rpm package

almalinux/webkit2gtk3-jsc

pkg:rpm/almalinux/webkit2gtk3-jsc

Vulnerabilities (224)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2026-20691		—		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Mar 25, 2026	An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2026-20664		—		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Mar 25, 2026	The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20665		—		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Mar 25, 2026	This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Securit
CVE-2026-28859		—		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Mar 25, 2026	The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox.
CVE-2026-28857		—		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Mar 25, 2026	The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28871		—		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Mar 25, 2026	A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack.
CVE-2026-20643		—		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Mar 17, 2026	A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Proce
CVE-2026-20676	Med	5.3		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Feb 11, 2026	This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.
CVE-2026-20652	Hig	7.5		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Feb 11, 2026	The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service.
CVE-2026-20644	Med	6.5		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Feb 11, 2026	The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20636	Med	6.5		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Feb 11, 2026	The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20635	Med	4.3		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Feb 11, 2026	The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected proces
CVE-2026-20608	Med	5.5		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Feb 11, 2026	This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-46299	Med	4.3		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Jan 9, 2026	A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app.
CVE-2025-43536	Med	4.3		< 2.50.4-1.el8_10	2.50.4-1.el8_10	Dec 17, 2025	A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43531	Low	3.1		< 2.50.4-1.el8_10	2.50.4-1.el8_10	Dec 17, 2025	A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected
CVE-2025-43529	Hig	8.8	KEV	< 2.50.4-1.el8_10	2.50.4-1.el8_10	Dec 17, 2025	A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbit
CVE-2025-43535		—		< 2.50.4-1.el8_10	2.50.4-1.el8_10	Dec 17, 2025	The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43541		—		< 2.50.4-1.el8_10	2.50.4-1.el8_10	Dec 17, 2025	A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-43501		—		< 2.50.4-1.el8_10	2.50.4-1.el8_10	Dec 17, 2025	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2026-20691Mar 25, 2026
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2026-20664Mar 25, 2026
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20665Mar 25, 2026
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Securit
CVE-2026-28859Mar 25, 2026
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox.
CVE-2026-28857Mar 25, 2026
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28871Mar 25, 2026
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack.
CVE-2026-20643Mar 17, 2026
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Proce
CVE-2026-20676MedFeb 11, 2026
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.
CVE-2026-20652HigFeb 11, 2026
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service.
CVE-2026-20644MedFeb 11, 2026
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20636MedFeb 11, 2026
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20635MedFeb 11, 2026
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected proces
CVE-2026-20608MedFeb 11, 2026
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-46299MedJan 9, 2026
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app.
CVE-2025-43536MedDec 17, 2025
affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43531LowDec 17, 2025
affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10
A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected
CVE-2025-43529HigKEVDec 17, 2025
affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbit
CVE-2025-43535Dec 17, 2025
affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43541Dec 17, 2025
affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-43501Dec 17, 2025
affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Page 1 of 12