CPE-BF495D82-0847-4485-91A9-2348F9AB7D91 Detail

CPE Details

Apple Webkit 106.2

Vendor

apple

Product

webkit

Version

106.2

Created

2009-04-24
17h04 +00:00

Modified

2009-04-24
17h04 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:apple:webkit:106.2:::::::*

Informations

Vendor

apple

Product

webkit

Version

106.2

Related CVE

Open and find in CVE List

CVE ID

Published

Description

Score

Severity

CVE-2016-4585

2016-07-21
23h00 +00:00

Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.

6.1

Medium

CVE-2016-4587

2016-07-21
23h00 +00:00

WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site.

6.5

Medium

CVE-2016-4588

2016-07-21
23h00 +00:00

WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8

High

CVE-2016-4589

2016-07-21
23h00 +00:00

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.

8.8

High

CVE-2016-4590

2016-07-21
23h00 +00:00

WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

5.4

Medium

CVE-2016-4591

2016-07-21
23h00 +00:00

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

7.5

High

CVE-2014-1268

2014-02-27
00h00 +00:00

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.

6.8

CVE-2014-1269

2014-02-27
00h00 +00:00

6.8

CVE-2014-1270

2014-02-27
00h00 +00:00

6.8

CVE-2013-5195

2013-12-18
10h00 +00:00

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8

CVE-2013-5196

2013-12-18
10h00 +00:00

6.8

CVE-2013-5197

2013-12-18
10h00 +00:00

6.8

CVE-2013-5198

2013-12-18
10h00 +00:00

6.8

CVE-2013-5199

2013-12-18
10h00 +00:00

6.8

CVE-2013-5225

2013-12-18
10h00 +00:00

6.8

CVE-2013-5228

2013-12-18
10h00 +00:00

6.8

CVE-2012-5851

2012-11-15
10h00 +00:00

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.

4.3

CVE-2011-2866

2012-03-08
21h00 +00:00

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

7.6

CVE-2012-0634

2012-03-08
21h00 +00:00

7.6

CVE-2012-0636

2012-03-08
21h00 +00:00

7.6

CVE-2012-0637

2012-03-08
21h00 +00:00

7.6

CVE-2012-0638

2012-03-08
21h00 +00:00

7.6

CVE-2012-0639

2012-03-08
21h00 +00:00

7.6

CVE-2012-0648

2012-03-08
21h00 +00:00

7.6

CVE-2011-4692

2011-12-07
18h00 +00:00

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.

CVE-2011-2338

2011-10-12
16h00 +00:00

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

7.6

CVE-2011-2339

2011-10-12
16h00 +00:00

7.6

CVE-2011-2341

2011-10-12
16h00 +00:00

7.6

CVE-2011-2352

2011-10-12
16h00 +00:00

7.6

CVE-2011-2354

2011-10-12
16h00 +00:00

7.6

CVE-2011-2356

2011-10-12
16h00 +00:00

7.6

CVE-2011-2809

2011-10-12
16h00 +00:00

7.6

CVE-2011-2811

2011-10-12
16h00 +00:00

7.6

CVE-2011-2813

2011-10-12
16h00 +00:00

7.6

CVE-2011-2814

2011-10-12
16h00 +00:00

7.6

CVE-2011-2815

2011-10-12
16h00 +00:00

7.6

CVE-2011-2816

2011-10-12
16h00 +00:00

7.6

CVE-2011-2817

2011-10-12
16h00 +00:00

7.6

CVE-2011-2820

2011-10-12
16h00 +00:00

7.6

CVE-2011-2831

2011-10-12
16h00 +00:00

7.6

CVE-2011-3233

2011-10-12
16h00 +00:00

7.6

CVE-2011-3235

2011-10-12
16h00 +00:00

7.6

CVE-2011-3236

2011-10-12
16h00 +00:00

7.6

CVE-2011-3237

2011-10-12
16h00 +00:00

7.6

CVE-2011-3238

2011-10-12
16h00 +00:00

7.6

CVE-2011-3239

2011-10-12
16h00 +00:00

7.6

CVE-2011-3241

2011-10-12
16h00 +00:00

7.6

CVE-2011-3244

2011-10-12
16h00 +00:00

7.6

CVE-2011-0219

2011-07-21
23h00 +00:00

Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.

5.8

CVE-2011-0244

2011-07-21
23h00 +00:00

WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds.

