Next Page >>
Apple WebKit
Debian Security Advisory DSA-1950 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
December 12, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : webkit
Vulnerability : several
Problem type : remote (local)
Debian-specific: no
CVE Id : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698
CVE-2009-1711 CVE-2009-1712 CVE-2009-1725 CVE-2009-1714
Debian Security Advisory DSA-2188-1 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
March 10, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-1783 CVE-2010-2901 CVE-2010-4199 CVE-2010-4040 CVE-2010-4492 CVE-2010-4493 CVE-2010-4577 CVE-2010-4578 CVE-2010-0474 CVE-2011-0482 CVE-2011-0778
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2009-0945
Array index error in the insertItemBefore method in WebKit, as used in qt4-x11,
allows remote attackers to execute arbitrary code.
CVE-2009-1687
ZDI-10-152: Apple WebKit RTL LineBox Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-152
August 11, 2010
-- CVE ID:
CVE-2010-0049
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
ZDI-11-097: Apple Webkit setOuterText Memory Corruption Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-097
March 2, 2011
-- CVE ID:
CVE-2011-0116
-- CVSS:
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 10672.
For further product information on the TippingPoint IPS, visit:
ZDI-10-095: Apple Webkit DOCUMENT_POSITION_DISCONNECTED Attribute Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-095
June 8, 2010
-- CVE ID:
CVE-2010-1397
-- Affected Vendors:
Apple
ZDI-10-091: Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-091
June 8, 2010
-- CVE ID:
CVE-2010-1119
-- Affected Vendors:
Apple
ZDI-10-030: Apple WebKit CSS run-in Attribute Rendering Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-030
March 16, 2010
-- Affected Vendors:
Apple
Google
-- Affected Products:
Apple WebKit
ZDI-10-093: Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-093
June 8, 2010
-- CVE ID:
CVE-2010-1770
-- Affected Vendors:
Apple
ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-135
April 14, 2011
-- CVE ID:
CVE-2011-1344
-- CVSS:
ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-104
April 14, 2011
-- CVE ID:
CVE-2011-1290
-- CVSS:
ZDI-11-138: Webkit Undefined DOM Prototype Attach Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-138
April 19, 2011
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
ZDI-11-139 (formerly ZDI-CAN-1035): Webkit Anonymous Frame Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-139
April 19, 2011
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
ZDI-11-140 (formerly ZDI-CAN-1026): Webkit Detached Body Element Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-140
April 19, 2011
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
ZDI-11-241: Webkit setAttributes attributeChanged Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-241
July 27, 2011
-- CVE ID:
CVE-2011-0254
-- CVSS:
ZDI-10-154: Apple Webkit Button First-Letter Style Rendering Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-154
August 11, 2010
-- CVE ID:
CVE-2010-1392
-- Affected Vendors:
Apple
ZDI-10-142: Apple Webkit SVG First-Letter Style Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-142
August 5, 2010
-- CVE ID:
CVE-2010-1785
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
ZDI-10-029: Apple WebKit innerHTML element Substitution Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-029
March 15, 2010
-- CVE ID:
CVE-2010-0050
-- Affected Vendors:
Google
Apple
ZDI-10-097: Apple Webkit ContentEditable moveParagraphs Uninitialized Element Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-097
June 8, 2010
-- CVE ID:
CVE-2010-1398
-- Affected Vendors:
Apple
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple Safari's Webkit. User interaction is
required to exploit this vulnerability in that the target must visit a
ZDI-10-099: Apple Webkit ProcessInstruction Target Error Message Insertion Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-099
June 8, 2010
-- CVE ID:
CVE-2010-1403
-- Affected Vendors:
Apple
ZDI-10-098: Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-098
June 8, 2010
-- CVE ID:
CVE-2010-1401
-- Affected Vendors:
Apple
ZDI-10-144: Apple Webkit Rendering Counter Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-144
August 9, 2010
-- CVE ID:
CVE-2010-1784
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
ZDI-10-101: Apple Webkit SVG RadialGradiant Run-in Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-101
June 8, 2010
-- CVE ID:
CVE-2010-1749
-- Affected Vendors:
Apple
ZDI-10-153: Apple Webkit SVG Floating Text Element Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-153
August 11, 2010
-- CVE ID:
CVE-2010-1787
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
===========================================================
Ubuntu Security Notice USN-836-1 September 23, 2009
webkit vulnerabilities
CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698,
CVE-2009-1711, CVE-2009-1712, CVE-2009-1725
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
ZDI-10-100: Apple Webkit ConditionEventListener Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-100
June 8, 2010
-- CVE ID:
CVE-2010-1402
-- Affected Vendors:
Apple
ZDI-10-096: Apple Webkit Recursive Use Element Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-096
June 8, 2010
-- CVE ID:
CVE-2010-1404
-- Affected Vendors:
Apple
Name field of an X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408 (CVE-2009-2702).
The JavaScript garbage collector in WebKit in Apple Safari before
4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
through 2.2.1 does not properly handle allocation failures, which
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
HTML document that triggers write access to an offset of a NULL
Next Page>>
|
