National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): WebKit
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 1,173 matching records.
Displaying matches 1161 through 1173.
Vuln ID Summary CVSS Severity
CVE-2007-4700

Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.

Published: November 14, 2007; 09:46:00 PM -05:00
    V2: 7.5 HIGH
CVE-2007-4701

WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.

Published: November 14, 2007; 09:46:00 PM -05:00
    V2: 2.1 LOW
CVE-2007-2408

WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page.

Published: August 03, 2007; 04:17:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2007-3742

WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks.

Published: August 03, 2007; 04:17:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2007-3944

Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.

Published: July 23, 2007; 12:30:00 PM -04:00
    V2: 9.3 HIGH
CVE-2007-2399

WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.

Published: June 25, 2007; 03:30:00 PM -04:00
    V2: 9.3 HIGH
CVE-2007-0342

WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.

Published: January 17, 2007; 09:28:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2006-4412

WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects.

Published: November 30, 2006; 11:28:00 AM -05:00
    V2: 6.8 MEDIUM
CVE-2006-3505

WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.

Published: August 02, 2006; 09:04:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-3946

WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag.

Published: July 31, 2006; 07:04:00 PM -04:00
    V2: 7.5 HIGH
CVE-2005-3705

Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors.

Published: November 30, 2005; 09:07:00 PM -05:00
    V2: 7.5 HIGH
CVE-2005-2522

Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.

Published: August 19, 2005; 12:00:00 AM -04:00
    V2: 5.1 MEDIUM
CVE-2005-0976

AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM