VYPR

Vendor CVEs

Webkitgtk

All CVEs

118 total · sorted by risk
  • CVE-2025-43343CriSep 15, 2025
    risk 0.64cvss 9.8epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43342CriSep 15, 2025
    risk 0.64cvss 9.8epss 0.01

    A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2018-12911CriJul 19, 2018
    risk 0.64cvss 9.8epss 0.02

    WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.

  • CVE-2017-1000121CriNov 1, 2017
    risk 0.64cvss 9.8epss 0.01

    The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect…

  • CVE-2010-4204CriNov 6, 2010
    risk 0.64cvss 9.8epss 0.02

    WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2010-4197CriNov 6, 2010
    risk 0.64cvss 9.8epss 0.02

    Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.

  • CVE-2018-12293HigJun 19, 2018
    risk 0.61cvss 8.8epss 0.11

    The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer…

  • CVE-2017-2373HigFeb 20, 2017
    risk 0.61cvss 8.8epss 0.06

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2017-2369HigFeb 20, 2017
    risk 0.61cvss 8.8epss 0.06

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2016-1727HigFeb 1, 2016
    risk 0.58cvss 8.8epss 0.04

    WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.

  • CVE-2025-66287HigDec 4, 2025
    risk 0.57cvss 8.8epss 0.00

    A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

  • CVE-2018-12294HigJun 19, 2018
    risk 0.57cvss 8.8epss 0.02

    WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.

  • CVE-2018-11646HigJun 1, 2018
    risk 0.57cvss 7.5epss 0.69

    webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.

  • CVE-2017-2356HigFeb 20, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote…

  • CVE-2017-2355HigFeb 20, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote…

  • CVE-2017-2354HigFeb 20, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote…

  • CVE-2016-1859HigMay 20, 2016
    risk 0.57cvss 8.8epss 0.03

    The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

  • CVE-2016-1857HigMay 20, 2016
    risk 0.57cvss 8.8epss 0.03

    WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and…

  • CVE-2016-1856HigMay 20, 2016
    risk 0.57cvss 8.8epss 0.03

    WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and…

  • CVE-2016-1854HigMay 20, 2016
    risk 0.57cvss 8.8epss 0.03

    WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and…

  • CVE-2016-1783HigMar 24, 2016
    risk 0.57cvss 8.8epss 0.03

    WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

  • CVE-2016-1724HigFeb 1, 2016
    risk 0.57cvss 8.8epss 0.03

    WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727.

  • CVE-2010-4206HigNov 6, 2010
    risk 0.57cvss 8.8epss 0.03

    Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute…

  • CVE-2010-4198HigNov 6, 2010
    risk 0.57cvss 8.8epss 0.01

    WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML…

  • CVE-2010-1773HigSep 24, 2010
    risk 0.57cvss 8.8epss 0.02

    Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application…

  • CVE-2010-1772HigSep 24, 2010
    risk 0.57cvss 8.8epss 0.02

    Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to…

  • CVE-2017-2360HigFeb 20, 2017
    risk 0.54cvss 7.8epss 0.04

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a…

  • CVE-2025-13502HigNov 25, 2025
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.

  • CVE-2018-11712HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.

  • CVE-2015-2330HigMar 10, 2017
    risk 0.49cvss 7.5epss 0.02

    Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.

  • CVE-2016-9643HigMar 7, 2017
    risk 0.49cvss 7.5epss 0.03

    The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).

  • CVE-2010-4577HigDec 22, 2010
    risk 0.49cvss 7.5epss 0.02

    The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which…

  • CVE-2025-13947HigDec 3, 2025
    risk 0.48cvss 7.4epss 0.00

    A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside…

  • CVE-2017-2365MedFeb 20, 2017
    risk 0.46cvss 6.5epss 0.07

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive…

  • CVE-2017-2363MedFeb 20, 2017
    risk 0.46cvss 6.5epss 0.07

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin…

  • CVE-2024-23284MedMar 8, 2024
    risk 0.42cvss 6.5epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content…

  • CVE-2024-23280MedMar 8, 2024
    risk 0.42cvss 6.5epss 0.01

    An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.

  • CVE-2024-23263MedMar 8, 2024
    risk 0.42cvss 6.5epss 0.01

    A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security…

  • CVE-2024-23254MedMar 8, 2024
    risk 0.42cvss 6.5epss 0.01

    The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin.

  • CVE-2018-11713MedJun 4, 2018
    risk 0.42cvss 6.5epss 0.02

    WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be…

  • CVE-2017-2350MedFeb 20, 2017
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive…

  • CVE-2016-4592MedJul 22, 2016
    risk 0.42cvss 6.5epss 0.02

    WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site.

  • CVE-2016-1858MedMay 20, 2016
    risk 0.42cvss 6.5epss 0.02

    WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.

  • CVE-2024-27834MedMay 14, 2024
    risk 0.36cvss 5.5epss 0.01

    The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

  • CVE-2017-1000122MedNov 1, 2017
    risk 0.35cvss 5.3epss 0.01

    The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products.

  • CVE-2016-4583LowJul 22, 2016
    risk 0.20cvss 3.1epss 0.02

    WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.

  • CVE-2019-8720KEVMar 6, 2023
    risk 0.12cvss epss 0.02

    A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

  • CVE-2010-1807Sep 10, 2010
    risk 0.08cvss epss 0.61

    WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted…

  • CVE-2012-5851Nov 15, 2012
    risk 0.03cvss epss 0.02

    html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a…

  • CVE-2010-3812Nov 22, 2010
    risk 0.01cvss epss 0.07

    Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute…

Page 1 of 3