Vulnerabilities > Webkit > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-9951 | Use After Free vulnerability in multiple products A use after free issue was addressed with improved memory management. | 6.8 |
| 2020-10-16 | CVE-2020-9948 | Type Confusion vulnerability in multiple products A type confusion issue was addressed with improved memory handling. | 6.8 |
| 2018-06-19 | CVE-2018-12294 | Use After Free vulnerability in Webkit Webkitgtk+ WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object. | 6.8 |
| 2017-03-07 | CVE-2016-9643 | Resource Exhaustion vulnerability in Webkit 2.4.11 The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis). | 5.0 |
| 2017-02-03 | CVE-2016-9642 | Out-of-bounds Read vulnerability in Webkit JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file. | 4.3 |
| 2009-11-12 | CVE-2009-3933 | Resource Management Errors vulnerability in Webkit 2.4.11 WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions. | 5.0 |
| 2009-02-05 | CVE-2008-6059 | Permissions, Privileges, and Access Controls vulnerability in Webkit xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. | 5.0 |
| 2008-07-14 | CVE-2008-1590 | Resource Management Errors vulnerability in Webkit Javascriptcore JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317. | 6.8 |