Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Webkit
Total 258 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3811 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes.
CVE-2010-3810 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 4.3 MEDIUM N/A
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack.
CVE-2010-3809 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
CVE-2010-3808 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
CVE-2010-3805 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254.
CVE-2010-3804 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 5.0 MEDIUM N/A
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.
CVE-2010-3803 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string.
CVE-2010-2441 1 Apple 1 Webkit 2024-11-21 4.3 MEDIUM N/A
WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295.
CVE-2010-2264 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 4.3 MEDIUM N/A
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document.
CVE-2010-1796 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 2.6 LOW N/A
The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.
CVE-2010-1793 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document.
CVE-2010-1792 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.
CVE-2010-1791 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.
CVE-2010-1790 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue."
CVE-2010-1789 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.
CVE-2010-1788 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document.
CVE-2010-1787 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document.
CVE-2010-1786 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document.
CVE-2010-1785 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.
CVE-2010-1784 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.