4.3

CVE-2011-0218

2011-07-21
21h00 +00:00

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3

CVE-2011-0221

2011-07-21
21h00 +00:00

9.3

CVE-2011-0222

2011-07-21
21h00 +00:00

9.3

CVE-2011-0223

2011-07-21
21h00 +00:00

9.3

CVE-2011-0225

2011-07-21
21h00 +00:00

9.3

CVE-2011-0232

2011-07-21
21h00 +00:00

9.3

CVE-2011-0233

2011-07-21
21h00 +00:00

9.3

CVE-2011-0234

2011-07-21
21h00 +00:00

9.3

CVE-2011-0235

2011-07-21
21h00 +00:00

9.3

CVE-2011-0237

2011-07-21
21h00 +00:00

9.3

CVE-2011-0238

2011-07-21
21h00 +00:00

9.3

CVE-2011-0240

2011-07-21
21h00 +00:00

9.3

CVE-2011-0242

2011-07-21
21h00 +00:00

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username.

4.3

CVE-2011-0253

2011-07-21
21h00 +00:00

9.3

CVE-2011-0254

2011-07-21
21h00 +00:00

9.3

CVE-2011-0255

2011-07-21
21h00 +00:00

9.3

CVE-2011-1288

2011-07-21
21h00 +00:00

9.3

CVE-2011-1453

2011-07-21
21h00 +00:00

9.3

CVE-2011-1457

2011-07-21
21h00 +00:00

9.3

CVE-2011-1462

2011-07-21
21h00 +00:00

9.3

CVE-2011-1774

2011-07-21
21h00 +00:00

WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.

8.8

CVE-2011-1797

2011-07-21
21h00 +00:00

9.3

CVE-2011-1425

2011-04-02
23h00 +00:00

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

5.1

CVE-2011-0157

2011-03-11
21h00 +00:00

WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1.

7.5

CVE-2011-0160

2011-03-11
21h00 +00:00

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

CVE-2011-0161

2011-03-11
21h00 +00:00

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.

4.3

CVE-2011-0163

2011-03-11
21h00 +00:00

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.

4.3

CVE-2011-0166

2011-03-11
21h00 +00:00

The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778.

5.8

CVE-2011-0167

2011-03-11
21h00 +00:00

The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.

4.3

CVE-2011-0169

2011-03-11
21h00 +00:00

WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.

2.6

CVE-2011-1290

2011-03-11
20h00 +00:00

Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.

