Webkit

webkit

11 CVEs • 3 products

Products (3)

Click to collapse

Toggle

CVEs (11)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-9952 2Apple Webkit 7Icloud IpadosIphone Os+4 more Nov 21, 2024 Oct 16, 2020 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing m...Show more An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.Show less
CVE-2020-9951 3Apple DebianWebkit 9Debian Linux IcloudIpados+6 more Nov 21, 2024 Oct 16, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-9948 3Apple DebianWebkit 3Debian Linux SafariWebkitgtk+ Nov 21, 2024 Oct 16, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4209 3Apple CanonicalWebkit 8Icloud Iphone OsItunes+5 more Nov 21, 2024 Jan 11, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed wit...Show more In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.Show less
CVE-2018-12294 1Webkit 1Webkitgtk+ Nov 21, 2024 Jun 19, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.
CVE-2016-9643 1Webkit 1Webkit May 13, 2026 Mar 7, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +)...Show more The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).Show less
CVE-2016-9642 1Webkit 1Webkit May 13, 2026 Feb 3, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file.
CVE-2010-1766 2Digia Webkit 2Qt Webkit Apr 29, 2026 Jul 22, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to caus...Show more Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid.Show less
CVE-2009-3933 1Webkit 1Webkit Apr 23, 2026 Nov 12, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an inco...Show more WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions.Show less
CVE-2008-6059 1Webkit 1Webkit Apr 23, 2026 Feb 5, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitiv...Show more xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.Show less
CVE-2008-1590 1Webkit 1Javascriptcore Apr 23, 2026 Jul 14, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (ap...Show more JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317.Show less