Vulnerabilities > Webkit
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-9952 | Cross-site Scripting vulnerability in multiple products An input validation issue was addressed with improved input validation. | 7.1 |
| 2020-10-16 | CVE-2020-9951 | Use After Free vulnerability in multiple products A use after free issue was addressed with improved memory management. | 6.8 |
| 2020-10-16 | CVE-2020-9948 | Type Confusion vulnerability in multiple products A type confusion issue was addressed with improved memory handling. | 6.8 |
| 2019-01-11 | CVE-2018-4209 | Improper Input Validation vulnerability in multiple products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. | 8.8 |
| 2018-06-19 | CVE-2018-12294 | Use After Free vulnerability in Webkit Webkitgtk+ WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object. | 6.8 |
| 2017-03-07 | CVE-2016-9643 | Resource Exhaustion vulnerability in Webkit 2.4.11 The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis). | 5.0 |
| 2017-02-03 | CVE-2016-9642 | Out-of-bounds Read vulnerability in Webkit JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file. | 4.3 |
| 2010-07-22 | CVE-2010-1766 | Numeric Errors vulnerability in multiple products Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. | 7.5 |
| 2009-11-12 | CVE-2009-3933 | Resource Management Errors vulnerability in Webkit 2.4.11 WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions. | 5.0 |
| 2009-02-05 | CVE-2008-6059 | Permissions, Privileges, and Access Controls vulnerability in Webkit xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. | 5.0 |