VYPR

Webkit

by Apple Inc.

Source repositories

CVEs (498)

  • CVE-2010-0659Feb 18, 2010
    risk 0.00cvss epss 0.03

    The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.

  • CVE-2010-0656Feb 18, 2010
    risk 0.00cvss epss 0.01

    WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other…

  • CVE-2010-0651Feb 18, 2010
    risk 0.00cvss epss 0.02

    WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to…

  • CVE-2010-0647Feb 18, 2010
    risk 0.00cvss epss 0.04

    WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a > sequence.

  • CVE-2009-2841Nov 13, 2009
    risk 0.00cvss epss 0.03

    The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which…

  • CVE-2009-1692Jun 19, 2009
    risk 0.00cvss epss 0.04

    WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement…

  • CVE-2009-1693Jun 10, 2009
    risk 0.00cvss epss 0.03

    WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."

  • CVE-2009-1685Jun 10, 2009
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an…

  • CVE-2008-3632Sep 11, 2008
    risk 0.00cvss epss 0.06

    Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import…

  • CVE-2008-1025Apr 17, 2008
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.

  • CVE-2008-1026Apr 17, 2008
    risk 0.00cvss epss 0.05

    Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a…

  • CVE-2008-1010Mar 19, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.

  • CVE-2008-1011Mar 19, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame.

  • CVE-2007-4701Nov 15, 2007
    risk 0.00cvss epss 0.00

    WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.

  • CVE-2007-4700Nov 15, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.

  • CVE-2006-4412Nov 30, 2006
    risk 0.00cvss epss 0.05

    WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects.

  • CVE-2005-3705Dec 1, 2005
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors.

  • CVE-2005-0976May 2, 2005
    risk 0.00cvss epss 0.02

    AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs.

Page 25 of 25