Search Results (Refine Search)
- Keyword (text search): WebKit
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-3113 |
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController. Published: August 24, 2010; 4:00:02 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2010-1760 |
loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150. Published: August 19, 2010; 6:00:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2010-1386 |
page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357. Published: August 19, 2010; 6:00:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-4976 |
Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. Published: August 02, 2010; 5:00:45 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-1793 |
Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document. Published: July 30, 2010; 4:30:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1792 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression. Published: July 30, 2010; 4:30:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1791 |
Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. Published: July 30, 2010; 4:30:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1790 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue." Published: July 30, 2010; 4:30:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1789 |
Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. Published: July 30, 2010; 4:30:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1788 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document. Published: July 30, 2010; 4:30:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1787 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document. Published: July 30, 2010; 4:30:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1786 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document. Published: July 30, 2010; 4:30:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1785 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. Published: July 30, 2010; 4:30:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1784 |
The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Published: July 30, 2010; 4:30:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1783 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Published: July 30, 2010; 4:30:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1782 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element. Published: July 30, 2010; 4:30:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1780 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus. Published: July 30, 2010; 4:30:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1766 |
Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. Published: July 22, 2010; 1:42:55 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2010-2441 |
WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295. Published: June 24, 2010; 1:30:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-1757 |
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document. Published: June 22, 2010; 4:30:01 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |