CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Webkit : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4592 399 DoS 2016-07-21 2016-07-26
7.1
None Remote Medium Not required None None Complete
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site.
2 CVE-2016-4591 284 2016-07-21 2016-07-26
7.8
None Remote Low Not required Complete None None
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
3 CVE-2016-4590 20 Bypass 2016-07-21 2016-07-26
4.3
None Remote Medium Not required None Partial None
WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
4 CVE-2016-4589 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.
5 CVE-2016-4588 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
6 CVE-2016-4587 119 Overflow +Info 2016-07-21 2016-07-26
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site.
7 CVE-2016-4586 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
8 CVE-2016-4585 79 XSS 2016-07-21 2016-07-26
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.
9 CVE-2016-4584 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
10 CVE-2016-4583 362 Bypass 2016-07-21 2016-07-26
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.
11 CVE-2014-1270 119 DoS Exec Code Overflow Mem. Corr. 2014-02-26 2014-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.
12 CVE-2014-1269 119 DoS Exec Code Overflow Mem. Corr. 2014-02-26 2014-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.
13 CVE-2014-1268 119 DoS Exec Code Overflow Mem. Corr. 2014-02-26 2014-02-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.
14 CVE-2013-5228 119 DoS Exec Code Overflow Mem. Corr. 2013-12-18 2014-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
15 CVE-2013-5225 119 DoS Exec Code Overflow Mem. Corr. 2013-12-18 2014-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
16 CVE-2013-5199 119 DoS Exec Code Overflow Mem. Corr. 2013-12-18 2014-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
17 CVE-2013-5198 119 DoS Exec Code Overflow Mem. Corr. 2013-12-18 2014-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
18 CVE-2013-5197 119 DoS Exec Code Overflow Mem. Corr. 2013-12-18 2014-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
19 CVE-2013-5196 119 DoS Exec Code Overflow Mem. Corr. 2013-12-18 2014-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
20 CVE-2013-5195 119 DoS Exec Code Overflow Mem. Corr. 2013-12-18 2013-12-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
21 CVE-2012-5851 79 XSS Bypass 2012-11-15 2012-11-19
4.3
None Remote Medium Not required None Partial None
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.
22 CVE-2012-0648 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
23 CVE-2012-0639 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
24 CVE-2012-0638 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
25 CVE-2012-0637 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
26 CVE-2012-0636 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
27 CVE-2012-0634 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
28 CVE-2011-4692 264 2011-12-07 2011-12-08
5.0
None Remote Low Not required Partial None None
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.
29 CVE-2011-3244 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
30 CVE-2011-3241 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
31 CVE-2011-3239 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
32 CVE-2011-3238 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
33 CVE-2011-3237 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
34 CVE-2011-3236 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
35 CVE-2011-3235 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
36 CVE-2011-3233 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
37 CVE-2011-2866 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
38 CVE-2011-2831 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
39 CVE-2011-2820 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
40 CVE-2011-2817 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
41 CVE-2011-2816 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
42 CVE-2011-2815 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
43 CVE-2011-2814 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
44 CVE-2011-2813 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
45 CVE-2011-2811 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
46 CVE-2011-2809 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
47 CVE-2011-2356 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
48 CVE-2011-2354 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
49 CVE-2011-2352 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
50 CVE-2011-2341 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Total number of vulnerabilities : 230   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.