rpm package
almalinux/webkit2gtk3-jsc-devel
pkg:rpm/almalinux/webkit2gtk3-jsc-devel
Vulnerabilities (240)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-28857 | — | < 2.52.3-1.el8_10 | 2.52.3-1.el8_10 | Mar 25, 2026 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash. | ||
| CVE-2026-28871 | — | < 2.52.3-1.el8_10 | 2.52.3-1.el8_10 | Mar 25, 2026 | A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack. | ||
| CVE-2026-20643 | — | < 2.52.3-1.el8_10 | 2.52.3-1.el8_10 | Mar 17, 2026 | A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Proce | ||
| CVE-2026-20676 | Med | 5.3 | < 2.52.3-1.el8_10 | 2.52.3-1.el8_10 | Feb 11, 2026 | This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions. | |
| CVE-2026-20652 | Hig | 7.5 | < 2.52.3-1.el8_10 | 2.52.3-1.el8_10 | Feb 11, 2026 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service. | |
| CVE-2026-20644 | Med | 6.5 | < 2.52.3-1.el8_10 | 2.52.3-1.el8_10 | Feb 11, 2026 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. | |
| CVE-2026-20636 | Med | 6.5 | < 2.52.3-1.el8_10 | 2.52.3-1.el8_10 | Feb 11, 2026 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. | |
| CVE-2026-20635 | Med | 4.3 | < 2.52.3-1.el8_10 | 2.52.3-1.el8_10 | Feb 11, 2026 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected proces | |
| CVE-2026-20608 | Med | 5.5 | < 2.52.3-1.el8_10 | 2.52.3-1.el8_10 | Feb 11, 2026 | This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. | |
| CVE-2025-46299 | Med | 4.3 | < 2.52.3-1.el8_10 | 2.52.3-1.el8_10 | Jan 9, 2026 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app. | |
| CVE-2025-43536 | Med | 4.3 | < 2.50.4-1.el8_10 | 2.50.4-1.el8_10 | Dec 17, 2025 | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. | |
| CVE-2025-43531 | Low | 3.1 | < 2.50.4-1.el8_10 | 2.50.4-1.el8_10 | Dec 17, 2025 | A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected | |
| CVE-2025-43529 | Hig | 8.8 | KEV | < 2.50.4-1.el8_10 | 2.50.4-1.el8_10 | Dec 17, 2025 | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbit |
| CVE-2025-43535 | — | < 2.50.4-1.el8_10 | 2.50.4-1.el8_10 | Dec 17, 2025 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||
| CVE-2025-43541 | — | < 2.50.4-1.el8_10 | 2.50.4-1.el8_10 | Dec 17, 2025 | A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||
| CVE-2025-43501 | — | < 2.50.4-1.el8_10 | 2.50.4-1.el8_10 | Dec 17, 2025 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||
| CVE-2025-43511 | Med | 6.5 | < 2.52.3-1.el8_10 | 2.52.3-1.el8_10 | Dec 12, 2025 | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected pr | |
| CVE-2025-66287 | Hig | 8.8 | < 2.50.3-1.el8_10 | 2.50.3-1.el8_10 | Dec 4, 2025 | A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling. | |
| CVE-2025-13947 | Hig | 7.4 | < 2.50.3-1.el8_10 | 2.50.3-1.el8_10 | Dec 3, 2025 | A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside th | |
| CVE-2025-13502 | Hig | 7.5 | < 2.50.3-1.el8_10 | 2.50.3-1.el8_10 | Nov 25, 2025 | A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server. |
- CVE-2026-28857Mar 25, 2026affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2026-28871Mar 25, 2026affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack.
- CVE-2026-20643Mar 17, 2026affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Proce
- affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.
- affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service.
- affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
- affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
- affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected proces
- affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
- affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app.
- affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
- affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10
A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected
- affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbit
- CVE-2025-43535Dec 17, 2025affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2025-43541Dec 17, 2025affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
- CVE-2025-43501Dec 17, 2025affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
- affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected pr
- affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
- affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside th
- affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.
Page 2 of 12