Webkit
by Apple Inc.
Source repositories
CVEs (498)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-1813 | 0.04 | — | 0.10 | Sep 9, 2010 | WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines. | |||
| CVE-2010-1759 | 0.04 | — | 0.16 | Jun 11, 2010 | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the… | |||
| CVE-2004-0361 | 0.04 | — | 0.07 | Nov 23, 2004 | The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array. | |||
| CVE-2012-5851 | 0.03 | — | 0.02 | Nov 15, 2012 | html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a… | |||
| CVE-2011-0167 | 0.03 | — | 0.03 | Mar 11, 2011 | The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. | |||
| CVE-2009-1724 | 0.03 | — | 0.06 | Jul 9, 2009 | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top… | |||
| CVE-2008-5821 | 0.03 | — | 0.04 | Jan 2, 2009 | Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. | |||
| CVE-2011-1290 | 0.01 | — | 0.10 | Mar 11, 2011 | Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style… | |||
| CVE-2010-3812 | 0.01 | — | 0.07 | Nov 22, 2010 | Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute… | |||
| CVE-2010-1793 | 0.01 | — | 0.07 | Jul 30, 2010 | Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application… | |||
| CVE-2010-1789 | 0.01 | — | 0.06 | Jul 30, 2010 | Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. | |||
| CVE-2010-1774 | 0.01 | — | 0.07 | Jun 11, 2010 | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash)… | |||
| CVE-2010-1771 | 0.01 | — | 0.06 | Jun 11, 2010 | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts. | |||
| CVE-2010-1761 | 0.01 | — | 0.07 | Jun 11, 2010 | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document… | |||
| CVE-2010-1758 | 0.01 | — | 0.07 | Jun 11, 2010 | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range… | |||
| CVE-2010-1419 | 0.01 | — | 0.07 | Jun 11, 2010 | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a… | |||
| CVE-2010-1749 | 0.01 | — | 0.09 | Jun 11, 2010 | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading… | |||
| CVE-2010-1417 | 0.01 | — | 0.07 | Jun 11, 2010 | The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application… | |||
| CVE-2010-1415 | 0.01 | — | 0.07 | Jun 11, 2010 | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document,… | |||
| CVE-2010-1414 | 0.01 | — | 0.07 | Jun 11, 2010 | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild… |
- CVE-2010-1813Sep 9, 2010risk 0.04cvss —epss 0.10
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
- CVE-2010-1759Jun 11, 2010risk 0.04cvss —epss 0.16
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the…
- CVE-2004-0361Nov 23, 2004risk 0.04cvss —epss 0.07
The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array.
- CVE-2012-5851Nov 15, 2012risk 0.03cvss —epss 0.02
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a…
- CVE-2011-0167Mar 11, 2011risk 0.03cvss —epss 0.03
The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.
- CVE-2009-1724Jul 9, 2009risk 0.03cvss —epss 0.06
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top…
- CVE-2008-5821Jan 2, 2009risk 0.03cvss —epss 0.04
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.
- CVE-2011-1290Mar 11, 2011risk 0.01cvss —epss 0.10
Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style…
- CVE-2010-3812Nov 22, 2010risk 0.01cvss —epss 0.07
Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute…
- CVE-2010-1793Jul 30, 2010risk 0.01cvss —epss 0.07
Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application…
- CVE-2010-1789Jul 30, 2010risk 0.01cvss —epss 0.06
Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.
- CVE-2010-1774Jun 11, 2010risk 0.01cvss —epss 0.07
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash)…
- CVE-2010-1771Jun 11, 2010risk 0.01cvss —epss 0.06
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts.
- CVE-2010-1761Jun 11, 2010risk 0.01cvss —epss 0.07
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document…
- CVE-2010-1758Jun 11, 2010risk 0.01cvss —epss 0.07
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range…
- CVE-2010-1419Jun 11, 2010risk 0.01cvss —epss 0.07
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a…
- CVE-2010-1749Jun 11, 2010risk 0.01cvss —epss 0.09
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading…
- CVE-2010-1417Jun 11, 2010risk 0.01cvss —epss 0.07
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…
- CVE-2010-1415Jun 11, 2010risk 0.01cvss —epss 0.07
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document,…
- CVE-2010-1414Jun 11, 2010risk 0.01cvss —epss 0.07
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild…
Page 8 of 25