Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Filtered by product Webkit
Total 258 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-1399 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 9.3 HIGH N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
CVE-2010-1400 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 9.3 HIGH N/A
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements.
CVE-2010-1405 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 9.3 HIGH N/A
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.
CVE-2010-1406 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 4.3 MEDIUM N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.
CVE-2010-1408 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 4.3 MEDIUM N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099.
CVE-2010-1409 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 5.8 MEDIUM N/A
Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.
CVE-2010-1410 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 9.3 HIGH N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.
CVE-2010-1412 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 9.3 HIGH N/A
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.
CVE-2010-1413 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 5.0 MEDIUM N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVE-2010-1414 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 9.3 HIGH N/A
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.
CVE-2010-1415 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 9.3 HIGH N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."
CVE-2010-1416 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 4.3 MEDIUM N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue."
CVE-2010-1417 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 9.3 HIGH N/A
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.
CVE-2010-1418 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces.
CVE-2010-1419 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 9.3 HIGH N/A
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation.
CVE-2010-1421 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 4.3 MEDIUM N/A
The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document.
CVE-2010-1796 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 2.6 LOW N/A
The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.
CVE-2010-1793 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 9.3 HIGH N/A
Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document.
CVE-2010-1792 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 9.3 HIGH N/A
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.
CVE-2010-1791 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2017-09-18 9.3 HIGH N/A
Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.