VYPR

rpm package

almalinux/webkit2gtk3

pkg:rpm/almalinux/webkit2gtk3

Vulnerabilities (240)

  • CVE-2026-28857Mar 25, 2026
    affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2026-28871Mar 25, 2026
    affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10

    A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack.

  • CVE-2026-20643Mar 17, 2026
    affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10

    A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Proce

  • CVE-2026-20676MedFeb 11, 2026
    affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10

    This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.

  • CVE-2026-20652HigFeb 11, 2026
    affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service.

  • CVE-2026-20644MedFeb 11, 2026
    affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2026-20636MedFeb 11, 2026
    affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2026-20635MedFeb 11, 2026
    affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected proces

  • CVE-2026-20608MedFeb 11, 2026
    affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10

    This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-46299MedJan 9, 2026
    affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10

    A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app.

  • CVE-2025-43536MedDec 17, 2025
    affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43531LowDec 17, 2025
    affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10

    A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected

  • CVE-2025-43529HigKEVDec 17, 2025
    affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbit

  • CVE-2025-43535Dec 17, 2025
    affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43541Dec 17, 2025
    affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10

    A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  • CVE-2025-43501Dec 17, 2025
    affected < 2.50.4-1.el8_10fixed 2.50.4-1.el8_10

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43511MedDec 12, 2025
    affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected pr

  • CVE-2025-66287HigDec 4, 2025
    affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10

    A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

  • CVE-2025-13947HigDec 3, 2025
    affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10

    A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside th

  • CVE-2025-13502HigNov 25, 2025
    affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10

    A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.

Page 2 of 12