This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2010-02-18
Product Webkit Last view 2010-08-19
Version r53524 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:apple:webkit

Activity : Overall

Related : CVE

  Date Alert Description
10 2010-08-19 CVE-2010-1760

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.

10 2010-08-19 CVE-2010-1386

page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.

9.3 2010-02-18 CVE-2010-0659

The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.

4.3 2010-02-18 CVE-2010-0651

WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

CWE : Common Weakness Enumeration

%idName
25% (1) CWE-399 Resource Management Errors
25% (1) CWE-264 Permissions, Privileges, and Access Controls
25% (1) CWE-255 Credentials Management
25% (1) CWE-200 Information Exposure

Open Source Vulnerability Database (OSVDB)

id Description
67296 WebKit WebCore loader/DocumentThreadableLoader.cpp XMLHttpRequest Implementat...
67295 WebKit WebCore page/Geolocation.cpp lastPosition Function Access Restriction ...
62462 Google Chrome WebKit Image Decoder Sandbox Malformed GIF File Arbitrary Code ...
62307 Google Chrome WebKit CSS Stylesheet Cross-origin Information Disclosure

OpenVAS Exploits

id Description
2011-03-07 Name : Mandriva Update for webkit MDVSA-2011:039 (webkit)
File : nvt/gb_mandriva_MDVSA_2011_039.nasl
2011-02-18 Name : Fedora Update for webkitgtk FEDORA-2011-1224
File : nvt/gb_fedora_2011_1224_webkitgtk_fc13.nasl
2011-01-11 Name : Fedora Update for webkitgtk FEDORA-2011-0121
File : nvt/gb_fedora_2011_0121_webkitgtk_fc13.nasl
2010-10-22 Name : Fedora Update for webkitgtk FEDORA-2010-15957
File : nvt/gb_fedora_2010_15957_webkitgtk_fc13.nasl
2010-10-22 Name : Fedora Update for webkitgtk FEDORA-2010-15982
File : nvt/gb_fedora_2010_15982_webkitgtk_fc12.nasl
2010-10-22 Name : Ubuntu Update for webkit vulnerabilities USN-1006-1
File : nvt/gb_ubuntu_USN_1006_1.nasl
2010-09-22 Name : Fedora Update for webkitgtk FEDORA-2010-14409
File : nvt/gb_fedora_2010_14409_webkitgtk_fc13.nasl
2010-09-22 Name : Fedora Update for webkitgtk FEDORA-2010-14419
File : nvt/gb_fedora_2010_14419_webkitgtk_fc12.nasl
2010-07-22 Name : FreeBSD Ports: webkit-gtk2
File : nvt/freebsd_webkit-gtk2.nasl
2010-03-31 Name : Fedora Update for qt FEDORA-2010-4518
File : nvt/gb_fedora_2010_4518_qt_fc12.nasl
2010-03-31 Name : Fedora Update for qt FEDORA-2010-4524
File : nvt/gb_fedora_2010_4524_qt_fc11.nasl
2010-02-22 Name : Google Chrome Multiple Vulnerabilities - (Win)
File : nvt/secpod_google_chrome_mult_vuln_win01.nasl

Nessus® Vulnerability Scanner

id Description
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_libwebkit-100723.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_libwebkit-110104.nasl - Type: ACT_GATHER_INFO
2011-05-05 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_libwebkit-110111.nasl - Type: ACT_GATHER_INFO
2011-03-03 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2011-039.nasl - Type: ACT_GATHER_INFO
2010-10-20 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1006-1.nasl - Type: ACT_GATHER_INFO
2010-09-21 Name: The remote Fedora host is missing a security update.
File: fedora_2010-14419.nasl - Type: ACT_GATHER_INFO
2010-09-16 Name: The remote Fedora host is missing a security update.
File: fedora_2010-14409.nasl - Type: ACT_GATHER_INFO
2010-07-19 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_19419b3b92bd11dfb1400015f2db7bde.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-4518.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-4521.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-4524.nasl - Type: ACT_GATHER_INFO
2010-01-26 Name: The remote host contains a web browser that is affected by multiple vulnerabi...
File: google_chrome_4_0_249_78.nasl - Type: ACT_GATHER_INFO