CVE-2011-0111

2011-03-03
18h00 +00:00

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

7.6

CVE-2011-0112

2011-03-03
18h00 +00:00

7.6

CVE-2011-0113

2011-03-03
18h00 +00:00

7.6

CVE-2011-0114

2011-03-03
18h00 +00:00

7.6

CVE-2011-0115

2011-03-03
18h00 +00:00

The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

7.6

CVE-2011-0116

2011-03-03
18h00 +00:00

Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

7.6

CVE-2011-0117

2011-03-03
18h00 +00:00

7.6

CVE-2011-0118

2011-03-03
18h00 +00:00

7.6

CVE-2011-0119

2011-03-03
18h00 +00:00

7.6

CVE-2011-0120

2011-03-03
18h00 +00:00

7.6

CVE-2011-0121

2011-03-03
18h00 +00:00

7.6

CVE-2011-0122

2011-03-03
18h00 +00:00

7.6

CVE-2011-0123

2011-03-03
18h00 +00:00

7.6

CVE-2011-0124

2011-03-03
18h00 +00:00

7.6

CVE-2011-0125

2011-03-03
18h00 +00:00

7.6

CVE-2011-0126

2011-03-03
18h00 +00:00

7.6

CVE-2011-0127

2011-03-03
18h00 +00:00

7.6

CVE-2011-0128

2011-03-03
18h00 +00:00

7.6

CVE-2011-0129

2011-03-03
18h00 +00:00

7.6

CVE-2011-0130

2011-03-03
18h00 +00:00

7.6

CVE-2011-0131

2011-03-03
18h00 +00:00

7.6

CVE-2011-0132

2011-03-03
18h00 +00:00

Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

7.6

CVE-2011-0133

2011-03-03
18h00 +00:00

WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

7.6

CVE-2011-0134

2011-03-03
18h00 +00:00

7.6

CVE-2011-0135

2011-03-03
18h00 +00:00

7.6

CVE-2011-0136

2011-03-03
18h00 +00:00

7.6

CVE-2011-0137

2011-03-03
18h00 +00:00

7.6

CVE-2011-0138

2011-03-03
18h00 +00:00

7.6

CVE-2011-0139

2011-03-03
18h00 +00:00

7.6

CVE-2011-0140

2011-03-03
18h00 +00:00

7.6

CVE-2011-0141

2011-03-03
18h00 +00:00

7.6

CVE-2011-0142

2011-03-03
18h00 +00:00

7.6

CVE-2011-0143

2011-03-03
18h00 +00:00

7.6

CVE-2011-0144

2011-03-03
18h00 +00:00

7.6

CVE-2011-0145

2011-03-03
18h00 +00:00

7.6

CVE-2011-0146

2011-03-03
18h00 +00:00

7.6

CVE-2011-0147

2011-03-03
18h00 +00:00

7.6

CVE-2011-0148

2011-03-03
18h00 +00:00

7.6

CVE-2011-0149

2011-03-03
18h00 +00:00

WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

7.6

CVE-2011-0150

2011-03-03
18h00 +00:00

7.6

CVE-2011-0151

2011-03-03
18h00 +00:00

7.6

CVE-2011-0152

2011-03-03
18h00 +00:00

7.6

CVE-2011-0153

2011-03-03
18h00 +00:00

7.6

CVE-2011-0155

2011-03-03
18h00 +00:00

7.6

CVE-2011-0156

2011-03-03
18h00 +00:00

7.6

CVE-2011-0164

2011-03-03
18h00 +00:00

7.6

CVE-2011-0165

2011-03-03
18h00 +00:00

7.6

CVE-2011-0168

2011-03-03
18h00 +00:00

7.6

CVE-2010-3803

2010-11-20
20h00 +00:00

Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string.

9.3

CVE-2010-3804

2010-11-20
20h00 +00:00

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.

CVE-2010-3805

2010-11-20
20h00 +00:00

Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254.

9.3

CVE-2010-3808

2010-11-20
20h00 +00:00

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

9.3

CVE-2010-3809

2010-11-20
20h00 +00:00

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

9.3

CVE-2010-3810

2010-11-20
20h00 +00:00

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack.

4.3

CVE-2010-3811

2010-11-20
20h00 +00:00

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes.

9.3

CVE-2010-3812

2010-11-20
20h00 +00:00

Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects.

9.3

CVE-2010-3813

2010-11-20
20h00 +00:00

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.

5.8

CVE-2010-3816

2010-11-20
20h00 +00:00

9.3

CVE-2010-3817

2010-11-20
20h00 +00:00

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

9.3

CVE-2010-3818

2010-11-20
20h00 +00:00

9.3

CVE-2010-3819

2010-11-20
20h00 +00:00

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

9.3

CVE-2010-3820

2010-11-20
20h00 +00:00

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

9.3

CVE-2010-3821

2010-11-20
20h00 +00:00

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

9.3

CVE-2010-3822

2010-11-20
20h00 +00:00

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

9.3

CVE-2010-3823

2010-11-20
20h00 +00:00

9.3

CVE-2010-3824

2010-11-20
20h00 +00:00

9.3

CVE-2010-3826

2010-11-20
20h00 +00:00

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

9.3

CVE-2010-1386

2010-08-19
18h00 +00:00

page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.

CVE-2010-1760

2010-08-19
18h00 +00:00

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.

CVE-2010-1778

2010-07-30
18h00 +00:00

Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.

4.3

CVE-2010-1780

2010-07-30
18h00 +00:00

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus.

9.3

CVE-2010-1782

2010-07-30
18h00 +00:00

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element.

9.3

CVE-2010-1783

2010-07-30
18h00 +00:00

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

9.3

CVE-2010-1784

2010-07-30
18h00 +00:00

The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

9.3

CVE-2010-1785

2010-07-30
18h00 +00:00

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.

9.3

CVE-2010-1786

2010-07-30
18h00 +00:00

9.3

CVE-2010-1787

2010-07-30
18h00 +00:00

9.3

CVE-2010-1788

2010-07-30
18h00 +00:00

9.3

CVE-2010-1789

2010-07-30
18h00 +00:00

Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.

9.3

CVE-2010-1790

2010-07-30
18h00 +00:00

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue."

9.3

CVE-2010-1791

2010-07-30
18h00 +00:00

Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.

9.3

CVE-2010-1792

2010-07-30
18h00 +00:00

9.3

CVE-2010-1793

2010-07-30
18h00 +00:00

Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document.

9.3

CVE-2010-1796

2010-07-30
18h00 +00:00

The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.

