VYPR

Wpe Webkit

by Webkitgtk

CVEs (35)

  • CVE-2012-3614Sep 13, 2012
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

  • CVE-2012-3683Jul 25, 2012
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

  • CVE-2012-3600Jul 25, 2012
    risk 0.00cvss epss 0.04

    WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

  • CVE-2011-0132Mar 3, 2011
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or…

  • CVE-2011-1059Feb 22, 2011
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that…

  • CVE-2010-1825Sep 24, 2010
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.

  • CVE-2010-1760Aug 19, 2010
    risk 0.00cvss epss 0.03

    loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.

  • CVE-2010-1386Aug 19, 2010
    risk 0.00cvss epss 0.02

    page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.

  • CVE-2010-1766Jul 22, 2010
    risk 0.00cvss epss 0.02

    Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have…

  • CVE-2010-0661Feb 18, 2010
    risk 0.00cvss epss 0.02

    WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.

  • CVE-2010-0659Feb 18, 2010
    risk 0.00cvss epss 0.03

    The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.

  • CVE-2010-0656Feb 18, 2010
    risk 0.00cvss epss 0.01

    WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other…

  • CVE-2010-0651Feb 18, 2010
    risk 0.00cvss epss 0.02

    WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to…

  • CVE-2010-0647Feb 18, 2010
    risk 0.00cvss epss 0.04

    WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a > sequence.

  • CVE-2008-6059Feb 5, 2009
    risk 0.00cvss epss 0.02

    xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls,…

Page 2 of 2