | 0.00 | — | 0.01 | Jan 11, 2019 | In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation. | |||
| CVE-2018-4207 | 0.00 | — | 0.02 | Jan 11, 2019 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | |||
| CVE-2018-4209 | 0.00 | — | 0.02 | Jan 11, 2019 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | |||
| CVE-2015-7102 | 0.00 | — | 0.03 | Dec 11, 2015 | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,… | |||
| CVE-2015-7099 | 0.00 | — | 0.03 | Dec 11, 2015 | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,… | |||
| CVE-2015-7096 | 0.00 | — | 0.03 | Dec 11, 2015 | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,… | |||
| CVE-2015-7002 | 0.00 | — | 0.03 | Oct 23, 2015 | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit… | |||
| CVE-2015-6981 | 0.00 | — | 0.02 | Oct 23, 2015 | WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. | |||
| CVE-2015-5818 | 0.00 | — | 0.03 | Sep 18, 2015 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in… | |||
| CVE-2015-5817 | 0.00 | — | 0.03 | Sep 18, 2015 | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in… |
- CVE-2018-4347Apr 3, 2019risk 0.00cvss —epss 0.01
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
- CVE-2018-4333Apr 3, 2019risk 0.00cvss —epss 0.01
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
- CVE-2018-4307Apr 3, 2019risk 0.00cvss —epss 0.01
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.
- CVE-2018-4310Apr 3, 2019risk 0.00cvss —epss 0.02
An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
- CVE-2018-4293Apr 3, 2019risk 0.00cvss —epss 0.01
A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
- CVE-2018-4309Apr 3, 2019risk 0.00cvss —epss 0.01
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
- CVE-2019-8375Feb 24, 2019risk 0.00cvss —epss 0.16
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or…
- CVE-2018-4208Jan 11, 2019risk 0.00cvss —epss 0.02
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
- CVE-2018-4212Jan 11, 2019risk 0.00cvss —epss 0.02
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
- CVE-2018-4210Jan 11, 2019risk 0.00cvss —epss 0.02
In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.
- CVE-2018-4186Jan 11, 2019risk 0.00cvss —epss 0.01
In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation.
- CVE-2018-4207Jan 11, 2019risk 0.00cvss —epss 0.02
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
- CVE-2018-4209Jan 11, 2019risk 0.00cvss —epss 0.02
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
- CVE-2015-7102Dec 11, 2015risk 0.00cvss —epss 0.03
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…
- CVE-2015-7099Dec 11, 2015risk 0.00cvss —epss 0.03
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…
- CVE-2015-7096Dec 11, 2015risk 0.00cvss —epss 0.03
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095,…
- CVE-2015-7002Oct 23, 2015risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit…
- CVE-2015-6981Oct 23, 2015risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1.
- CVE-2015-5818Sep 18, 2015risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
- CVE-2015-5817Sep 18, 2015risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
Page 11 of 25