Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Webkit
Total 258 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-1394 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments.
CVE-2010-1393 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 4.3 MEDIUM N/A
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.
CVE-2010-1392 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 9.3 HIGH N/A
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style.
CVE-2010-1391 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 4.3 MEDIUM N/A
Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL.
CVE-2010-1390 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document.
CVE-2010-1389 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection.
CVE-2010-1388 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 4.3 MEDIUM N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document.
CVE-2010-1386 1 Apple 1 Webkit 2024-11-21 10.0 HIGH N/A
page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.
CVE-2010-1126 1 Apple 1 Webkit 2024-11-21 5.8 MEDIUM N/A
The JavaScript implementation in WebKit allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.
CVE-2010-0661 2 Apple, Google 2 Webkit, Chrome 2024-11-21 6.8 MEDIUM N/A
WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.
CVE-2010-0659 2 Apple, Google 2 Webkit, Chrome 2024-11-21 9.3 HIGH N/A
The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.
CVE-2010-0656 2 Apple, Google 2 Webkit, Chrome 2024-11-21 4.3 MEDIUM N/A
WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.
CVE-2010-0651 2 Apple, Google 3 Safari, Webkit, Chrome 2024-11-21 4.3 MEDIUM N/A
WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
CVE-2010-0647 2 Apple, Google 2 Webkit, Chrome 2024-11-21 9.3 HIGH N/A
WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence.
CVE-2010-0544 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL.
CVE-2008-1025 1 Apple 2 Safari, Webkit 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.
CVE-2007-3944 1 Apple 3 Iphone Os, Safari, Webkit 2024-11-21 9.3 HIGH N/A
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.
CVE-2007-0342 2 Apple, Omnigroup 4 Mac Os X, Safari, Webkit and 1 more 2024-11-21 4.3 MEDIUM N/A
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.