Search Results (Refine Search)
- Keyword (text search): WebKit
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-4730 |
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735. Published: September 25, 2016; 6:59:34 AM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-4729 |
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731. Published: September 25, 2016; 6:59:33 AM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-4728 |
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site. Published: September 25, 2016; 6:59:32 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-4611 |
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735. Published: September 25, 2016; 6:59:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-5164 |
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)." Published: September 11, 2016; 6:59:20 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-5161 |
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class. Published: September 11, 2016; 6:59:17 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-5150 |
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects. Published: September 11, 2016; 6:59:05 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-4657 |
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Published: August 25, 2016; 5:59:02 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-5137 |
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution. Published: July 23, 2016; 3:59:20 PM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-5135 |
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element. Published: July 23, 2016; 3:59:18 PM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-5127 |
Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element. Published: July 23, 2016; 3:59:09 PM -0400 |
V3.0: 7.5 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-1711 |
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Published: July 23, 2016; 3:59:07 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-1710 |
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Published: July 23, 2016; 3:59:06 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-4651 |
Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability. Published: July 21, 2016; 11:00:09 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-4624 |
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623. Published: July 21, 2016; 10:59:44 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-4623 |
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624. Published: July 21, 2016; 10:59:43 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-4622 |
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624. Published: July 21, 2016; 10:59:42 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-4592 |
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site. Published: July 21, 2016; 10:59:15 PM -0400 |
V3.0: 6.5 MEDIUM V2.0: 7.1 HIGH |
CVE-2016-4591 |
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. Published: July 21, 2016; 10:59:14 PM -0400 |
V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2016-4590 |
WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Published: July 21, 2016; 10:59:13 PM -0400 |
V3.0: 5.4 MEDIUM V2.0: 4.3 MEDIUM |