2.6

CVE-2010-2441

2010-06-24
15h00 +00:00

WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295.

4.3

CVE-2010-0544

2010-06-11
17h00 +00:00

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL.

4.3

CVE-2010-1418

2010-06-11
17h00 +00:00

4.3

CVE-2010-1419

2010-06-11
17h00 +00:00

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation.

9.3

CVE-2010-1421

2010-06-11
17h00 +00:00

The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document.

4.3

CVE-2010-1758

2010-06-11
17h00 +00:00

9.3

CVE-2010-1759

2010-06-11
17h00 +00:00

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method.

9.3

CVE-2010-1761

2010-06-11
17h00 +00:00

9.3

CVE-2010-1762

2010-06-11
17h00 +00:00

4.3

CVE-2010-1764

2010-06-11
17h00 +00:00

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.

4.3

CVE-2010-1770

2010-06-11
17h00 +00:00

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."

9.3

CVE-2010-1771

2010-06-11
17h00 +00:00

9.3

CVE-2010-1774

2010-06-11
17h00 +00:00

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

9.3

CVE-2010-2264

2010-06-11
17h00 +00:00

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document.

4.3

CVE-2010-1388

2010-06-11
15h28 +00:00

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document.

4.3

CVE-2010-1389

2010-06-11
15h28 +00:00

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection.

4.3

CVE-2010-1390

2010-06-11
15h28 +00:00

4.3

CVE-2010-1391

2010-06-11
15h28 +00:00

Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL.

4.3

CVE-2010-1392

2010-06-11
15h28 +00:00

9.3

CVE-2010-1393

2010-06-11
15h28 +00:00

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.

4.3

CVE-2010-1394

2010-06-11
15h28 +00:00

4.3

CVE-2010-1395

2010-06-11
15h28 +00:00

4.3

CVE-2010-1396

2010-06-11
15h28 +00:00

9.3

CVE-2010-1397

2010-06-11
15h28 +00:00

9.3

CVE-2010-1398

2010-06-11
15h28 +00:00

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element.

9.3

CVE-2010-1399

2010-06-11
15h28 +00:00

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

9.3

CVE-2010-1400

2010-06-11
15h28 +00:00

9.3

CVE-2010-1401

2010-06-11
15h28 +00:00

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element.

9.3

CVE-2010-1402

2010-06-11
15h28 +00:00

Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object.

9.3

CVE-2010-1403

2010-06-11
15h28 +00:00

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.

9.3

CVE-2010-1404

2010-06-11
15h28 +00:00

9.3

CVE-2010-1405

2010-06-11
15h28 +00:00

9.3

CVE-2010-1406

2010-06-11
15h28 +00:00

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.

4.3

CVE-2010-1408

2010-06-11
15h28 +00:00

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099.

4.3

CVE-2010-1409

2010-06-11
15h28 +00:00

Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.

5.8

CVE-2010-1410

2010-06-11
15h28 +00:00

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.

9.3

CVE-2010-1412

2010-06-11
15h28 +00:00

9.3

CVE-2010-1413

2010-06-11
15h28 +00:00

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

CVE-2010-1414

2010-06-11
15h28 +00:00

9.3

CVE-2010-1415

2010-06-11
15h28 +00:00

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."

9.3

CVE-2010-1416

2010-06-11
15h28 +00:00

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue."

4.3

CVE-2010-1417

2010-06-11
15h28 +00:00

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.

9.3

CVE-2010-1422

2010-06-11
15h28 +00:00

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document.

4.3

CVE-2010-1749

2010-06-11
15h28 +00:00

9.3

CVE-2010-1729

2010-05-05
12h00 +00:00

WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes sequences in an infinite loop.

4.3

CVE-2010-1126

2010-03-26
19h00 +00:00

The JavaScript implementation in WebKit allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.

5.8

CVE-2010-0647

2010-02-18
16h19 +00:00

WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a > sequence.

9.3
CVE-2010-0651	2010-02-18 16h19 +00:00	WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.	4.3
CVE-2010-0656	2010-02-18 16h19 +00:00	WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.	4.3
CVE-2010-0659	2010-02-18 16h19 +00:00	The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.	9.3
CVE-2008-1025	2008-04-17 15h00 +00:00	Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.	4.3
CVE-2007-3944	2007-07-23 14h00 +00:00	Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.	9.3

Apple Webkit 106.2

CPE Details

CPE Name: cpe:2.3:a:apple:webkit:106.2:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:apple:webkit:106.2:::::::*